Building Smarter Cyber Ranges with Dockerized Android

:::info Authors:

(1) Daniele Capone, SecSI srl, Napoli, Italy (daniele.capone@secsi.io);

(2) Francesco Caturano, Dept. of Electrical Engineering and Information, Technology University of Napoli Federico II, Napoli, Italy (francesco.caturano@unina.i)

(3) Angelo Delicato, SecSI srl, Napoli, Italy (angelo.delicato@secsi.io);

(4) Gaetano Perrone, Dept. of Electrical Engineering and Information Technology, University of Napoli Federico II, Napoli, Italy (gaetano.perrone@unina.it)

(5) Simon Pietro Romano, Dept. of Electrical Engineering and Information Technology, University of Napoli Federico II, Napoli, Italy (spromano@unina.it).

:::

Table of Links

Abstract and I. Introduction

II. Related Work

III. Dockerized Android: Design

IV. Dockerized Android Architecture

V. Evaluation

VI. Conclusion and Future Developments, and References

VI. CONCLUSION AND FUTURE DEVELOPMENTS

In this work, we have described Dockerized Android, a platform that supports cyber-range designers in realizing mobile virtual scenarios. The application is based on Docker, i.e., a container-based virtualization framework extensively adopted in the cyber-range field for several benefits already mentioned. We described the main components and showed how it is possible to realize a complex cyber kill-chain scenario that involves the utilization of Bluetooth components. The architecture has been conceived at the outset as an extensible one. Its feature set can be dynamically enabled or disabled through the docker-compose creator, and some fine-grained options can be configured to customize the scenarios. The strength of this system is its ability to quickly run a mobile component through Docker, with many interesting features out of the box. Furthermore, the centralization of several components increases the overall usability level. The cons are all related to compatibility issues with Windows and OS X when running the Core for Emulator. While the former will probably be solved with the next updates, the latter is not solvable without significant changes to the OS X implementation. Another limitation is the lack of support for emulating some hardware components, e.g., Bluetooth. For these reasons, the Linux environment as a host machine is strongly recommended. We will also assess the potential benefits of using Dockerized Android in cloud-based environments in future works. Other improvements include the full integration of security-based features in the Android Emulator. For example, the GPS location could be useful to simulate a realistic route traveled by a simulated user. In recent works, cyber ranges are configured by using the high-level SDL (Specification and Description Language) representation [8]. Integrating this language in Dockerized Android is relatively easy, as every feature is set through Docker environment variables. Additional efforts will be focused on improving automation features, such as the design of an event-based architecture to simulate complex sequential actions involving human interaction.

REFERENCES

[1] Jan Vykopal et al. “Lessons learned from complex hands-on defence exercises in a cyber range”. In: 2017 IEEE Frontiers in Education Conference (FIE). 2017, pp. 1–8. DOI: 10.1109/FIE.2017.8190713.

\ [2] Adam McNeil and W. Stuart Jones. Mobile Malware is Surging in Europe: A Look at the Biggest Threats. https://www.proofpoint.com/us/blog/email-and-cloudthreats/mobile-malware- surging-europe-look- biggestthreats. Online; 14-May-2022. 2022.

\ [3] René Mayrhofer et al. “The Android Platform Security Model”. In: ACM Transactions on Privacy and Security 24.3 (Aug. 2021), pp. 1–35. DOI: 10 . 1145/ 3448609. URL: https://doi.org/10.1145/3448609.

\ [4] Ryotaro Nakata and Akira Otsuka. “CyExec*: A HighPerformance Container-Based Cyber Range With Scenario Randomization”. In: IEEE Access 9 (2021), pp. 109095–109114. DOI: 10 . 1109 / ACCESS . 2021 . 3101245.

\ [5] Ryotaro Nakata and Akira Otsuka. Evaluation of vulnerability reproducibility in container-based Cyber Range. 2020. DOI: 10.48550/ARXIV.2010.16024. URL: https: //arxiv.org/abs/2010.16024.

\ [6] Francesco Caturano, Gaetano Perrone, and Simon Pietro Romano. “Capturing flags in a dynamically deployed microservices-based heterogeneous environment”. In: 2020 Principles, Systems and Applications of IP Telecommunications (IPTComm). 2020, pp. 1–7. DOI: 10.1109/IPTComm50535.2020.9261519.

\ [7] Muhammad Mudassar Yamin, Basel Katt, and Vasileios Gkioulos. “Cyber ranges and security testbeds: Scenarios, functions, tools and architecture”. In: Computers & Security 88 (Jan. 2020), p. 101636. DOI: 10. 1016/ J. COSE.2019.101636.

\ [8] Enrico Russo, Luca Verderame, and Alessio Merlo. “Enabling Next-Generation Cyber Ranges with Mobile Security Components”. In: IFIP International Conference on Testing Software and Systems. Springer, 2020, pp. 150–165.

\ [9] Giuseppe Trotta Andrea Pierini. From APK to Golden Ticket. https://www.exploit-db.com/docs/english/44032- from- apk-to- golden-ticket.pdf. [Online; accessed 01- March-2021]. 2017.

\ [10] Genymotion. Android as a Service. https : / / www . genymotion.com/. [Online; accessed 1-March-2021].

\ [11] Corellium. ARM Device Virtualization. https : / / corellium.com/. [Online; accessed 10-March-2021].

\ [12] Android Emulator. https : / / developer . android . com / studio/run/emulator. Accessed: 11-01-2021.

\ [13] thyrlian. AndroidSDK. https : / / github . com / thyrlian / AndroidSDK. [Online; accessed 10-March-2021].

\ [14] budtmo. docker-android. https:// github. com/ budtmo/ docker-android. [Online; accessed 10-March-2021].

\ [15] bitrise-io. android. https://github.com/bitrise-io/android. [Online; accessed 10-March-2021].

\ [16] MobSF. Mobile Security Framework. https : / / www . github . com / MobSF / Mobile - Security - Framework - MobSF. [Online; accessed 1-March-2021].

\ [17] Dockerfile best practices. https : / / docs . docker. com / develop / develop - images / dockerfile _ best - practices/. Accessed: 13-02-2021.

\ [18] Flaticon. Free vector icons. https://www.flaticon.com/. [Online; accessed 17-April-2021].

\ [19] Frida. Frida. https://frida.re/. Online; 13-May-2022.

\ [20] Anonymized authors. Dockerized Android github repo. . In order to adhere to the double-blind review principle, the github repo information has been obfuscated and will be made available if and when the paper is accepted.

\ [21] Android-Exploits. https : / / github . com / sundaysec / Android - Exploits / blob / master / remote / 44242 . md. [Online; accessed 19-April-2021].

\ [22] Ben Seri and Gregory Vishnepolsky. BlueBorne - The dangers of Bluetooth implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth stacks. Tech. rep. Armis, 2017.

\ [23] Armis Security. BlueBorne. https://www.armis.com/ research/blueborne/. Online; 13-May-2022. 2017.

\

:::info This paper is available on arxiv under CC by-SA 4.0 Deed (Attribution-Sahrealike 4.0 International license.

:::

\