History of Android Security – from linux to jelly bean

Download History of Android Security – from linux to jelly bean

Post on 22-Nov-2014




2 download

Embed Size (px)


Presentation for NHN Deview 2012 http://deview.kr/2012/xe/index.php?document_srl=442&dummy=1&mid=track


<ul><li> 1. About Me2000 AT&amp;T Wireless: OODB/CORBA2001Cellvic(JTEL): CellvicOS/JVM2003 Samsung: JVM for DTV/SimpleJIT2007 Aromasoft: JVM for Mobile/JIT Optimization/Dalvik2011 GE korea: Smart appliance/Linux2012 SK: Android/T-Store ARM/Security jungpil.@sk.com lifeisliving@naver.com </li> <li> 2. (?) Dalvik VM Dalvik VM VM </li> <li> 3. 5 , 130 ? A Java platform? ? RIM? NDK? A forked Linux? Why linux? Andy Rubin: was a Apple Employee ? linux device? </li> <li> 4. Linux: Open Source mkdir android ; cd android ; repo init -u git://android.git.kernel.org/platform/manifest.git ; repo sync ; make Java: easy to learn, many developers but an easy language for reverse-enigneering dex2jar, APKTool, JD-GUI, APKInspector, Smali, Dedexer,,, !!! </li> <li> 5. Just a linux application following Google guides </li> <li> 6. Linux Process Dalvik VM Bionic JNI Is that all??? Missing something PackageManager, ActivityManager,,, </li> <li> 7. Java? No more on Android!!! Dalvik VM is not a security boundary!!! But Linux Process </li> <li> 8. Linux UID/Group ID: a unique id based on its signature assigned when it starts Linux DAC: all or nothing old style root can do everything RWX </li> <li> 9. Permission Need to be described on AndroidMeanifest.xml Binder Kernel Enforcement group ID Patch Internet </li> <li> 10. You can do everything in your process You can use Reflection/JNI To call hidden/private methods To get/set private fields But High return, High risk!!! ex) Unity3D: Using Mono VM </li> <li> 11. Distribution (Se API leve Version Release date ptember 4, 201 l 2)4.1.x Jelly Bean July 9, 2012 16 1.2%4.0.x Ice Cream Sandwich October 19, 2011 14-15 20.9%3.x.x Honeycomb February 22, 2011 11-13 2.1%2.3.x Gingerbread December 6, 2010 9-10 57.5%2.2 Froyo May 20, 2010 8 14%2.0, 2.1 Eclair October 26, 2009 7 3.7%1.6 Donut September 15, 2009 4 0.4%1.5 Cupcake April 30, 2009 3 0.2% </li> <li> 12. NX bit(No eXecute): to prevent code execution on heap and stack(2.3+) Prelink: Used to speed up boot process removed to prevent return-to-libc attacks(4.0+) Address Space Layout Randomization(4.0+) randomize key locations in memory PIE (Position Independent Executable) supports (4.1+) </li> <li> 13. FileSystem Encryption 3.0+ provides full filesystem encryption. 128bit AES key derived from user password Credential Storage 1.6+ restricted for only system 4.0+ provides public API </li> <li> 14. 1st. Protected APK /data/app: apk without code /data/app-private: protected by filesystem 2nd. License Verification Library(LVL) Google: 2010/7 Amazon: DRM, T-Store:ARM 3rd. Encrypted APK Jelly Bean Temporary Closed but </li> <li> 15. ODEX File: optimized dex file dex file Dalvik Virtual odex file Machine Storage (JIT Compiler) (reuse) decompile hijacking 4.0+ provides a raw dex loading API Without ODEX!!! </li> <li> 16. Applying SELinux in Android by NSA Linux Security Modules Standard Linux Security (Hooking) Framework from v2.6 task management (creation, signaling, waiting), program loading (execve), file system management (superblock, inode, and filehooks), IPC (message queues, shared memory, and semaphore operations), module hooks (insertion and removal), and network hooks (covering sockets, netlink, network devices, and other protocol interfaces) security.h </li> <li> 17. 2012/1 AOSP master branch added(HAVE_SELINUX) in external/libselinux and external/sepolicy in core/java and core/jni SELinux.java, AndroidRuntime.cpp, android_os_SELinux.cpp Slow and incremental applying expected not enforcing mode but permissive mode Android 5.0? Need to consider it! </li> <li> 18. ARMs HW solution Virtualized processors on a ARM chip Secure World can read Normal World But Normal World cant read Secure World Already on Galaxy S3!!! </li> <li> 19. Use Obfuscator Use Native Code Keep data on your server Sorry, Find your own solutions! 2011 Google I/O Evading Pirates and Stopping Vampires using License Verification Library, In-App Billing, and App Engine 2012.4 Code Obfuscation for the Amazon In-App </li> <li> 20. Even Android has many security problems, it is an open, de-facto platform now Its getting better but you need to keep your data/code by your own ways Its openness and flexibility could give some chances to creative developers T-Store promises to help you soon! </li> </ul>