CREDENTIAL ANALYSIS FOR SECURITY CONFIGURATION ON CUSTOM ANDROID ROM

Authors

  • Joseph Teguh Santoso Universitas Sains dan Teknologi Komputer
  • Fujiama Diapoldo Silalahi Universitas Sains dan Teknologi Komputer
  • Laksamana Rajendra Haidar Universitas Sains dan Teknologi Komputer

DOI:

https://doi.org/10.51903/jtie.v1i3.149

Keywords:

Credential Analysis, Android, Security Configuration, Android Customization.

Abstract

Android is an operating system with open source and consists of several layers, with the different layers its duties and responsibilities. Various parties in the customization chain such as device vendors such as Samsung, Xiaomi, Oppo, Huawei, and others, operators such as Telkomsel, Smartfren, XL, etc., and hardware manufacturers can customize one or more layers to adapt devices for different purposes, such as supporting specific hardware and providing different interfaces and services.

The purpose of this study was to investigate systematically for any inconsistencies that arose as a result of the processes involved in this study and to assess their various security implications. This research runs DroidDiff to perform a substantial-balance diverse investigation on images collected by the analytical methodology. DroidDiff found a lot of differences when it comes to the selected features. The method used in this study is the method of five differential analysis algorithms. As a result, by comparing the security configurations of similar figures, important security changes that could be accidentally introduced during customization can be found.

The results show that DroidDiff can be used by vendors to check the configuration of various security features in a given image. DroidDiff will extract those features from the image, and compare them to other image configuration sets, then DroidDiff will flag the inconsistent ones for further investigation by vendors who have the source code and tools to check their effect. For future work, improvements to DroidDiff to more accurately detect risky inconsistencies are highly recommended. Improving DroidDiff will help reduce the number of false positives and determine risky configurations more accurately.

References

A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y. Weiss, “Andromaly: a Behavioral Malware Detection Framework for Android Devices,” Journal of Intelligent Information Systems archive Volume 38 Issue 1, 2012.
AP Felt, HJ Wang, A. Moshchuk, S. Hanna, and E. Chin, “Permission re-delegation: attacks and defenses,” in Proceedings of the 20th USENIX conference on Security symposium, 2011.
B. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy, “Android Permissions: A Perspective Combining Risks and Benefits,” SACMAT, 2012.
D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, and K. Rieck, “Drebin: Effective and explainable detection of android malware in your pocket.,” in NDSS, The Internet Society, 2014.
D. Feth and C. Jung, Context-Aware, Data-Driven Policy Enforcement for Smart Mobile Devices in Business Environments, pp. 69–80. Berlin, Heidelberg: Springer Berlin Heidelberg, 2012.
DR Thomas, AR Beresford, and A. Rice, “Security metrics for the android ecosystem,” in Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM '15, (New York, NY, USA ), pp. 87–98, ACM, 2015.
G. Russello, B. Crispo, E. Fernandes, and Y. Zhauniarovich, “Yaase: Yet another android security extension,” in Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third International Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on, pp. 1033–1040, 2011.
H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy, “Using probabilistic generative models for ranking risks of android apps,” in Proceedings of the 2012 ACM conference on Computer and communications security, 2012.
I. Burguera, U. Zurutuza, and S. Nadijm-Tehrani, “Crowdroid: Behavior-Based Malware Detection System for Android.,” SPSM, 2011.
J. Huang, X. Zhang, L. Tan, P. Wang, and B. Liang, “Asdroid: Detecting stealthy behaviors in android applications by the user interface and program behavior contradiction,” in Proceedings of the 36th International Conference on Software Engineering, ICSE 2014, (New York, NY, USA), pp. 1036–1046, ACM, 2014.
K. Tam, SJ Khan, A. Fattori, and L. Cavallaro, “Copperdroid: Automatic reconstruction of android malware behaviors.,” in NDSS, The Internet Society, 2015.
KZ Chen, NM Johnson, V. D'Silva, S. Dai, K. MacNamara, TR Magrino, EX Wu, M. Rinard, and DX Song, “Contextual policy enforcement in android applications with permission event graphs.,” in NDSS, The Internet Society, 2013.
L. Wu, M. Grace, Y. Zhou, C. Wu, and X. Jiang, “The impact of vendor customizations on android security,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS '13, (New York, NY, USA), pp. 623–634, ACM, 2013.
L. Xing, X. Pan, R. Wang, K. Yuan, and X. Wang, “Upgrading your android, elevating my malware: Privilege escalation through mobile os updating,” in Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP '14, (Washington, DC, USA), pp. 393–408, IEEE Computer Society, 2014.
LK Yan and H. Yin, “Droidscope: seamlessly reconstructing the os and Dalvik semantic views for dynamic android malware analysis,” in Proceedings of the 21st USENIX conference on Security symposium, 2012.
M. Lindorfer, M. Neugschw, L. Weichselbaum, Y. Fratantonio, VVD Veen, and C. Platzer, “Andrubis- 1,000,000 apps later: A view on current android malware behaviors,” in International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, 2014.
M. Mitchell, G. Tian, and Z. Wang, “Systematic audit of third-party android phones,” in Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, CODASPY '14, (New York, NY, USA ), pp. 175–186, ACM, 2014.
M. Spreitzenbarth, F. Freiling, F. Echtler, T. Schreck, and J. Hoffmann, “Mobile-sandbox: Having a deeper look into android applications,” in Proceedings of the 28th Annual ACM Symposium on Applied Computing, SAC '13, (New York, NY, USA), pp. 1808–1815, ACM, 2013.
M. Zhang and H. Yin, “Appsealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in android applications,” in NDSS, 2014.
M. Zhang and H. Yin, “Efficient, context-aware privacy leakage confinement for android applications without firmware modding,” in Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS '14, (New York, NY, USA), pp. 259–270, ACM, 2014.
M. Zhang, Y. Duan, H. Yin, and Z. Zhao, “Semantics-aware android malware classification using weighted contextual API dependency graphs,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, (New York, NY, USA), pp. 1105–1116, ACM, 2014.
MC Grace, Y. Zhou, Z. Wang, and X. Jiang, “Systematic detection of capability leaks in stock android smartphones,” in 19th Annual Network and Distributed System Security Symposium, NDSS 2012, San Diego, California, USA, February 5 -8, 2012, 2012.
MI Gordon, D. Kim, J. Perkins, L. Gilham, N. Nguyen, and M. Rinard, “Information-flow analysis of android applications in droidsafe,” 2015.
MY Wong and D. Lie, “Intellidroid: A targeted input generator for the dynamic analysis of android malware,” in NDSS, 2016.
P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall, “These aren't the droids you're looking for: Retrofitting android to protect data from imperious applications,” in Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, (New York, NY, USA), pp. 639–652, ACM, 2011.
P. Pearce, AP Felt, G. Nunez, and D. Wagner, “AdDroid: Privilege Separation for Applications and Advertisers in Android,” in Proceedings of the 7th ACM Symposium on Information, Computer, and Communications Security, 2012.
R. Gallo, P. Hongo, R. Dahab, LC Navarro, H. Kawakami, K. Galvão, G. Junqueira, and L. Ribeiro, “Security and system architecture: Comparison of android customizations,” in Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, WiSec '15,(New York, NY, USA), pp. 12:1–12:6, ACM, 2015.
S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel, “Flowdroid: Precise context, flow, field, object- sensitive and lifecycle-aware taint analysis for android apps,” in Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '14, (New York, NY, USA), pp. 259–269, ACM, 2014.
S. Bugiel, L. Davi, A. Dmitrienko, S. Heuser, A. -R. Sadeghi, and B. Shastry, “Practical and lightweight domain isolation on android,” in Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, 2011.
S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A. -R. Sadeghi, “Xmandroid: A new android evolution to mitigate privilege escalation attacks,” tech. rep., Technische UniversitÃÂČÂâĆňt Darmstadt, 2011.
S. Bugiel, S. Heuser, and A. -R. Sadeghi, “Flexible and fine-grained mandatory access control on android for diverse security and privacy policies,” in Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13), (Washington, DC), pp. 131–146, USENIX, 2013.
S. Jana and V. Shmatikov, “Memento: Learning secrets from process footprints,” in Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP '12, (Washington, DC, USA), pp. 143–157, IEEE Computer Society, 2012.
S. Rasthofer, S. Arzt, M. Miltenberger, and E. Bodden, “Harvesting runtime values in android applications that feature anti-analysis techniques,” in NDSS, 2016.
S. Shekhar, M. Dietz, and DS Wallach, “Adsplit: Separating smartphone advertising from applications,” in Proceedings of the 21st USENIX Conference on Security Symposium, Security'12, (Berkeley, CA, USA), pp. 28–28, USENIX Association, 2012.
S. Smalley and R. Craig, “Security enhanced (SE) Android: Bringing Flexible MAC to android,” in 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24-27, 2013, 2013.
W. Enck, P. Gilbert, S. Han, V. Tendulkar, B. -G. Chun, LP Cox, J. Jung, P. McDaniel, and AN Sheth, “Taintdroid: An information-flow tracking system for real-time privacy monitoring on smartphones,” ACM Trans. Comput. Syst., vol.32, pp. 5:1–5:29, June 2014.
W. Yang, X. Xiao, B. Andow, S. Li, T. Xie, and W. Enck, “App context: Differentiating malicious and benign mobile app behaviors using context,” in Proceedings of the 37th International Conference on Software Engineering - Volume 1, ICSE '15, (Piscataway, NJ, USA), pp. 303–313, IEEE Press, 2015.
X. Zhou, S. Demetriou, D. He, M. Naveed, X. Pan, X. Wang, CA Gunter, and M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and DS Wallach, “Quire: Lightweight provenance for smartphone operating systems,” in 20th USENIX Security Symposium, (San Francisco, CA), Aug. 2011.
X. Zhou, Y. Lee, N. Zhang, M. Naveed, and X. Wang, “The peril of fragmentation: Security hazards in android device driver customizations,” in 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA.
Y. Fratantonio, A. Bianchi, W. Robertson, E. Kirda, C. Kruegel, G. Vigna, S. Uc, and Barbara, “Triggerscope: Towards detecting logic bombs in android applications,” in S&P, 2016.
Y. Zhang, M. Yang, B. Xu, Z. Yang, G. Gu, P. Ning, XS Wang, and B. Zang, “Vetting undesirable behaviors in android apps with permission use analysis,” in CCS, (New York, NY, USA), ACM, 2013.
Y. Zhou and X. Jiang, “Detecting passive content leaks and pollution in android applications,” in 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24-27, 2013,2013.
Y. Zhou, X. Zhang, X. Jiang, and VW Freeh, “Taming information-stealing smartphone applications (on android),” in Proceedings of the 4th International Conference on Trust and Trustworthy Computing, TRUST'11, (Berlin, Heidelberg ), pp. 93–107, Springer-Verlag, 2011.
Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, “Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets,” NDSS, 2012.
Z. Fang, W. Han, D. Li, Z. Guo, D. Guo, XS Wang, Z. Qian, and H. Chen, “revdroid: Code analysis of the side effects after dynamic permission revocation of android apps,” in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS '16, (New York, NY, USA), pp. 747–758, ACM, 2016.

Downloads

Published

2022-12-22

How to Cite

CREDENTIAL ANALYSIS FOR SECURITY CONFIGURATION ON CUSTOM ANDROID ROM. (2022). Journal of Technology Informatics and Engineering, 1(3), 49-66. https://doi.org/10.51903/jtie.v1i3.149