Blas Kojusner scite author profile

Blas Kojusner

2Publications

0Citation Statements Received

32Citation Statements Given

How they've been cited

How they cite others

Affiliations

Publications

Order By: Most citations

SAUSAGE: Security Analysis of Unix domain Socket Usage in Android

Elgharabawy¹,

Kojusner²,

Mannan³

et al. 2022

Preprint

View full text Add to dashboard Cite

The Android operating system is currently the most popular mobile operating system in the world. Android is based on Linux and therefore inherits its features including its Inter-Process Communication (IPC) mechanisms. These mechanisms are used by processes to communicate with one another and are extensively used in Android. While Androidspecific IPC mechanisms have been studied extensively, Unix domain sockets have not been examined comprehensively, despite playing a crucial role in the IPC of highly privileged system daemons. In this paper, we propose SAUSAGE, an efficient novel static analysis framework to study the security properties of these sockets. SAUSAGE considers access control policies implemented in the Android security model, as well as authentication checks implemented by the daemon binaries. It is a fully static analysis framework, specifically designed to analyze Unix domain socket usage in Android system daemons, at scale. We use this framework to analyze 200 Android images across eight popular smartphone vendors spanning Android versions 7-9. As a result, we uncover multiple access control misconfigurations and insecure authentication checks. Our notable findings include a permission bypass in highly privileged Qualcomm system daemons and an unprotected socket that allows an untrusted app to set the scheduling priority of other processes running on the system, despite the implementation of mandatory SELinux policies. Ultimately, the results of our analysis are worrisome; all vendors except the Android Open Source Project (AOSP) have access control issues, allowing an untrusted app to communicate to highly privileged daemons through Unix domain sockets introduced by hardware manufacturer or vendor customization.

show abstract

SO{U}RCERER: Developer-Driven Security Testing Framework for Android Apps

Rahman¹,

Kojusner²,

Kennedy³

et al. 2021

Preprint

View full text Add to dashboard Cite

Frequently advised secure development recommendations often fall short in practice for app developers. Tooldriven (e.g., using static analysis tools) approaches lack context and domain-specific requirements of an app being tested. App developers struggle to find an actionable and prioritized list of vulnerabilities from a laundry list of security warnings reported by static analysis tools. Process-driven (e.g., applying threat modeling methods) approaches require substantial resources (e.g., security testing team, budget) and security expertise, which small to medium-scale app dev teams could barely afford. To help app developers securing their apps, we propose SO{U}RCERER 1 , a guiding framework for Android app developers for security testing. SO{U}RCERER guides developers to identify domain-specific assets of an app, detect and prioritize vulnerabilities, and mitigate those vulnerabilities based on secure development guidelines. We evaluated SO{U}RCERER with a case study on analyzing and testing 36 Android mobile money apps. We found that by following activities guided by SO{U}RCERER, an app developer could get a concise and actionable list of vulnerabilities (24-61% fewer security warnings produced by SO{U}RCERER than a standalone static analyzer), directly affecting a mobile money app's critical assets, and devise a mitigation plan. Our findings from this preliminary study indicate a viable approach to Android app security testing without being overwhelmingly complex for app developers.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Blas Kojusner

SAUSAGE: Security Analysis of Unix domain Socket Usage in Android

SO{U}RCERER: Developer-Driven Security Testing Framework for Android Apps

Contact Info

Product

Resources

About