My app, My way
Android apps provide useful functions. However, some apps request too
many permissions. Some of these permission are unnecessary, and some
of them are needed to perform functions that the user doesn't care
about (such as advertising).
The user may reduce permissions in a number of ways:
- Remove permissions from the manifest.
- Replace the API calls that require the permissions with methods that
return failure.
- Replace the API calls that require the permissions with methods that
return fake data.
As a result of the above transformations, an app may:
- Crash.
- Run but have different behavior (e.g., different output or UI)
- Run and behave the same as before the transformation.
Your task is to:
- Implement the transformations.
- Develop a tool to determine the impact of the transformation on a
set of apps either fully automatically or semi-automatically.
Challenge: how to compare the behavior of two similar apps
automatically? How to identify the differences?
Visual similarity detection of Android apps
Android markets suggest similar apps based on textual descriptions.
However, from the user's perspective, similar apps have similar
behavior or UI, i.e., visual similarity. A tool for detecting
visually similar apps can not only suggest similar apps automatically
without the need for textual description but also detect phishing
apps.
GreaseMonkey
Greasemonkey (https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/),
one of the top four most popular extensions for Firefox, provides a
flexible framework to custom a web page by a small piece of
JavaScript. Similarly, scriptish (http://scriptish.org/) and native
support from Chrome can also achieve the same functionality. However,
due to lack of effective management of their script repository (
http://userscripts.org), many vulnerabilities exist for Greasemonkey.
We categorize them into those following cases:
- Privilege escalation.
Say, for example, a Greasemonkey script has an eval function that
takes an un-sanitized input, thus leading to a web page script with
Greasemonkey privilege. The script can further fetch gmail page with
the user’s account, since Greasemonkey scripts do not need to obey
SOP.
- Privacy Leaks.
A Greasemonkey script can steal users’ confidential information such
as cookies and useful web page contents and send them to a third-party
entity.
- Spamming.
A Greasemonkey script can provice spamming material to the user.
Therefore, in this project, we want the students to perform the following tasks:
Attacking Floodlight OpenFlow Controller
The architecture of OpenFlow determines that controller is the
Achilles heel of the entire system. There is no doubt that full access
to the controller can result in full compromise of the network.
However, further investigation suggests that limited access to few
functionalities still enables a good deal of attacks. This means that,
a compromised user that has limited access to the controller can also
cause significant security issue in a network.
In this project, you are expected to implement a number of exploits
into FloodLight, a open-source OpenFlow controller platform, with your
home-made modules. The attacks include arbitrary packet sniffing,
policy bypass, sensitive information leakage and black hole attack, as
described below.
- Arbitrary packet sniffing.
Attacker has access to the packet
header (and possibly the payload if receive buffer is full or
configured to do so) in packet-in message received from OpenFlow
switch. The sniffed packet can then be insert back via packet-out
message, possibly with modification.
- Policy bypass.
Attacker can easily bypass the security policy
through dynamic-flow tunneling, which evades an existing security
enforcement device by modifying the packet header via modification
rules at both ends of the tunnel. For example, if a firewall blocks
the TCP traffic to all ports except port 80, the attacker can create a
dynamic-flow tunnel for the attack flow through the firewall disguised
as web traffic.
- An compromised app can access through the controller API and leak
out a variety of sensitive information, such as network flow tables
and device configurations.
The information can be sent out via all
kinds of communication channels provided by the OS, such as network
connection, storage and other running processes via inter-process
communication. OF controller maintains a variety of sensitive
information, such as network flow tables and device configurations,
which is otherwise invisible outside the control plane. An compromised
app can access all the information through the controller/app API. The
app can also send the information out through network connection,
storage and other running processes via inter-process communication.
Such information like flow tables and device model may enable the
conduction of security analysis of OF rules and specific attacks
towards certain model of switch or software.
- Black hole attack.
Attacker can manipulate flows stealthily
through an entire data-plane approach. Assuming the attack controls a
host within the OpenFlow network, the attack is able to route a
desired flow to the controlled host before arriving the destination.
If no host is controlled, the attacker can even create a dynamic-flow
tunnel to a controlled destination outside the OpenFlow network. The
controlled host can then conduct any manin-the-middle attacks. If the
attacker simply drops the desired packets, it becomes black hole
attack.