ai_root_shield 0.3.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f0d354e66eecc271bd43c8ac6625c186a3aa38789ac19abbe5eabc0bf4fc1641
-  data.tar.gz: f2ce01ca5f411532737549e534db15dd1be0f942c3ef3427e1685a4fe7c964da
+  metadata.gz: 7ab00a90d8cb8fbc0cb67c95ef7bc24b29b6cc9c77049be87d228b4dbdb6f4e8
+  data.tar.gz: c4be63597e34946070cea7ffd0d9d978cc3049923e5d4b86aca02fc2151f23df
 SHA512:
-  metadata.gz: 05e5cfacfef14284c46aa5dbc7ae33ae5a1f70a5262c6341de8b22e968feb71c4e2f91385672d3032ea02e47ab1d21d504dfe4c0a3bb2134b9807aaea7647554
-  data.tar.gz: 0cc0cd97dab91107681bbbe04951f8c966a23de3e35965e8ed0d50afba5212133c2ef41b569560000c73b2b9ee22b869d22994ed73ca57749e1345c09a36e89d
+  metadata.gz: b22228772e76a7d77b02a42c1a448c5aa694cdf2c90fe193d489d71264fb2e9946090a72d49fe4c98a7670b65d56e3f6e872242ee950c4599effd52226801a65
+  data.tar.gz: 0e2e77706e50afb391d0fcf5c40ea2c541033392b279edb7a4fdd42087736724084cac47c9f046a39d908920dfd117811075428c057484864b13c4efa8e6bc4c

data/CHANGELOG.md

@@ -12,6 +12,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Real-time threat monitoring capabilities
 - Custom rule engine for security policies
 
+## [0.4.0] - 2024-12-XX
+
+### Added
+- **Advanced Network Security** capabilities
+- Certificate pinning helper with TLS public key pinning integration
+- Advanced proxy detection (VPN, Tor, custom DNS, MITM appliance detection)
+- Enterprise policy management with JSON-based customizable security rules
+- Policy compliance validation and violation reporting
+- Network security analysis integration
+- Support for banking, enterprise, and development policy templates
+- CLI support for network security features (`--enable-cert-pinning`, `--enable-proxy-detection`, `--policy`)
+
+### Enhanced
+- Comprehensive security status reporting across all components
+- Enhanced CLI with network analysis options (`--target-ip`, `--target-url`)
+- Policy-driven risk assessment and compliance checking
+- Real-time network threat detection and reporting
+
+### Technical
+- Certificate chain validation and pin extraction
+- Multi-layered proxy detection (Tor exit nodes, VPN services, MITM appliances)
+- JSON policy definition with inheritance and merging
+- Audit logging and compliance reporting
+- Network analysis integration with existing risk calculation
+
 ## [0.3.0] - 2024-01-03
 
 ### Added

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    ai_root_shield (0.3.0)
+    ai_root_shield (0.4.0)
       digest (~> 3.1)
       json (~> 2.6)
       numo-narray (~> 0.9)

data/README.md

@@ -4,28 +4,46 @@
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Ruby](https://img.shields.io/badge/ruby-%23CC342D.svg?style=flat&logo=ruby&logoColor=white)](https://www.ruby-lang.org/)
 [![Security](https://img.shields.io/badge/security-first-green.svg)](https://github.com/ahmetxhero/ai-root-shield)
+[![Buy Me A Coffee](https://img.shields.io/badge/Buy%20Me%20A%20Coffee-support%20my%20work-FFDD00?style=flat&logo=buy-me-a-coffee&logoColor=black)](https://buymeacoffee.com/ahmetxhero)
 
 > **Created by [Ahmet KAHRAMAN](https://ahmetxhero.web.app)** - Mobile Developer & Cyber Security Expert  
 > *"Security first, innovation always"* 🛡️
 
-An AI-powered Ruby library that performs comprehensive on-device compromise detection for mobile applications without requiring a backend. Protects against root/jailbreak, emulators, hooking frameworks, and provides behavioral risk analysis.
+An enterprise-grade AI-powered Ruby library that performs comprehensive cross-platform mobile security analysis. Features advanced platform-specific detection, hardware security validation, CI/CD integration, and enterprise SIEM connectivity - all without requiring a backend.
 
 ## Features
 
+### 🔒 Core Security Detection
 - **Root & Jailbreak Detection**: Comprehensive detection of rooted Android devices and jailbroken iOS devices
 - **Emulator/Simulator Detection**: Identifies virtual devices, emulators, and simulators
 - **Hooking Framework Detection**: Detects Frida, Xposed, Substrate, and other instrumentation tools
 - **Application Integrity Checks**: Validates app signatures and detects repackaging/tampering
 - **Network Security Analysis**: Identifies TLS issues, custom CAs, and MITM tools
-- **🆕 RASP Protection**: Runtime Application Self-Protection with real-time threat blocking
-- **🆕 Anti-Debug Mechanisms**: Ptrace, GDB, LLDB detection and blocking
-- **🆕 Anti-Tamper Protection**: Code integrity and memory patch detection
-- **🆕 Dynamic Memory Protection**: Frida injection hook mitigation
-- **🆕 Runtime Integrity Monitor**: Critical function hash validation
+
+### 🆕 v0.5.0 Platform-Specific Security Modules
+- **Android SafetyNet & Play Integrity API**: Native Google security API integration
+- **iOS Advanced Jailbreak Detection**: DYLD injection, sandbox escape, code signing validation
+- **Hardware Security Analysis**: TEE/SE validation, biometric consistency checks
+- **Cross-Platform Unified Reporting**: Standardized security reports across platforms
+
+### 🛠️ Developer Tools & CI/CD Integration
+- **CI/CD Security Testing Module**: Automated security tests for GitHub Actions, GitLab CI, Jenkins
+- **Web Dashboard**: Optional GUI for log analysis and risk visualization
+- **Risk Score Visualization**: Interactive charts, timelines, and heatmaps
+- **SIEM/SOC Integrations**: Splunk, Elastic Stack, QRadar, Sentinel, Sumo Logic, Datadog
+
+### 🔐 Advanced Security Features
+- **Certificate Pinning Helper**: TLS public key pinning with common CA support
+- **Advanced Proxy Detection**: VPN, Tor, custom DNS, and MITM appliance detection
+- **Enterprise Policy Management**: JSON-based customizable security rules and compliance
+- **RASP Protection**: Runtime Application Self-Protection with real-time threat blocking
 - **AI Behavioral Analysis**: ONNX-powered behavioral pattern analysis with anomaly detection
-- **ML-Based Emulator Detection**: Advanced machine learning techniques for emulator identification
-- **AI Confidence Scoring**: Confidence metrics integrated into risk assessment
+- **Hardware Attestation**: Android Key Attestation and iOS Device Check integration
+
+### 📊 Enterprise Features
+- **Compliance Frameworks**: OWASP MASVS, NIST, ISO 27001, PCI DSS, GDPR support
 - **Risk Scoring System**: Comprehensive risk assessment with weighted factors (0-100 scale)
+- **Threat Intelligence**: IoC extraction and attack vector identification
 - **CLI Tool**: Command-line interface with multiple output formats
 - **Privacy-First**: Completely offline, no data collection or external dependencies
 
@@ -63,6 +81,50 @@ puts result[:risk_score]  # => 87
 puts result[:factors]     # => ["ROOT_SU_FOUND", "FRIDA_GADGET", "TLS_UNPINNED"]
 ```
 
+### v0.5.0 Platform-Specific Analysis
+
+```ruby
+require "ai_root_shield"
+
+# Load device logs
+device_logs = JSON.parse(File.read("device_logs/android_device.json"))
+
+# Android-specific security analysis
+android_results = AiRootShield.analyze_android_security(device_logs, {
+  api_key: "your_safetynet_api_key",
+  package_name: "com.yourapp.package"
+})
+
+puts "SafetyNet Basic Integrity: #{android_results[:safetynet][:basic_integrity]}"
+puts "Play Integrity Verdict: #{android_results[:play_integrity][:device_verdict]}"
+puts "Hardware TEE Available: #{android_results[:hardware_security][:tee_available]}"
+
+# iOS-specific security analysis
+ios_logs = JSON.parse(File.read("device_logs/ios_device.json"))
+ios_results = AiRootShield.analyze_ios_security(ios_logs)
+
+puts "Jailbreak Detected: #{ios_results[:jailbreak_detection][:file_system_check][:detected]}"
+puts "Code Signing Valid: #{ios_results[:code_signing][:main_bundle_signed]}"
+puts "Secure Enclave Available: #{ios_results[:hardware_security][:secure_enclave_available]}"
+
+# Hardware security analysis
+hardware_analysis = AiRootShield.analyze_hardware_security(device_logs, 'android')
+puts "Hardware Security Score: #{hardware_analysis[:security_score]}"
+
+# Generate unified cross-platform report
+unified_report = AiRootShield.generate_unified_report(
+  android_results: android_results,
+  ios_results: ios_results,
+  metadata: {
+    app_name: "MySecureApp",
+    app_version: "1.0.0",
+    organization: "MyCompany"
+  }
+)
+
+puts "Overall Risk Level: #{unified_report[:unified_risk_assessment][:risk_level]}"
+```
+
 ### Advanced Configuration
 
 ```ruby
@@ -89,6 +151,76 @@ actions = AiRootShield::RiskCalculator.recommended_actions(result[:factors])
 actions.each { |action| puts "→ #{action}" }
 ```
 
+### CI/CD Integration (New in v0.5.0)
+
+```ruby
+# Run security tests in CI/CD pipeline
+test_results = AiRootShield.run_ci_cd_tests("device_logs/sample.json", {
+  fail_on_high_risk: true,
+  risk_threshold: 70,
+  report_format: 'json',
+  artifacts_path: './security_artifacts'
+})
+
+puts "Pipeline Result: #{test_results[:pipeline_result][:result]}"
+
+# Generate CI/CD configuration
+github_config = AiRootShield.generate_ci_config('github_actions')
+File.write('.github/workflows/security.yml', github_config)
+
+gitlab_config = AiRootShield.generate_ci_config('gitlab_ci')
+File.write('.gitlab-ci.yml', gitlab_config)
+```
+
+### SIEM Integration (New in v0.5.0)
+
+```ruby
+# Configure SIEM connector
+AiRootShield.configure_siem(:splunk, {
+  api_endpoint: 'https://your-splunk-instance.com:8088',
+  api_key: 'your-hec-token',
+  index: 'mobile_security'
+})
+
+# Send security events to SIEM
+analysis_results = AiRootShield.analyze_android_security(device_logs)
+AiRootShield.send_to_siem(analysis_results, {
+  device_id: 'device-123',
+  user_id: 'user-456',
+  app_version: '1.0.0'
+})
+
+# Configure multiple SIEM platforms
+elastic_connector = AiRootShield.configure_siem(:elastic, {
+  api_endpoint: 'https://your-elastic-cluster.com',
+  api_key: 'your-api-key',
+  index: 'ai-root-shield-events'
+})
+
+datadog_connector = AiRootShield.configure_siem(:datadog, {
+  api_endpoint: 'https://api.datadoghq.com',
+  api_key: 'your-datadog-api-key'
+})
+```
+
+### Web Dashboard (New in v0.5.0)
+
+```ruby
+# Start the web dashboard
+AiRootShield.start_dashboard({
+  port: 4567,
+  bind: '0.0.0.0'
+})
+
+# Dashboard will be available at http://localhost:4567
+# Features:
+# - Real-time security analysis
+# - Risk score visualization
+# - Interactive charts and heatmaps
+# - Historical trend analysis
+# - Compliance reporting
+```
+
 ### CLI Usage
 
 The gem includes a command-line interface:
@@ -97,6 +229,23 @@ The gem includes a command-line interface:
 # Basic scan
 $ ai_root_shield device_logs/sample.json
 
+# Platform-specific analysis
+$ ai_root_shield --platform android --safetynet-api-key YOUR_KEY device_logs/android.json
+$ ai_root_shield --platform ios --enable-jailbreak-detection device_logs/ios.json
+
+# CI/CD mode with artifacts
+$ ai_root_shield --ci-mode --format json --artifacts-path ./reports device_logs/sample.json
+
+# SIEM integration
+$ ai_root_shield --siem splunk --siem-endpoint https://splunk.com:8088 --siem-token TOKEN device_logs/sample.json
+
+# Web dashboard
+$ ai_root_shield --start-dashboard --port 8080
+
+# Generate CI/CD configs
+$ ai_root_shield --generate-ci-config github-actions > .github/workflows/security.yml
+$ ai_root_shield --generate-ci-config gitlab-ci > .gitlab-ci.yml
+
 # With options
 $ ai_root_shield --format text --threshold 60 device_logs/sample.json
 
@@ -132,7 +281,54 @@ puts "AI Confidence: #{result[:ai_confidence]}"
 puts "ML Emulator Score: #{result[:ml_emulator_score]}"
 ```
 
-## RASP Protection (New in v0.3.0)
+## Advanced Network Security & Policy Management (New in v0.4.0)
+
+Enterprise-grade network security and policy management capabilities:
+
+### Features
+- **Certificate Pinning Helper**: Easy TLS public key pinning integration with common CA support
+- **Advanced Proxy Detection**: Comprehensive detection of VPN, Tor, custom DNS, and MITM appliances
+- **Enterprise Policy Management**: JSON-based customizable security rules and compliance validation
+- **Policy Templates**: Pre-built policies for banking, enterprise, and development environments
+- **Compliance Reporting**: Detailed violation tracking and audit logging
+- **Network Analysis Integration**: Real-time network threat detection and assessment
+
+### Usage
+
+```ruby
+# Configure enterprise policy
+AiRootShield.configure_policy('examples/policies/banking_policy.json')
+
+# Set up certificate pinning
+pinning = AiRootShield.configure_certificate_pinning
+pinning.add_pin('api.mybank.com', ['sha256/YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg='])
+
+# Configure proxy detection
+AiRootShield.configure_proxy_detection
+
+# Scan with network analysis
+result = AiRootShield.scan_device_with_config('device_logs.json', {
+  enable_network_analysis: true,
+  target_ip: '192.168.1.100',
+  target_url: 'https://api.mybank.com'
+})
+
+puts "Compliance Status: #{result[:compliance][:compliant] ? 'COMPLIANT' : 'NON-COMPLIANT'}"
+puts "Network Analysis: #{result[:network_analysis]}"
+```
+
+### CLI Usage
+
+```bash
+# Scan with enterprise policy and network security
+$ ai_root_shield --policy examples/policies/banking_policy.json \
+                 --enable-cert-pinning \
+                 --enable-proxy-detection \
+                 --target-url https://api.mybank.com \
+                 --verbose device_logs.json
+```
+
+## RASP Protection (v0.3.0)
 
 Runtime Application Self-Protection provides real-time threat detection and blocking:
 
@@ -313,9 +509,11 @@ See the `examples/device_logs/` directory for complete examples.
 
 - **v0.1** ✅ Static root/jailbreak checks
 - **v0.2** ✅ Emulator/simulator detection + TLS pinning helper
-- **v0.3** 🔄 AI behavioral model (ONNX inference)
-- **v0.4** 📋 Enhanced hooking/instrumentation detection
-- **v1.0** 🎯 Full compromise detection with comprehensive risk scoring
+- **v0.3** ✅ AI behavioral model (ONNX inference) + RASP protection
+- **v0.4** ✅ Advanced network security + enterprise policy management
+- **v0.5** ✅ Platform-specific modules + CI/CD integration + SIEM connectivity
+- **v0.6** 🔄 Real-time threat feeds + ML model updates
+- **v1.0** 🎯 Enterprise security orchestration platform
 
 ## 🤝 Contributing
 

data/examples/policies/banking_policy.json

@@ -0,0 +1,79 @@
+{
+  "version": "1.0",
+  "name": "Banking Security Policy",
+  "description": "High-security policy for banking and financial applications",
+  "minimum_security_level": 95,
+  "compliance_rules": {
+    "device_requirements": {
+      "allow_rooted_devices": false,
+      "allow_jailbroken_devices": false,
+      "allow_emulators": false,
+      "require_screen_lock": true,
+      "minimum_os_version": {
+        "android": "10.0",
+        "ios": "14.0"
+      },
+      "require_biometric_authentication": true,
+      "require_device_encryption": true
+    },
+    "network_security": {
+      "allow_vpn": false,
+      "allow_proxy": false,
+      "allow_tor": false,
+      "require_certificate_pinning": true,
+      "allowed_dns_servers": [
+        "8.8.8.8",
+        "1.1.1.1"
+      ],
+      "blocked_dns_servers": [],
+      "require_tls_1_3_minimum": true,
+      "block_self_signed_certificates": true,
+      "require_hsts": true
+    },
+    "application_integrity": {
+      "allow_debug_builds": false,
+      "allow_repackaged_apps": false,
+      "require_code_signing": true,
+      "allowed_certificate_issuers": [
+        "Bank Certificate Authority"
+      ],
+      "require_app_store_installation": true,
+      "block_sideloaded_apps": true,
+      "require_integrity_verification": true
+    },
+    "runtime_protection": {
+      "enable_rasp": true,
+      "allow_debugging": false,
+      "allow_hooking_frameworks": false,
+      "enable_tamper_detection": true,
+      "enable_anti_debug": true,
+      "enable_memory_protection": true,
+      "protection_interval": 500,
+      "enable_screenshot_protection": true
+    }
+  },
+  "risk_thresholds": {
+    "low": 5,
+    "medium": 15,
+    "high": 30,
+    "critical": 50
+  },
+  "actions": {
+    "on_policy_violation": "immediate_block",
+    "on_high_risk": "immediate_block",
+    "on_critical_risk": "immediate_block",
+    "custom_actions": {
+      "any_security_threat": "immediate_block_and_alert"
+    }
+  },
+  "reporting": {
+    "enable_audit_logs": true,
+    "log_level": "info",
+    "retention_days": 365,
+    "enable_real_time_alerts": true,
+    "alert_endpoints": [
+      "https://security.bank.com/critical-alerts",
+      "https://soc.bank.com/mobile-threats"
+    ]
+  }
+}

data/examples/policies/development_policy.json

@@ -0,0 +1,64 @@
+{
+  "version": "1.0",
+  "name": "Development Environment Policy",
+  "description": "Relaxed policy for development and testing environments",
+  "minimum_security_level": 40,
+  "compliance_rules": {
+    "device_requirements": {
+      "allow_rooted_devices": true,
+      "allow_jailbroken_devices": true,
+      "allow_emulators": true,
+      "require_screen_lock": false,
+      "minimum_os_version": {
+        "android": "7.0",
+        "ios": "11.0"
+      }
+    },
+    "network_security": {
+      "allow_vpn": true,
+      "allow_proxy": true,
+      "allow_tor": false,
+      "require_certificate_pinning": false,
+      "allowed_dns_servers": [],
+      "blocked_dns_servers": [],
+      "require_tls_1_2_minimum": false,
+      "block_self_signed_certificates": false
+    },
+    "application_integrity": {
+      "allow_debug_builds": true,
+      "allow_repackaged_apps": true,
+      "require_code_signing": false,
+      "allowed_certificate_issuers": [],
+      "require_app_store_installation": false,
+      "block_sideloaded_apps": false
+    },
+    "runtime_protection": {
+      "enable_rasp": false,
+      "allow_debugging": true,
+      "allow_hooking_frameworks": true,
+      "enable_tamper_detection": false,
+      "enable_anti_debug": false,
+      "enable_memory_protection": false,
+      "protection_interval": 5000
+    }
+  },
+  "risk_thresholds": {
+    "low": 30,
+    "medium": 60,
+    "high": 80,
+    "critical": 95
+  },
+  "actions": {
+    "on_policy_violation": "log_only",
+    "on_high_risk": "log_only",
+    "on_critical_risk": "alert",
+    "custom_actions": {}
+  },
+  "reporting": {
+    "enable_audit_logs": true,
+    "log_level": "debug",
+    "retention_days": 30,
+    "enable_real_time_alerts": false,
+    "alert_endpoints": []
+  }
+}

data/examples/policies/enterprise_policy.json

@@ -0,0 +1,89 @@
+{
+  "version": "1.0",
+  "name": "Enterprise Security Policy",
+  "description": "Comprehensive enterprise security policy for mobile applications",
+  "minimum_security_level": 80,
+  "compliance_rules": {
+    "device_requirements": {
+      "allow_rooted_devices": false,
+      "allow_jailbroken_devices": false,
+      "allow_emulators": false,
+      "require_screen_lock": true,
+      "minimum_os_version": {
+        "android": "9.0",
+        "ios": "13.0"
+      },
+      "allowed_device_models": [],
+      "blocked_device_models": []
+    },
+    "network_security": {
+      "allow_vpn": false,
+      "allow_proxy": false,
+      "allow_tor": false,
+      "require_certificate_pinning": true,
+      "allowed_dns_servers": [
+        "8.8.8.8",
+        "8.8.4.4",
+        "1.1.1.1",
+        "1.0.0.1"
+      ],
+      "blocked_dns_servers": [
+        "94.140.14.14",
+        "76.76.19.19"
+      ],
+      "require_tls_1_2_minimum": true,
+      "block_self_signed_certificates": true
+    },
+    "application_integrity": {
+      "allow_debug_builds": false,
+      "allow_repackaged_apps": false,
+      "require_code_signing": true,
+      "allowed_certificate_issuers": [
+        "Apple Inc.",
+        "Google Inc.",
+        "Enterprise CA"
+      ],
+      "require_app_store_installation": true,
+      "block_sideloaded_apps": true
+    },
+    "runtime_protection": {
+      "enable_rasp": true,
+      "allow_debugging": false,
+      "allow_hooking_frameworks": false,
+      "enable_tamper_detection": true,
+      "enable_anti_debug": true,
+      "enable_memory_protection": true,
+      "protection_interval": 1000
+    }
+  },
+  "risk_thresholds": {
+    "low": 15,
+    "medium": 35,
+    "high": 60,
+    "critical": 80
+  },
+  "actions": {
+    "on_policy_violation": "block",
+    "on_high_risk": "alert_and_log",
+    "on_critical_risk": "block_and_alert",
+    "custom_actions": {
+      "device_rooted": "immediate_block",
+      "tor_detected": "immediate_block",
+      "debugging_detected": "immediate_block"
+    }
+  },
+  "reporting": {
+    "enable_audit_logs": true,
+    "log_level": "warning",
+    "retention_days": 180,
+    "enable_real_time_alerts": true,
+    "alert_endpoints": [
+      "https://security.company.com/alerts"
+    ]
+  },
+  "exemptions": {
+    "test_devices": [],
+    "development_environments": [],
+    "emergency_override_codes": []
+  }
+}