The Misuse of Android Unix Domain Sockets and Security Implications
Offered By: Association for Computing Machinery (ACM) via YouTube
Course Description
Overview
Explore a conference talk from CCS 2016 examining the security implications of Android Unix domain sockets misuse. Delve into the research conducted by experts from the University of Michigan and University of California, Riverside, as they present their findings on potential vulnerabilities in Android applications. Learn about Unix domain sockets, threat models, and authentication methods in Android systems. Discover the researchers' analysis of socket address usage, authentication practices, and common mistakes made by developers. Gain insights into real-world examples, including a case study on KingRoot, and understand proposed mitigations to enhance Android security. Conclude with a summary and demonstrations that illustrate the practical impact of these security issues.
Syllabus
Intro
Motivation (cont'd)
Contributions
Unix domain sockets
Threat model
ABSTRACT is the default
Authentication is needed
Highlights
Apps using Unix sockets (Q1)
Socket address analysis (Q2)
Authentication analysis (03)
Implementation
Overview
Real-world usage
Identified libraries
Weak authentication
Strong authentications
Common mistakes
Case study: KingRoot
Mitigations (cont'd)
Summary
Demos
Taught by
ACM CCS
Related Courses
Peeling the Onion's User Experience Layer - Examining Naturalistic Use of the Tor BrowserAssociation for Computing Machinery (ACM) via YouTube DeepCorr - Strong Flow Correlation Attacks on Tor Using Deep Learning
Association for Computing Machinery (ACM) via YouTube SandScout - Automatic Detection of Flaws in iOS Sandbox Profiles
Association for Computing Machinery (ACM) via YouTube Game of Decoys - Optimal Decoy Routing Through Game Theory
Association for Computing Machinery (ACM) via YouTube PREDATOR - Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration
Association for Computing Machinery (ACM) via YouTube