Syracuse University SURFACE Dissertations - ALL SURFACE December 2016 Understanding and Improving Security of the Android Operating System Edward Paul Ratazzi Syracuse University Follow this and additional works at: https://surface.syr.edu/etd Part of the Engineering Commons Recommended Citation Ratazzi, Edward Paul, "Understanding and Improving Security of the Android Operating System" (2016). Dissertations - ALL. 592. https://surface.syr.edu/etd/592 This Dissertation is brought to you for free and open access by the SURFACE at SURFACE. It has been accepted for inclusion in Dissertations - ALL by an authorized administrator of SURFACE. For more information, please contact [email protected]. ABSTRACT Successful realization of practical computer security improvements requires an understanding and insight into the system’s security architecture, combined with a consideration of end-users’ needs as well as the system’s design tenets. In the case of Android, a system with an open, modular architecture that emphasizes usability and performance, acquiring this knowledge and insight can be particularly challenging for several reasons. In spite of Android’s open source philosophy, the system is extremely large and complex, documentation and reference materials are scarce, and the code base is rapidly evolving with new features and fixes. To make matters worse, the vast majority of Android devices in use do not run the open source code, but rather proprietary versions that have been heavily customized by vendors for product dierentiation. Proposing security improvements or making customizations without suicient insight into the system typically leads to less-practical, less-eicient, or even vulnerable results. Point solutions to specific problems risk leaving other similar problems in the distributed security architecture unsolved. Far-reaching general-purpose approaches may further complicate an already complex system, and force end-users to endure significant performance and usability degradations regardless of their specific security and privacy needs. In the case of vendor customization, uninformed changes can introduce access control inconsistencies and new vulnerabilities. Hence, the lack of methodologies and resources available for gaining insight about Android security is hindering the development of practical security solutions, sound vendor customizations, and end-user awareness of the proprietary devices they are using. Addressing this deficiency is the subject of this dissertation. New approaches for analyzing, evaluating and understanding Android access controls are introduced and used to create an interactive database for use by security researchers as well as system designers and end-user product evaluators. Case studies using the new techniques are described, with results uncovering problems in Android’s multiuser framework and vendor-customized System Services. Finally, the new insights are used to develop and implement a novel virtualization-based security architecture that protects sensitive resources while preserving Android’s open architecture and expected levels of performance and usability. UNDERSTANDING AND IMPROVING SECURITY OF THE ANDROID OPERATING SYSTEM by Edward Paul Ratazzi B.S., Rensselaer Polytechnic Institute, 1987 M.S., Syracuse University, 1992 M.S., Rensselaer Polytechnic Institute, 2006 DISSERTATION Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Electrical & Computer Engineering Syracuse University December 2016 This is a work of the U.S. Government and is not subject to copyright protection in the United States. Foreign copyrights may apply. DISCLAIMER The views expressed in this dissertation are those of the author and do not reflect the oicial policy or position of the United States Air Force, Department of Defense, or the U.S. Government. v Dedicato a mio nonno, Edward Ratazzi, Sr. — Dedicated to my grandpop, Henry Paul, Jr. vi Acknowledgments My deepest gratitude goes to those around me who made completing this dissertation possible. First, to my advisor, Prof. Wenliang Du. Even though I met you with a career’s worth of experience already behind me, your insights about conducting research, distilling problems and critical thinking have changed my professional life. I will consider myself a great success if I can pass along to others even a fraction of what I learned from you. I am especially thankful for your patience, approachability, friendly style, and understanding of my outside commitments to work and family. To my defense committee, Prof. Joon Park, Prof. Shiu-Kai Chin, Prof. Jian Tang, Prof. Yuzhe Tang, and Prof. Heng Yin, for taking time out of your busy schedules to read this dissertation, provide valuable feedback and serve on my committee. To the Information Directorate of the Air Force Research Laboratory for its commitment to career-long learning and professional development. To my past and present colleagues there, including Dr. Warren Debany, Jr., Dr. Kamal Jabbour, Dr. Davy Belk, Joe Camera, Lt. Col. David Bibighaus, Dr. Dan Pease, and Dr. Lok Yan. You supported and guided my return to graduate school, and provided much-needed encouragement along the way. I am particularly indebted to my supervisor and friend, Jim Perretta. For the last four years you have sheltered me from many day-to-day distractions so that I could focus on conducting and documenting my in-house research. Now that I am done, I hope to rise to the new challenges and opportunities your leadership brings to me. To the current and former students of the Computer Security Research Group at Syracuse, vii especially Amit Ahlawat, Francis Akowuah, Ashok Bommisetti, Nian Ji, Dr. Yousra Aafer, Dr. Xiao Zhang, Jiaming Liu, Kailiang Ying, Yifei Wang, Hao Hao, Haichao Zhang, and Lusha Wang. I am in awe of your technical skills and grateful for the countless hours of discussions we’ve had, both in group meetings and one-on-one. I wish you all the best and hope we can collaborate again in the future. To everyone at the Griiss Institute, especially Bill Wolf, Regan Johnson, Tracy DiMeo, Dr. Josh White, and Jim Hanna. You provided a comfortable, quiet and well-connected environment in which to study, research, collaborate, and write. Without your support, completing this dissertation would have been tremendously more diicult and lengthy. To my parents, Randa and Ed Ratazzi. By example, you taught me the value of education, the need for perseverance, and the importance of optimism, all ingredients I found to be essential for completing my studies. Finally and most importantly, to my wife Shirley and children Emily and Nicholas. You encouraged me when things were tough, cheered my successes, and made countless sacrifices along the way. Your love and confidence are the cornerstone of this and all other accomplishments of mine. Syracuse, New York December 2016 viii Contents Abstracti List of Figures xiv List of Tables xvi 1 Introduction1 1.1 Security enhancements proposed by the scientific literature.............. 3 1.2 Security enhancements available to end-users ..................... 4 1.3 Thesis and Contributions................................. 7 1.4 Dissertation organization................................. 9 2 Background 10 2.1 Uniqueness of Mobile Devices .............................. 10 2.2 Tutorial on Android Security ............................... 12 2.2.1 Development.................................... 12 2.2.2 Download...................................... 14 2.2.3 Installation..................................... 15 2.2.4 Run-time ...................................... 17 2.2.5 Removal....................................... 19 3 Android Access Control Evaluation Methodology 20 3.1 Introduction........................................ 21 3.1.1 Threat Model.................................... 24 ix 3.2 Background ........................................ 25 3.2.1 Framework - userId ................................. 25 3.2.2 Framework - Permissions ............................. 27 3.2.3 Framework - Package Management........................ 28 3.2.4 Filesystem ..................................... 31 3.2.5 Kernel........................................ 32 3.2.6 Run-time ...................................... 32 3.3 Method and Model..................................... 33 3.3.1 Scope........................................ 34 3.3.2 Questions & Insights................................ 37 3.3.3 Hypotheses About Multi-User Security ...................... 38 3.4 Case Study Findings.................................... 40 3.4.1 Unprotected Activities............................... 40 3.4.2 Unrestricted Administrative Functions ...................... 43 3.4.3 Shared Package Information............................ 43 3.4.4 Use of Sensors and Hardware Devices by Multiple Users............. 50 4 Access Control Characterization 54 4.1 Introduction........................................ 54 4.1.1 System Services Customization.......................... 55 4.1.2 Motivating Example ................................ 55 4.1.3 Research Questions ................................ 57 4.2 Characterizing Android Access Controls ......................... 57 4.2.1 Access Control Feature Set............................. 63 4.2.2 Feature Vector Extraction ............................. 66 4.3 Comparing Android Access Controls........................... 69 4.4 Case Study......................................... 69 4.4.1 Procedure...................................... 70 x 4.4.2 Characterization Analysis