Scippa

Backes, Michael; Bugiel, Sven; Gerling, Sebastian

doi:10.1145/2664243.2664264

Cited by 23 publications

(5 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We assume that the SDN controller is trusted and adequately secured but that it may provide services to, and be co-opted by, malicious SDN apps. We assume that apps may originate from third parties 2 , such as app stores 3 , and are thus untrusted and potentially malicious. Although network and security practitioners will use best practices and due diligence in vetting apps before deployment (e.g., verifying that an app has been signed by a trusted developer), compiled apps without available source code are "black boxes" whose behavior the practitioners may not entirely understand and whose code may be vulnerable to compromise in unexpected ways.…”

Section: Threat Modelmentioning

confidence: 99%

“…Data provenance refers to the process of tracing and recording the origins of data and their movement. Provenance has been used to understand the flow of data in databases [2,13,22,28,86], operating systems [8,45,52,67], mobile phones [3,16], and browsers [40,44]. Provenance can be used not just for IFC but also for information tracing, accountability, transparency, and compliance [51,79].…”

Section: Data Provenance Modelmentioning

confidence: 99%

“…ONOS and its apps are currently used by transport network providers and have been incorporated into commercial products developed by Huawei and Samsung, among others[62]. As of August 2018, ONOS has also been issued 12 CVE entries, including arbitrary apps being loaded into the controller[63] 3. Aruba Networks, a subsidiary of Hewlett-Packard Enterprise, maintains an "SDN app store" for the HP SDN controller[31].…”

mentioning

confidence: 99%

See 2 more Smart Citations

Cross-App Poisoning in Software-Defined Networking

Ujcich

Jero

Edmundson

et al. 2018

Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Software-defined networking (SDN) continues to grow in popularity because of its programmable and extensible control plane realized through network applications (apps). However, apps introduce significant security challenges that can systemically disrupt network operations, since apps must access or modify data in a shared control plane state. If our understanding of how such data propagate within the control plane is inadequate, apps can co-opt other apps, causing them to poison the control plane's integrity. We present a class of SDN control plane integrity attacks that we call cross-app poisoning (CAP), in which an unprivileged app manipulates the shared control plane state to trick a privileged app into taking actions on its behalf. We demonstrate how role-based access control (RBAC) schemes are insufficient for preventing such attacks because they neither track information flow nor enforce information flow control (IFC). We also present a defense, ProvSDN, that uses data provenance to track information flow and serves as an online reference monitor to prevent CAP attacks. We implement ProvSDN on the ONOS SDN controller and demonstrate that information flow can be tracked with low-latency overheads. CCS CONCEPTS • Security and privacy → Access control; Information flow control; Information accountability and usage control; • Networks → Programmable networks; KEYWORDS software-defined networking; data provenance; information flow control; network operating system * DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited.

show abstract

Section: Threat Modelmentioning

confidence: 99%

Section: Data Provenance Modelmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Cross-App Poisoning in Software-Defined Networking

Ujcich

Jero

Edmundson

et al. 2018

Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…The four basic Android application components are Activities, BroadcastReceivers, ContentProviders, and Services. All components can be interconnected remotely across process boundaries by using different abstractions of Binder inter process communication (IPC) [6]. These interconnections are commonly referred to as inter-component communication and are the primary communication mechanism in Android although it can provide classical channels such as files or sockets.…”

Section: Android Security Architecturementioning

confidence: 99%

Malware Analysis and Detection on Android: The Big Challenge

Rodríguez-Mota¹,

Escamilla-Ambrosio²,

Salinas-Rosales³

2017

Smartphones From an Applied Research Perspective

View full text Add to dashboard Cite

The popularization of the use of mobile devices, such as smartphones and tablets, has accelerated in recent years, as these devices have experienced a reduction in cost together with an increase in functionality and services availability. In this context, due to its openness and free availability, Android operating system (OS) has become not only a major stakeholder in the market of mobile devices but has also become an attractive target for cybercriminals. In this chapter, we advocate to present some current trends and results in the Android malware analysis and detection research area. We start by briefly describing the Android's security model, followed by a discussion of the static and dynamic malware analysis techniques in order to provide a general view of the analysis and detection process to the reader. After that, a description of a particular set of software developments, which exemplify some of the discussed techniques, is presented accompanied by a set of practical results. Finally, we draw some conclusions about the future development of the Android malware analysis area. The main contribution of this chapter is a description of the realization of static and dynamic malware analysis techniques and principles that can be automated and mapped to software system tools in order to simplify analyses. Moreover, some details about the use of machine learning algorithms for malware classifications and the use of the hooking software techniques for dynamic analysis execution are provided.

show abstract

“…Detection of Android Malware: An extensive body of systems has been developed to detect Android malware by monitoring system calls [15,39,42,43,50,46,30,27], analyzing the usage of Android permissions [24,11,23,38], analyzing the usage of Framework APIs [13,55,47,56,17,52], and extracting information from the sysfs pseudofilesystem [12]. The design of these detection systems requires deep domain knowledge about Android system and the development of Android malware.…”

Section: Related Workmentioning

confidence: 99%

Using Provenance Patterns to Vet Sensitive Behaviors in Android Apps

Yang

Gehani

et al. 2015

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

We propose Dagger, a lightweight system to dynamically vet sensitive behaviors in Android apps. Dagger avoids costly instrumentation of virtual machines or modifications to the Android kernel. Instead, Dagger reconstructs the program semantics by tracking provenance relationships and observing apps' runtime interactions with the phone platform. More specifically, Dagger uses three types of low-level execution information at runtime: system calls, Android Binder transactions, and app process details. System call collection is performed via Strace [7], a low-latency utility for Linux and other Unix-like systems. Binder transactions are recorded by accessing Binder module logs via sysfs [8]. App process details are extracted from the Android /proc file system [6]. A data provenance graph is then built to record the interactions between the app and the phone system based on these three types of information. Dagger identifies behaviors by matching the provenance graph with the behavior graph patterns that are previously extracted from the internal working logic of the Android framework. We evaluate Dagger on both a set of over 1200 known malicious Android apps, and a second set of 1000 apps randomly selected from a corpus of over 18,000 Google Play apps. Our evaluation shows that Dagger can effectively vet sensitive behaviors in apps, especially for those using complex obfuscation techniques. We measured the overhead based on a representative benchmark app, and found that both the memory and CPU overhead are less than 10%. The runtime overhead is less than 63%, which is significantly lower than that of existing approaches.

show abstract

Scippa

Cited by 23 publications

References 26 publications

Cross-App Poisoning in Software-Defined Networking

Cross-App Poisoning in Software-Defined Networking

Malware Analysis and Detection on Android: The Big Challenge

Using Provenance Patterns to Vet Sensitive Behaviors in Android Apps

Contact Info

Product

Resources

About