ebook img

Enhanced Android Security to prevent Privilege Escalation - TUM PDF

104 Pages·2013·1 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Enhanced Android Security to prevent Privilege Escalation - TUM

¨ ¨ FAKULTAT FUR INFORMATIK DERTECHNISCHENUNIVERSITA¨TMU¨NCHEN Bachelorarbeit in Informatik Enhanced Android Security to prevent Privilege Escalation Janosch Maier ¨ ¨ FAKULTAT FUR INFORMATIK DERTECHNISCHENUNIVERSITA¨TMU¨NCHEN Bachelorarbeit in Informatik Enhanced Android Security to prevent Privilege Escalation Gesteigerte Android Sicherheit zur Verhinderung von Rechteerweiterung Author: Janosch Maier Supervisor: Prof. Dr. Uwe Baumgarten Advisor: Nils Kannengießer, M.Sc. Dipl.-Phys., Robert Konopka Date: September 16, 2013 I assure the single-handed composition of this bachelor’s thesis is only supported by declaredsources. Mu¨nchen,September16,2013 JanoschMaier Acknowledgments While working on this thesis I relied on the work of many other people. Without theirwork,thisthesiswouldhaveneverbeenpossibleinthisform. IthanktheAndroiddevelopercommunityfortheirdocumentationonAndroid. Work- ing with Android is much fun. This would not be the case, if there was no such doc- umentation. When I encountered problems while creating SELinux policies for the N8000,IalwaysgothelpontheSEforAndroidmailinglist. I am grateful that Robert Konopka offered me space to write this thesis at zertisa. He pushedmeforward,whenImisestimatedtheeffortofsomework. Theatmosphereat zertisasimplifiedmywork. Writingthesthesiswouldhavebeenmuchharderwithout themotivationandknowledgeexchangewithallcolleaguesthere. Many thanks go to the operating systems chair at the computer science department at the Technische Universita¨t Mu¨nchen, especially Prof. Uwe Baumgarten and Nils Kannengießer. They welcomed my idea of a thesis about privilege escalation on An- droid. Nils Kannengießer accompanied me during the writing process and provided feedbackthatwascrucialtothesuccessofthisthesis. ManythanksgoestoKassiBurnett,TimoLamprecht,AlexanderPilger,DanielSchosser, KyleSpencerandMartinZehetmayerwhoreviewedthethesisandindicatederrorsor passagesthatwerenotunderstandable. EnhancedAndroidSecuritytopreventPrivilegeEscalation vii Abstract With Android leading the consumer market of smartphones and tablets, Android security does not effect only end users anymore. IT security management has to deal with android devices in their companies and may even implement them into their in- ternalworkflow. ManydifferentAndroidversionsandadiversityofdifferentdevices offerattackvectors. Androidwasdesignedwithsecurityinmind. Neverthelessthere existsabroadrangeofavailableexploits. PrivilegeescalationisaproblemforAndroid users,assensitiveinformationisstoredonmostdevices. The assessment of available exploits shows the need for security measures. These are supposed to prevent exploits and mitigate their effects. Virtualization based on containerscanisolateinformationstoredonAndroidsystems. Withseveralcontainers ononedevice,amultibootenvironmentallowstheusertostoredataofdifferentsensi- tivitylevelsseparately. Onecontainercancontainforbusinessdataandberestrictedin itsusage. Anothercontainercancontainaprivatesystemwithallthefeaturesknown from a traditional Android device. Without access between the containers, malware in the private system cannot harm any data on the business system. To ensure, that it is not possible to break out of a container, a hardened kernel is needed. Restriction of setuid and the use of Security Enhanced Linux (SELinux) can prevent root exploits. To increase the security within one container a user verification dialogue can prevent unauthorizeduseoftheInterProcessCommunication(IPC). We evaluated the current state of Android security by creating exploits, that could leak sensitive data without internet permissions. Furthermore, we used a root ex- ploittobreakoutofacontainerandpackagedtheexploitintoanAndroidapplication (app). To prevent malware to obtain root permissions, a SELinux enabled version of CyanogenModwasinstalledonaSamsungN8000. Thispreventedtherootexploitapp togainsuperuserpermissions. Evenwhenthepermissionsweregranted,theappwas notabletoretrievesensitivedataasbefore. Following the findings in this thesis we propose to pursue the idea of a SELinux enabledAndroidmultibootsystemforenterprises. Fortraditionalsystemstheuseof SELinuxshallbepushedaswell. Fordeviceswithenabledroodaccess,closecollabora- tionbetweenappdevelopersandAndroidimagebuilderssuchasOriginalEquipment Manufacturers(OEMs)isneeded. EnhancedAndroidSecuritytopreventPrivilegeEscalation ix

Description:
Sep 16, 2013 Gesteigerte Android Sicherheit zur Verhinderung von I assure the single- handed composition of this bachelor's thesis is only supported by 2.2.2. Vertical privilege escalation. Vertical privilege escalation means that .. Typical device management operations such as deletion in case
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.