[A2]android security의 과거와 미래 – from linux to jelly bean

Download [A2]android security의 과거와 미래 – from linux to jelly bean

Post on 27-May-2015

1.568 views

Category:

Technology

0 download

Embed Size (px)

TRANSCRIPT

<ul><li> 1. About</li></ul> <p> 2. Me 3. 2000 4. ATT 5. Wireless: 6. OODB/CORBA 7. 2001Cellvic(JTEL): 8. CellvicOS/JVM 9. 2003 10. Samsung: 11. JVM 12. for 13. DTV/SimpleJIT 14. 2007 15. Aromasoft: 16. JVM 17. for 18. Mobile/JIT 19. Optimization/Dalvik 20. 2011 21. GE 22. korea: 23. Smart 24. appliance/Linux 25. 2012 26. SK: 27. Android/T-Store 28. ARM/Security 29. jungpil.@sk.com 30. 31. lifeisliving@naver.com 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. (?) 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. Dalvik 56. VM 57. 58. 59. 60. Dalvik 61. VM 62. 63. 64. VM 65. 66. 67. 5 68. , 69. 70. 130 71. 72. ? 73. A 74. Java 75. platform? 76. 77. 78. 79. 80. 81. ? 82. RIM? 83. NDK? 84. A 85. forked 86. Linux? 87. Why 88. linux? 89. Andy 90. Rubin: 91. was 92. a 93. Apple 94. Employee 95. 96. ? 97. 98. 99. 100. 101. linux 102. device? 103. 104. Linux: 105. Open 106. Source 107. mkdir 108. android 109. ; 110. cd 111. android 112. ; 113. repo 114. init 115. -u 116. git://android.git.kernel.org/platform/manifest.git 117. ; 118. repo 119. sync 120. ; 121. make 122. Java: 123. easy 124. to 125. learn, 126. many 127. developers 128. but 129. an 130. easy 131. language 132. for 133. reverse-enigneering 134. dex2jar, 135. APKTool, 136. JD-GUI, 137. APKInspector, 138. Smali, 139. Dedexer,,, 140. 141. !!! 142. 143. Just 144. a 145. linux 146. application 147. following 148. Google 149. guides 150. 151. Linux 152. Process 153. Dalvik 154. VM 155. Bionic 156. JNI 157. Is 158. that 159. all??? 160. Missing 161. something 162. PackageManager, 163. ActivityManager,,, 164. 165. Java? 166. No 167. more 168. on 169. Android!!! 170. Dalvik 171. VM 172. is 173. not 174. a 175. security 176. boundary!!! 177. But 178. Linux 179. Process 180. 181. Linux 182. UID/Group 183. ID: 184. 185. a 186. unique 187. id 188. based 189. on 190. its 191. signature 192. assigned 193. when 194. it 195. starts 196. Linux 197. DAC: 198. all 199. or 200. nothing 201. old 202. style 203. root 204. can 205. do 206. everything 207. RWX 208. 209. Permission 210. Need 211. to 212. be 213. described 214. on 215. AndroidMeanifest.xml 216. Binder 217. Kernel 218. Enforcement 219. group 220. ID 221. permission name=android.permission.INTERNET 222. 223. group gid=inet / /permission 224. Patch 225. Internet 226. 227. You 228. can 229. do 230. everything 231. in 232. your 233. process 234. You 235. can 236. use 237. Reflection/JNI 238. To 239. call 240. hidden/private 241. methods 242. To 243. get/set 244. private 245. fields 246. But 247. High 248. return, 249. High 250. risk!!! 251. ex) 252. Unity3D: 253. Using 254. Mono 255. VM 256. 257. Distribution 258. (SeVersion 259. Release 260. date 261. API 262. level 263. ptember 264. 4, 265. 2012) 266. 4.1.x 267. Jelly 268. Bean 269. July 270. 9, 271. 2012 272. 16 273. 1.2% 274. 4.0.x 275. Ice 276. Cream 277. Sandwich 278. October 279. 19, 280. 2011 281. 14-15 282. 20.9% 283. 3.x.x 284. Honeycomb 285. February 286. 22, 287. 2011 288. 11-13 289. 2.1% 290. 2.3.x 291. Gingerbread 292. December 293. 6, 294. 2010 295. 9-10 296. 57.5% 297. 2.2 298. Froyo 299. May 300. 20, 301. 2010 302. 8 303. 14% 304. 2.0, 305. 2.1 306. Eclair 307. October 308. 26, 309. 2009 310. 7 311. 3.7% 312. 1.6 313. Donut 314. September 315. 15, 316. 2009 317. 4 318. 0.4% 319. 1.5 320. Cupcake 321. April 322. 30, 323. 2009 324. 3 325. 0.2% 326. 327. NX 328. bit(No 329. eXecute): 330. 331. to 332. prevent 333. code 334. execution 335. on 336. heap 337. and 338. stack(2.3+) 339. Prelink: 340. Used 341. to 342. speed 343. up 344. boot 345. process 346. removed 347. to 348. prevent 349. return-to-libc 350. attacks(4.0+) 351. Address 352. Space 353. Layout 354. Randomization(4.0+) 355. randomize 356. key 357. locations 358. in 359. memory 360. PIE 361. (Position 362. Independent 363. Executable) 364. 365. supports 366. (4.1+) 367. 368. FileSystem 369. Encryption 370. 3.0+ 371. provides 372. full 373. filesystem 374. encryption. 375. 128bit 376. AES 377. key 378. derived 379. from 380. user 381. password 382. Credential 383. Storage 384. 385. 1.6+ 386. restricted 387. for 388. only 389. system 390. 4.0+ 391. provides 392. public 393. API 394. 395. 1st. 396. Protected 397. APK 398. /data/app: 399. apk 400. without 401. code 402. /data/app-private: 403. protected 404. by 405. filesystem 406. 2nd. 407. License 408. Verification 409. Library(LVL) 410. Google: 411. 2010/7 412. Amazon: 413. DRM, 414. T-Store:ARM 415. 3rd. 416. Encrypted 417. APK 418. Jelly 419. Bean 420. Temporary 421. Closed 422. but 423. 424. 425. ODEX 426. File: 427. optimized 428. dex 429. file 430. dex 431. file 432. Dalvik 433. Virtual 434. Machiodex 435. file 436. ne 437. Storage 438. (JIT 439. Compiler) 440. (reuse) 441. decompile 442. 443. hijacking 444. 4.0+ 445. provides 446. a 447. raw 448. dex 449. loading 450. API 451. 452. Without 453. ODEX!!! 454. 455. Applying 456. SELinux 457. in 458. Android 459. by 460. NSA 461. Linux 462. Security 463. Modules 464. Standard 465. Linux 466. Security 467. (Hooking) 468. Framework 469. from 470. v2.6 471. task 472. management 473. (creation, 474. signaling, 475. waiting), 476. program 477. loading 478. (execve), 479. file 480. system 481. management 482. (superblo ck, 483. inode, 484. and 485. filehooks), 486. IPC 487. (message 488. queues, 489. shared 490. memory, 491. and 492. semaphore 493. operations), 494. module 495. hooks 496. (i nsertion 497. and 498. removal), 499. and 500. network 501. hooks 502. (covering 503. sockets, 504. netlink, 505. network 506. devices, 507. and 508. other 509. protocol 510. inte rfaces) 511. 512. security.h 513. 514. 2012/1 515. AOSP 516. master 517. branch 518. added(HAVE_SELINUX) 519. in 520. external/libselinux 521. and 522. external/sepolicy 523. in 524. core/java 525. and 526. core/jni 527. SELinux.java, 528. AndroidRuntime.cpp, 529. android_os_SELinux.cpp 530. Slow 531. and 532. incremental 533. applying 534. expected 535. not 536. enforcing 537. mode 538. but 539. permissive 540. mode 541. Android 542. 5.0? 543. Need 544. to 545. consider 546. it! 547. 548. ARMs 549. HW 550. solution 551. Virtualized 552. processors 553. on 554. a 555. ARM 556. chip 557. Secure 558. World 559. can 560. read 561. Normal 562. World 563. But 564. Normal 565. World 566. cant 567. read 568. Secure 569. World 570. Already 571. on 572. Galaxy 573. S3!!! 574. 575. Use 576. Obfuscator 577. Use 578. Native 579. Code 580. Keep 581. data 582. on 583. your 584. server 585. Sorry, 586. Find 587. your 588. own 589. solutions! 590. 2011 591. Google 592. I/O 593. Evading 594. Pirates 595. and 596. Stopping 597. Vampires 598. using 599. License 600. Ve rification 601. Library, 602. In-App 603. Billing, 604. and 605. App 606. Engine 607. 2012.4 608. Code 609. Obfuscation 610. for 611. the 612. Amazon 613. In-App 614. 615. 616. Even 617. Android 618. has 619. many 620. security 621. problems, 622. it 623. is 624. an 625. ope n, 626. de-facto 627. platform 628. now 629. Its 630. getting 631. better 632. but 633. you 634. need 635. to 636. keep 637. your 638. data/cod e 639. by 640. your 641. own 642. ways 643. Its 644. openness 645. and 646. flexibility 647. could 648. give 649. some 650. chances 651. to 652. creative 653. developers 654. T-Store 655. promises 656. to 657. help 658. you 659. soon! 660. </p>