Sul Jung Tizen Validation...
Transcript of Sul Jung Tizen Validation...
![Page 1: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/1.jpg)
Tizen Application Validation
Sul Jung Tizen Validation Team
![Page 2: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/2.jpg)
2
Table of Contents
1. Introduction to Tizen Validation
2. Validation Process
3. Developer Support
4. Frequently Reported Defects
![Page 3: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/3.jpg)
3
1. Introduction of Tizen Validation
![Page 4: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/4.jpg)
4
Purpose
• Enable Successful Business
for Developers
• Provide Qualified
Application for Users
Introduction to Tizen Validation
Tizen Users
Developers
Validation Team
![Page 5: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/5.jpg)
5
Validation Criteria
• Validation team
checks four criteria
for acceptance
in Tizen store
Introduction to Tizen Validation
Submission Information
Functions
Usability Contents To service Healthy Contents
To service Working App without stopping
To offer Enjoyable or Useful apps
To provide Proper Information before app purchase
![Page 6: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/6.jpg)
6
2. Validation Process
![Page 7: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/7.jpg)
7
Tizen Validation Process
Reviewers
Phase 2 Content Review & Final Confirmation
App Submission For Sale
Phase 1 Initial Inspection & Dynamic Analysis
Tizen Validation System
Validation Process: 2 Phases
“WITHIN 3 DAYS”
![Page 8: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/8.jpg)
8
Tizen Validation Process(Phase 1)
5. Report Result
1. Request Test
[Tizen Store System]
3. Run Security Analysis
3. Run Automated Test
[Test Automation System]
2. Call Both Systems
4. Send System Result [Configuration
Mgmt. System]
[Security Analysis System]
Reviewers
Phase 2 Content Review & Final Confirmation
App Submission For Sale
Phase 1 Initial Inspection & Dynamic Analysis
Tizen Validation System
Tizen Validation System : Consists of Three systems – Security Analysis , Test Automation, Configuration Mgmt.
![Page 9: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/9.jpg)
9
Tizen Validation Process(Phase 1)
Reviewers
Phase 2 Content Review & Final Confirmation
App Submission For Sale
Phase 1 Initial Inspection & Dynamic Analysis
Security Analysis System
App submit Security Analyst 3. Update Analysis Tizen Store
Security System : Filters security threats such as Malware, Unauthorized API privilege, Web Attack Patterns
3. Dynamic Analysis
Analyze App Package Analyze Runtime Behavior Confirm Analysis Result Re-evaluate Static Analysis Result
2. Static Analysis
![Page 10: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/10.jpg)
10
Tizen Validation Process(Phase 1)
Reviewers
Phase 2 Content Review & Final Confirmation
App Submission For Sale
Phase 1 Initial Inspection & Dynamic Analysis
Test Automation System
Test Automation System : Tests metadata and application’s basic functions according to test cases
2. App Function Checking
Install, Uninstall, Resolution, Resource, Event Handling, Interrupt Checking
1. Metadata Checking
Forbidden Words, Support Languages
![Page 11: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/11.jpg)
11
Tizen Validation Process(Phase 2)
Final Review : Makes the final decision depending on system result and content review
Reviewers
Phase 2 Content Review & Final Confirmation
App Submission For Sale
Phase 1 Initial Inspection & Dynamic Analysis
Test Automation System
Security Analysis System
Test Automation
System
Configuration Mgmt. System
System Result
Contents Review
Device Test
Age Rating Copyrights Cultural Issues
Application’s Special Features Application Concept
System Result Manual Checking
Reviewers
![Page 12: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/12.jpg)
12
3. Developer Support
![Page 13: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/13.jpg)
13
Developer Support
3 Types of Validation Guidelines : are provided for developers to get ready for successful application validation.
▪ Enable developer to check essential points for app function and validation policy
▪ Enable developer to know mostly detected defects before submission
▪ Enable developer to understand the publishing process
Self-Checklist Top 5 Failures Validation Guide
![Page 14: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/14.jpg)
14
4. Frequently Reported Defects
![Page 15: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/15.jpg)
15
Frequently Reported Defects
Privilege defects : are Detected by security analysis system
1. Unused Privilege Problems : Delete an unused privilege
2. Undefined Privilege Problems : Assign proper privileges in a configuration file
API and Privilege Checker
![Page 16: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/16.jpg)
16
Frequently Reported Defects
Function Defects : are Detected by test automation system
Use RTL!
: Developer can use the Samsung RTL(Remote Test Lab) to test and tune the application before submission
1. Installation Error 2. Execution Error
& = 31% 29%
of all functional defects
Tips
![Page 17: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/17.jpg)
17
Frequently Reported Defects
Contents defects : are checked by Reviewers before confirming the validation
Inappropriate Description
Write a description in accordance with Tizen, NOT other platforms
Not for All Ages
Make a Metadata (App name, description, icon and screenshots, etc) for everyone regardless of age
Copyright Infringement
Make sure your application does not infringe someone else’s copyrights
Sexuality Violence
![Page 18: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/18.jpg)
Tizen Application
Security Analysis System
Seung Won Ko
Jackson Kang
![Page 19: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/19.jpg)
Security Analysis
System
![Page 20: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/20.jpg)
20
Need for Security Solution (1/2)
Seamless
Networking
Most
Private
Device
Application
Market Online Market
* Source: AhnLab Security Emergency Center (ASEC) 2013.12
Mobile
Malware Smishing Banking Fraud
2012.01 2013.12
Rapid Increase
since 2013
5437
1440
1,600,000 (2013. Dec)
Mobile Malware Count
![Page 21: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/21.jpg)
21
Need for Security Solution (2/2)
Play
Tizen
AppStore
Basically laissez-faire,
Post verification method
Hard to manage quality and security,
most malware apps
Bouncer Introduction
Bypass method found,
Manufacture and telecommunication
companies are conceiving security plan
Compare to Google Play
provide Safer app store
Static & Dynamic & Manual
Total security solution
AhnLab
Mobile Security Solution
Maintain Clean store status,
Benefit for developer and user
Maintain safe and attractive Tizen ecosystem
for developer and user,
Contribute platform’s prosperity
New Open source Web platform
With progress
Quality and security needs stabilization
![Page 22: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/22.jpg)
22
Security Solution Overview
Automatic Static Analysis
Report / Statistics
Reputation Database
Pattern Database
Automatic Dynamic Analysis
Reviewer
Tizen App
![Page 23: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/23.jpg)
23
Static Analysis System (1/2)
• Package Binary / Signing
• Resource File / Source Code
• Etc.
Web App
R
u
l
e
Native App
Hybrid App
Static Feature Analyze
![Page 24: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/24.jpg)
24
Static Analysis System (2/2) Hash Check
Sign Check
Privilege Level Check
Undefined Privilege
Check Unused Privilege
Check
Message Use Check
Call Use Check
Network Use Check
Malicious URL Check
Calendar Use Check
Contacts Use Check
Geocoder Use Check
Device Info. Use
Check
Bluetooth Check
NFC Check
VoIP Check
China Checklist
Specified API Check
Specified String
Check
Malware Check Push Message Check
White List Check
Specified URL Check
![Page 25: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/25.jpg)
25
Dynamic Analysis System (1/2)
![Page 26: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/26.jpg)
26
Dynamic Analysis System (2/2)
Main buffer Log
Radio buffer Log
System buffer Log
Call Log
2nd Log (Analyzed) 1st Log (Original)
Analyst
SMS Log
MMS Log
Email Log
Private Info DB
Access Log
File I/O Log
Network I/O
Log
TCP Dump File
Detect malicious
URL connection
Final Report
Payment Induction
Call History Access
Text Message
Access
Network Communication
History
Personal information
Access
File Access History
Email Access
![Page 27: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/27.jpg)
27
Update Analysis System
Dynamic Analysis
Malicious URL Check
Specified URL Check
Malware Check
Specified String
Check
Specified API Check
Platform Version
Check
• To apply the latest verification policy and
solve urgent security issue on pre-registered
app
• Evaluation is not just a single verification test,
but periodical purification effort
![Page 28: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/28.jpg)
28
Dynamic Analysis – Evolution (1/3)
![Page 29: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/29.jpg)
29
Dynamic Analysis – Evolution (2/3)
![Page 30: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/30.jpg)
30
Dynamic Analysis – Evolution (3/3)
• Emulator Introduction
• Dynamic Analysis Automation
- Automated process of app
crawling, installation, execution,
termination
• App execution and log the
behavior for predetermined
time
1st Generation • System performance improvement
- Network packet capture and analysis
- System resource monitoring
- Artificial system event occurrence
- Offer processed summary information
• Limit and Problem
- Lack of movement and interaction to
draw all the functions of the application
2nd Generation • Similar to that of humans - Behavior Induction - Interaction
• Effective Automation - Object targeted Event Generation - Pattern Recognition
• Enhanced Report - Trace Route Recoding - All Screen Capture
• Change of Paradigm - From Passive to Active - Defense to Unknown App
• Platform Independent - Generalizable Model - Web platform, Smart TV platform, Etc.
Next Generation
AS IS TO BE
![Page 31: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/31.jpg)
Demonstration
![Page 32: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/32.jpg)
32
Intelligent Dynamic Analysis
![Page 33: Sul Jung Tizen Validation Teamdownload.tizen.org/misc/media/conference2014/slides/tdc2014-tizen-application...- Lack of movement and interaction to draw all the functions of the application](https://reader035.fdocuments.in/reader035/viewer/2022071116/5ffeb3f7c07ff41d466930d5/html5/thumbnails/33.jpg)