A study of the Android security model and what has been done to improve it David Armenteros Martı́nez Fakulteta za elektrotehniko, računalništvo in informatiko, Univerza v Mariboru Email: [email protected] Smartphones are used by billions of people that means the applications of the smartphone is increasing, it is out of control for applications market places to completely validate if an application is malicious or legitimate. Furthermore, it is up to users to choose for themselves whether an app is safe in terms of use or not. It is important to say that there are some differences among mobile devices and PC machines in resource management mechanisms, the security solutions for computer malware are not compatible with mobile devices. So, it’s a fact that the use of smartphones is on the rise. Day by day our dependence on these devices is greater and therefore the information they store is increasingly critically. As a consequence, security requirements are increasing and mobile application development platforms must begin to offer certain guarantees. This article is focused on studying the security guarantees offered by Android through its security model. It is also shown a study of the works that identify some of the shortcomings of this model and improve it in certain aspects. Keywords: Android; Information Security; Smartphones; Operative Systems 1. INTRODUCTION Android is an operating system for mobile applications created by Google that has had a great growth since its launch in 2008. It is built on the Linux kernel from which it inherits certain security capabilities, in addition to implementing its own mechanisms that facilitate the development of applications up to certain point for sure. However, the fact that Android is an open-source platform and that developing applications for that operating system is so simple, makes building malicious applications easy. Therefore, current security mechanisms are not sufficient and user information is vulnerable. There is currently a whole research community dedicated to finding mechanisms to reduce Android security vulnerabilities. Thanks to this, you can find several research articles that study the security model of this operating system, identifying its strengths and weaknesses. In addition, there are other works that go further and propose mechanisms to increase the security levels of users’ information. In this article, an analysis is done regarding to the Android security model from a perspective not only of architecture but also of the security risk mitigation program proposed by the Android team. Subsequently, the article proposes a study of related works that allows the reader to get an idea of where we are in this particular research topic. The rest of this article is organized like this: In the section two there is a description of the Android operating system in terms of its impact on the market and its architecture. In the section 3 it is shown what the Android security model is like and what its strengths and limitations are. In the section 4 there is a list of relevant related works and how they have contributed to overcoming these security limitations. Finally, in the section 5, the article is concluded. 2. ANDROID OPERATING SYSTEM Throughout this section there’s a description of the Android operating system. Initially, there is an introduction about its developers and their participation in the market. Later, it is shown its architecture and there’s an analysis of the layers that make it up. 2.1. Android in the mobile operating system market Android is an operating system for mobile devices initially created by Android Inc., a firm that was bought by Google in 2005. Later, it was developed by the Open Handset Alliance, which is also led by Google. Devices with Android operating system have a high market share. According to StatCounter Global Stats, Android ranked first in sales with 70 percent of the market followed by 28 percent of devices with Apple OS. The Napredna informacijska varnost 2 D. Armenteros figure 1 presents the market share of the different mobile operating systems in 2021, verifying the big potential in sales in Android devices. 2. 3. 4. SLIKA 1: 2021 OS Market in Smartphones Android works with an Apache license (ASL), which allows freely modifying the platform, adding new functionalities and does not require sharing the code or having to allow its use to third parties. Google explains that the creation of Android was a response to its own experiences with mobile applications. They wanted to make sure that there was always an open platform for operators, manufacturers and developers that allowed them to implement innovative ideas. The main objective is to ensure that there is not a monopoly in the industry that restricts or controls the innovations of others, for this same reason the platform is open. Many developers have joined the Android community so the quantity of new apps created and downloaded per month in Play Store is increasing drastically. This generates a great offer for all users of the platform and a collaborative participation to improve the experience with mobile devices. [1] 2.2. 5. application, by itself, tasks are a series of activities, possibly from multiple applications. The concept of task is useful in Android applications because it allows the user to step-by-step undo or return pop-up operations from a stack. Application framework: Through this framework, APIs are provided to developers in various areas such as graphical user interface, power management, network, multimedia, search, and data access. This layer also provides mechanisms so that the components can be replaced by the user and the reuse of them is simple, the applications can publish their functionalities and others can use them according to the security rules. Libraries: In this layer are the set of libraries that each version of Android provides (the number changes between versions). The most common libraries are the system, graphics, and media libraries. These are presented to developers through the application framework and are written in C and C ++. Android runtime: The runtime environment is made up of Dalvik and core libraries. Dalvik is an Android virtual machine where applications are run and it has been written so that devices can run multiple virtual machines efficiently. Core libraries basically provide the functions available in Java libraries since the applications are written in this language. Linux kernel: Android uses a modification of the 2.6 series of the Linux kernel for basic system functions such as security, process management, memory, and drivers. One of the most important changes made to the original kernel is in the improvement to the power management since this is a crucial aspect for mobile devices. As it is usual in Android system, the kernel is freely accessible. Android Architecture Android was developed on a modification of the Linux kernel[2]. The figure 2 1 shows its architecture whose components are written in Java, C, C ++ and XML: 1. Application layer: In this layer are the operating system applications written in Java language. The native applications include a program for text messages, calendar, contacts, browser, among others. In Android, applications and tasks are strictly related, a task can be seen as a user 1 taken from: http://suniljoy.wordpress.com/2011/02/28/ SLIKA 2: Android Architecture android/ Napredna informacijska varnost 3 Paper Title 3. 3.1. ANDROID SECURITY MODEL ANALYSIS Security program The Android team envisioned a security program in its development cycle to address weaknesses in mobile operating systems. [3]The main security activities carried out in the program are: 1. 2. 3. 4. 3.2. Design review: Android security was approached from an early stage of the development cycle with the creation and design of a robust and configurable security model. Each of the main features of the platform was revised to integrate the appropriate controls into the system architecture. Penetration testing and code review: During the development of the platform, the Android components and those with a free license that it uses underwent detailed security reviews. These reviews were conducted by the Android security team, Google’s information security team, and independent security consultants. The objective was to identify potential weaknesses and vulnerabilities long before the platform was used and to simulate the types of analysis that external security experts will carry out after the platform is launched. Community review: Since Android is an opensource project, it allows extensive security review from any interested party, which contributes to the improvement of the platform. Incident response: In order to address security problems in production, Android created a comprehensive process that includes two aspects, to provide security answers. First, there is constant vigilance by the Android security team of system components and the community to identify potential vulnerabilities. Second, once problems are discovered, the security team has a response process that allows rapid attention to vulnerabilities so that the potential risk for Android users is minimized. These responses may include platform updates and removal of apps from Google Play and from devices. Safety components 3. SLIKA 3: Android OS Permission 4. One of the goals of Android is to be the most secure and useful operating system for mobile devices, providing system security controls to: protect user data, protect system resources (including the network), and provide isolation from the applications[4]. To achieve these three goals, Android provides key security features: 1. 2. Security through the Linux kernel: At the operating system security level, Android offers the security of the Linux kernel, which has been used for years and is used to secure millions of sensitive environments. The Linux kernel has become a stable kernel that offers security features such as that which works with a permission-based model, provides for sandboxing, has an extensible security mechanism, and allows removing unnecessary and potentially unsafe parts. Security mechanism sandbox required for all applications: In Linux each application runs as a process with particular user and group identifiers. This allows access policies to be defined for each application depending on its requirements and purpose. Said permissions are approved by the user at installation time by accepting the manifest. In some operating systems memory corruption errors compromise the complete security of the device; These errors are minimized in Android because all the applications and their resources are in an isolated space, so a memory corruption will only allow the execution of the code in the context of the application and with the permissions established for it. System partition and safe mode: The system partition is the one shown in the figure ?? ,that is, the one that contains the Linux kernel, the libraries, the execution time, the application framework and the applications. This partition is read-only. When a user starts the computer in safe mode, only the system partition is started, so only the basic Android applications will be available, which ensures that the user can start their phone with an environment free of third-party applications and by both in a safe mode. 5. File system permissions: Permissions on the Linux file system ensure that one user cannot read or write another user’s files. Since Android applications run as their own user, an application cannot read or write files created by another application, unless the application developer explicitly exposes them. Password protection: Android can be configured to ask for a user password before providing access to the device, this facilitates the prevention of unauthorized use of the device and the password as explained above is used by the encryption algorithm. Napredna informacijska varnost 4 6. 3.3. 1. 2. 3. 4. D. Armenteros Permissions ”root”on devices: On Android only the kernel and a small subset of the main applications run with root permissions. Root permissions can modify the operating system, kernel, and any other application, plus you have full access to application data. If a user changes device permissions and grants root permissions to applications, he is increasing the security risk of malicious applications. Android has allowed root permissions to be configured since this is an important property for developers and for those users who, for example, want to allow the installation of an alternative operating system. Limitations Malicious software detection is difficult: Given the ingenuity of malicious software developers, and that ultimately it is the phone user who decides which applications they use and therefore which applications they grant the permissions they request over their resources, it is difficult to detect malicious applications in a preventive manner. Usually, the user discovers that the security of his phone has been compromised when he realizes that something is wrong. Malicious software detection is slow: Although Google Play contains a considerable number of applications that offer Android users a diverse range of functionalities and features, many of them are malicious software, so proactive detection of them is a pressing need to protect the majority. number of users possible. However, according to the Symantec report[twenty] the detection of these malicious software is insecure and delayed, so by the time they are detected, many users have already downloaded it and, worse still, removal from Google Play is also delayed. Little control in the interaction between applications: Despite the Android sandbox security mechanism, there are no mechanisms to regulate communication between applications. In other words, an application with few permissions can take advantage (for malicious purposes) of the permissions of a more privileged application. Suppose, for example, that a user installs two applications A and B. on his phone. Application A has limited permissions and application B has privileged permissions. Since A can invoke B via its respective API, it could use the operations provided by B to breach the security of the system. Difficulty in the definition process of access policies: Due to the large number of factors that must be taken into account when defining an access policy, it is difficult even for an experienced developer to create them. As a consequence, and to avoid errors at the functionality level, the developer usually ends up granting more permissions than an 5. 4. application needs to function. Delay in posting updates: Although Android indicates that it addresses the security flaws found as quickly as possible, the history shows that the patches are delayed and users are not able to protect their mobile devices while the updates arrive, and even worse, many of them never install them and they continue to be victims of security problems already identified [5]. RELATED WORK Throughout this section it will be presented a study of related work. Initially, it is shown some research articles that also analyse the Android security model. Subsequently, the are some works whose purpose is to improve the Android security model by strengthening some of its limitations. 4.1. 1. 2. Android security model improvements Proposals for detecting malicious software: There are some proposals that focus on detecting malicious applications. One of these is the one presented in [6]. There, the authors show what they call a ”distance model”that makes it possible to measure the level of danger that a particular combination of permits represents. In other words, from an analysis of the permissions that an application requests, it is possible to detect whether or not it represents a danger to the security of the system. Another of the proposals is explained in [7], in which the detection mechanism is based on analysis of the behaviour of the Linux kernel during the execution of the application. It is important to note that one of the biggest challenges that these types of malware detection applications have is that they finally run on a phone that has limited memory and processing resources. As a consequence, having a malware detection application usually has undesirable effects for the end user (for example, reducing battery life). In response to this, proposals such as the one presented in[fifteen] where the detection analysis is done on a PC. For this, there is a mechanism by which the files are downloaded from the phone to a computer when the user connects it. Subsequently, an analysis is made on said files, taking advantage of the computational power of the PC and the results are displayed. Proposals to increase the integrity and availability of information on Android devices: Although most of the security proposals on mobile devices focus on the protection of information against unauthorized access, there are proposals whose objective is to protect the information from damage or loss, thus favouring its integrity and availability. This is the case of Napredna informacijska varnost Paper Title 3. what is presented by Changhao et al in[two],where the authors are based on the idea that all the information that is stored in the phone (even the scores of the games) is of great value to the user. They present the problem that the information is sensitive in situations such as software update processes or uninstallation of applications and propose a strategy based on effective synchronization mechanisms that allow the storage of copies of the information in safe places.still, removal from Google Play is also delayed. Proposals to increase Android security based on the Linux kernel: So far, the proposals presented are focused on reinforcing the Android security model itself. However, they do not take into account that since Android is running on the Linux kernel, all its security weaknesses are inherited, it can become the weakest link. This problem is the main concern of Park et al in [8], where it is proposed to improve Linux kernel security according to Android needs and thus improve Android security. Its strategy is based on strengthening the mandatory access control system for Linux. 5. CONCLUSIONS 5 distance model. 2011 International Conference on Internet Technology and Applications, pp. 1–4. [7] Isohara, T., Takemori, K., and Kubota, A. (2011) Kernel-based behavior analysis for android malware detection. 2011 Seventh International Conference on Computational Intelligence and Security, pp. 1011– 1015. [8] Park, J., Kim, B., Kim, S.-R., Yoon, J. H., and Cho, Y. (2011) Performance analysis of security enforcement on android operating system. Proceedings of the 2011 ACM Symposium on Research in Applied Computation, New York, NY, USA RACS ’11 282–286. Association for Computing Machinery. In this article I present an analysis of the Android security model and the proposals that have been made recently to improve it. To do this, I started with a description of the operating system itself in terms of its impact on the market and its architecture. Later, I show the system’s security model and its main limitations. Finally, I mention some of the works that I consider to be the most relevant that have been done on the subject. I divide them into those that do a security analysis of Android and those that go further and show strategies to improve some of its limitations. LITERATURE [1] Báez, M., Borrego, Á., Cordero, J., Cruz, L., González, M., Hernández, F., Palomero, D., de Llera, J. R., Sanz, D., Saucedo, M., et al. (2019). Introducción a android. [2] Brahler, S. (2010) Analysis of the android architecture. Karlsruhe institute for technology, 7. [3] Schlöglhofer, R. and Sametinger, J. (2012) Secure and usable authentication on mobile devices. Proceedings of the 10th International Conference on Advances in Mobile Computing Multimedia, New York, NY, USA MoMM ’12 257–262. Association for Computing Machinery. [4] Felt, A. P., Chin, E., Hanna, S., Song, D. X., and Wagner, D. A. (2011) Android permissions demystified. CCS ’11. [5] Bing, H. (2012). Analysis and research of system security based on android. [6] Tang, W., Jin, G., He, J., and Jiang, X. (2011) Extending android security enforcement with a security Napredna informacijska varnost
0
Anuncio
Descargar
Anuncio
Añadir este documento a la recogida (s)
Puede agregar este documento a su colección de estudio (s)
Iniciar sesión Disponible sólo para usuarios autorizadosAñadir a este documento guardado
Puede agregar este documento a su lista guardada
Iniciar sesión Disponible sólo para usuarios autorizados