More Related Content Similar to Smartphone Applications - Common Criteria is going Mobile (20) More from Jens Oberender (17) Smartphone Applications - Common Criteria is going Mobile1. Dr. Jens Oberender
SRC Security Research & Consulting GmbH
Smartphone applications –
Common Criteria is going Mobile
ICCC2012 Paris
2. How to CC-evaluate smartphone apps?
Agenda
Specify Security Target
TOE scope
Application specific SFRs
Assurance for Smartphone apps
Insight Summary
Common Criteria is going Mobile 2012 © SRC Security Research & Consulting GmbH Page 2
3. Specify TOE scope
TOE security functions TOE Environment
Data import Access control & isolation
Key management Policy enforcement
Encrypted storage Mobile device management
Common Criteria is going Mobile 2012 © SRC Security Research & Consulting GmbH Page 3
4. Security Functional Requirements
Generic Smartphone App
SFR Smartphone App
FDP_RIP.2 Residual Information Protection
Wipe residual data on app hibernation
FDP_SDI.2 Stored Data Integrity
Ensure authentic configuration
FPT_TST TSF Self Test
Detection of jail break and background apps
FPT_ITC Inter-TSF trusted channel
Mutual assured identification
FTA_SSL.3 TSF-initiated termination
Inactivity wipes user authentication
FTP_TRP Trusted Path
Key negotiation for secure transport
Audit/log performed by mobile device management
Common Criteria is going Mobile 2012 © SRC Security Research & Consulting GmbH Page 4
5. Security Assurance Requirements
Smartphone App Fields of Interest
SAR Notes for Smartphone App
AGD_PRE Authentic app market download
Allow for determined set of component interfaces
AGD_OPE Certificate chain validation
ALC Secure rollout and destruction
Crypto provider API versioning
ADV_TDS Control flow, data flow for actions and forms
Signed app ≠ authenticity & trust
Remote wipe by mobile device management
Security Awareness through Smartphone-CERT
Common Criteria is going Mobile 2012 © SRC Security Research & Consulting GmbH Page 5
6. Security Architecture
Evaluation of ADV_ARC
SAR Notes for Smartphone App
ADV_ARC Secure startup platform settings
Self-protection between hibernate and startup
Non-bypassability configuration authenticity
Set app permissions sparsely
Regulate information flow with permissions
Enforce interaction policy during runtime,
e.g. caller version and configuration on IPC
Common Criteria is going Mobile 2012 © SRC Security Research & Consulting GmbH Page 6
7. Vulnerability Analysis
Test and Penetrate
SAR Notes for Smartphone App
ATE_IND Validation of interface data
Issues with hibernation
AVA Address Space Layout Randomization
Platform key chain mechanism
Entropy in key derivation
Strong base passwords necessary
Appropriate data protection classes
Relevance of Mass Infections (cf. chipcard domain)
Required skills for exploitation phase
Specific efforts & costs of performing attacks
Common Criteria is going Mobile 2012 © SRC Security Research & Consulting GmbH Page 7
8. Insight Summary
Common Criteria is going Mobile
Common Criteria approach well-suited for evaluation
Identified app-specific requirements
Demand for Smartphone-CERT
Operation policies supplement platform measures
App mass infections prevented by market countermeasures
Achievable! CC-Evaluation
TOE scope limited
High-value targets: strict separation (eg. HASK-PP from 2008)
Enterprise policy oriented (Mobile Device PP draft)
Common Criteria is going Mobile 2012 © SRC Security Research & Consulting GmbH Page 8
9. References 1/2
http://www.enisa.europa.eu/activities/application-security/smartphone-security-1
https://www.owasp.org/index.php/OWASP_Mobile_Security_Project
http://www.malgenomeproject.org/
K. Wain Yee Au, et. al. A Look at SmartPhone Permission Models, SPSM, 2011.
A. Alkassar, et. al. Sicherheitskern€ für Smartphones: Ansätze und Lösungen, DuD,
2012.
D. Barerra. Secure Software Installation on Smartphones, S&P, 2011.
M. Becher: Security of Smartphones at the Dawn of their Ubiquitousness. PhD
Thesis (in German), University of Mannheim, 2009.
B. Dodson, et. al. Secure, Consumer-Friendly Web Authentication and Payments
with a Phone. MobiCASE, 2010.
W. Enck. Defending Users Against Smartphone Apps: Techniques and Future
Directions, ICISS, 2011.
W. Enck. Understanding Android Security, S&P, 2009.
M. Grace, et. al. Systematic Detection of Capability Leaks in Stock Android
Smartphones, NDSS 2012, 2012.
Common Criteria is going Mobile 2012 © SRC Security Research & Consulting GmbH Page 9
10. References 2/2
S. Hallsteinsen, I. Jorstad, and D. Van Thanh. Using the mobile phone as a security
token for unified authentication. ICSNC, 2007.
D. Kleidermacher. Bringing Security to Android-based Devices. Information Quaterly,
issue 32.
C. R. Mulliner: Security of Smart Phones, Master Thesis, UCL, 2006.
M. Ongtang, et. al. Semantically Rich Application-Centric Security in Android,
ACSAC, 2009.
S. Schrittwieser, et. al. Guess Who’s Texting You? Evaluating the Security of
Smartphone Messaging Applications, NDSS, 2011.
A. Shabtai, et. al. Google Android: A State-of-the-Art Review of Security
Mechanisms, CoRR Dagstuhl, 2009.
A. Porter Felt, et. al. Android Permissions Demystified, CCS, 2011.
A. Porter Felt, et. al. The Effectiveness of Application Permissions, USENIX, 2011.
D. Wallach: Smartphone Security: Trends and Predictions. SecAppDev 2011
Y. Zhou, X. Jiang. Dissecting Android Malware: Characterization and Evolution, P&S,
2012
Common Criteria is going Mobile 2012 © SRC Security Research & Consulting GmbH Page 10
11. Thank You!
Dr. Jens Oberender
SRC - Security Research & Consulting GmbH
Graurheindorfer Str. 149a
53117 Bonn
Germany
phone +49-228-2806-182 | -0
fax: +49-228-2806-199
E-mail: jens.oberender@src-gmbh.de
WWW: www.src-gmbh.de
www.src-gmbh.de/download.html
Common Criteria is going Mobile 2012 © SRC Security Research & Consulting GmbH Page 11