Projects

My app, My way

Android apps provide useful functions. However, some apps request too many permissions. Some of these permission are unnecessary, and some of them are needed to perform functions that the user doesn't care about (such as advertising).

The user may reduce permissions in a number of ways:

  • Remove permissions from the manifest.
  • Replace the API calls that require the permissions with methods that return failure.
  • Replace the API calls that require the permissions with methods that return fake data.

As a result of the above transformations, an app may:
  • Crash.
  • Run but have different behavior (e.g., different output or UI)
  • Run and behave the same as before the transformation.

Your task is to:
  • Implement the transformations.
  • Develop a tool to determine the impact of the transformation on a set of apps either fully automatically or semi-automatically.
Challenge: how to compare the behavior of two similar apps automatically? How to identify the differences?

Visual similarity detection of Android apps

Android markets suggest similar apps based on textual descriptions. However, from the user's perspective, similar apps have similar behavior or UI, i.e., visual similarity. A tool for detecting visually similar apps can not only suggest similar apps automatically without the need for textual description but also detect phishing apps.

GreaseMonkey

Greasemonkey (https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/), one of the top four most popular extensions for Firefox, provides a flexible framework to custom a web page by a small piece of JavaScript. Similarly, scriptish (http://scriptish.org/) and native support from Chrome can also achieve the same functionality. However, due to lack of effective management of their script repository ( http://userscripts.org), many vulnerabilities exist for Greasemonkey.
We categorize them into those following cases:

  • Privilege escalation.
    Say, for example, a Greasemonkey script has an eval function that takes an un-sanitized input, thus leading to a web page script with Greasemonkey privilege. The script can further fetch gmail page with the user’s account, since Greasemonkey scripts do not need to obey SOP.
  • Privacy Leaks.
    A Greasemonkey script can steal users’ confidential information such as cookies and useful web page contents and send them to a third-party entity.
  • Spamming.
    A Greasemonkey script can provice spamming material to the user.
Therefore, in this project, we want the students to perform the following tasks:

Attacking Floodlight OpenFlow Controller

The architecture of OpenFlow determines that controller is the Achilles heel of the entire system. There is no doubt that full access to the controller can result in full compromise of the network. However, further investigation suggests that limited access to few functionalities still enables a good deal of attacks. This means that, a compromised user that has limited access to the controller can also cause significant security issue in a network.

In this project, you are expected to implement a number of exploits into FloodLight, a open-source OpenFlow controller platform, with your home-made modules. The attacks include arbitrary packet sniffing, policy bypass, sensitive information leakage and black hole attack, as described below.

  • Arbitrary packet sniffing.
    Attacker has access to the packet header (and possibly the payload if receive buffer is full or configured to do so) in packet-in message received from OpenFlow switch. The sniffed packet can then be insert back via packet-out message, possibly with modification.

  • Policy bypass.
    Attacker can easily bypass the security policy through dynamic-flow tunneling, which evades an existing security enforcement device by modifying the packet header via modification rules at both ends of the tunnel. For example, if a firewall blocks the TCP traffic to all ports except port 80, the attacker can create a dynamic-flow tunnel for the attack flow through the firewall disguised as web traffic.

  • An compromised app can access through the controller API and leak out a variety of sensitive information, such as network flow tables and device configurations.
    The information can be sent out via all kinds of communication channels provided by the OS, such as network connection, storage and other running processes via inter-process communication. OF controller maintains a variety of sensitive information, such as network flow tables and device configurations, which is otherwise invisible outside the control plane. An compromised app can access all the information through the controller/app API. The app can also send the information out through network connection, storage and other running processes via inter-process communication. Such information like flow tables and device model may enable the conduction of security analysis of OF rules and specific attacks towards certain model of switch or software.

  • Black hole attack.
    Attacker can manipulate flows stealthily through an entire data-plane approach. Assuming the attack controls a host within the OpenFlow network, the attack is able to route a desired flow to the controlled host before arriving the destination. If no host is controlled, the attacker can even create a dynamic-flow tunnel to a controlled destination outside the OpenFlow network. The controlled host can then conduct any manin-the-middle attacks. If the attacker simply drops the desired packets, it becomes black hole attack.