loading

Logout succeed

Logout succeed. See you again!

search
Advance search
xAdvance search
submenu
search
search
xAdvance search
Students access

VSPMiner: Detec<ng Security Hazards in SEAndroid Vendor Customiza<ons via Large-Scale Supervised Machine Learning Xiangyu Liu, Yi Zhang, Yang Song Alibaba Security Whoami •  Xiangyu Liu •  Security Engineer @Alibaba •  CUHK PhD (2016) •  Academic: IEEE S&P, ACM CCS •  Industry: DEF CON •  Interests: Intrusion DetecMon, Mobile security •  Co-author: Yi Zhang, Yang Song @Alibaba Agenda •  Background •  VSPMiner •  EvaluaMon •  Summary Background-SEAndroid •  Android uses SELinux to enforce mandatory access control (MAC) over all processes. •  AYer Android 4.4 •  Privilege escalaMon becomes much more difficult Background-SEAndroid Framework SELinux Policy and Configura<on Files Security Server Context User Space Files Lookup Libselinux (support security policy ) … Policy Files read/write Mac Kernel Space permission SELinux Linux Record LSM Hooks Security Various Linux Configura<on Module (LSM) Kernel Services Files Background-SEAndroid Framework SELinux Policy and Configura<on Files Security Server Context User Space Files Lookup Libselinux (support security policy ) … Policy Files read/write Mac Kernel Space permission SELinux Linux Record LSM Hooks Security Various Linux Configura<on Module (LSM) Kernel Services Files Background-SEAndroid Policy •  The effecMveness of SEAndroid depends on the employed policies. •  allow/neverallow subject object:object_class permission •  sbj, obj, obj_class, perm (for short) •  Allow rules define benign operaMons •  E.g.,allow appdomain app_data_file:file {read write execute} •  Neverallow rules define privilege escalaMon (compile Mme) •  E.g.,neverallow untrusted_app init:file {read} •  Security labels <=> Concrete subjects/objects •  system_file <=> /system(/.*) •  system_data_file <=> /data(/.*) Vendors don’t know how to write policies @pof “Defeat SEAndroid” at Defcon 2013 Background-Refine Policy •  Using audit logs •  6-tuple access pamerns •  <concrete_sbj, sbj, concrete_obj, obj, obj_class, perm> •  Policy engineers parse the logs to refine policy •  Log access events not matched with allow rules Background-Challenges •  Millions of audit logs •  Expert experience •  Allow benign accesses •  Prevent malicious accesses •  Unknown new malicious access pamerns

ebook img

SELinux Linux Security Module PDF

pages59 Pages
release year2017
file size24.54 MB
languageEnglish

Preview SELinux Linux Security Module

VSPMiner: Detec<ng Security Hazards in SEAndroid Vendor Customiza<ons via Large-Scale Supervised Machine Learning Xiangyu Liu, Yi Zhang, Yang Song Alibaba Security Whoami •  Xiangyu Liu •  Security Engineer @Alibaba •  CUHK PhD (2016) •  Academic: IEEE S&P, ACM CCS •  Industry: DEF CON •  Interests: Intrusion DetecMon, Mobile security •  Co-author: Yi Zhang, Yang Song @Alibaba Agenda •  Background •  VSPMiner •  EvaluaMon •  Summary Background-SEAndroid •  Android uses SELinux to enforce mandatory access control (MAC) over all processes. •  AYer Android 4.4 •  Privilege escalaMon becomes much more difficult Background-SEAndroid Framework SELinux Policy and Configura<on Files Security Server Context User Space Files Lookup Libselinux (support security policy ) … Policy Files read/write Mac Kernel Space permission SELinux Linux Record LSM Hooks Security Various Linux Configura<on Module (LSM) Kernel Services Files Background-SEAndroid Framework SELinux Policy and Configura<on Files Security Server Context User Space Files Lookup Libselinux (support security policy ) … Policy Files read/write Mac Kernel Space permission SELinux Linux Record LSM Hooks Security Various Linux Configura<on Module (LSM) Kernel Services Files Background-SEAndroid Policy •  The effecMveness of SEAndroid depends on the employed policies. •  allow/neverallow subject object:object_class permission •  sbj, obj, obj_class, perm (for short) •  Allow rules define benign operaMons •  E.g.,allow appdomain app_data_file:file {read write execute} •  Neverallow rules define privilege escalaMon (compile Mme) •  E.g.,neverallow untrusted_app init:file {read} •  Security labels <=> Concrete subjects/objects •  system_file <=> /system(/.*) •  system_data_file <=> /data(/.*) Vendors don’t know how to write policies @pof “Defeat SEAndroid” at Defcon 2013 Background-Refine Policy •  Using audit logs •  6-tuple access pamerns •  <concrete_sbj, sbj, concrete_obj, obj, obj_class, perm> •  Policy engineers parse the logs to refine policy •  Log access events not matched with allow rules Background-Challenges •  Millions of audit logs •  Expert experience •  Allow benign accesses •  Prevent malicious accesses •  Unknown new malicious access pamerns

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.