Security of the Android Operating System - of the Android Operating System Yury Zhauniarovich yury.zhauniarovich@unitn.it ... Android Security Internals

  • View
    212

  • Download
    0

Embed Size (px)

Text of Security of the Android Operating System - of the Android Operating System Yury Zhauniarovich...

  • Security of the Android

    Operating System

    Yury Zhauniarovichyury.zhauniarovich@unitn.it

    http://zhauniarovich.com

    University of Trento

    http://zhauniarovich.com/

  • About://

    M.Sc. in Computer Security from the Belarusian

    State University

    Ph.D. in Information and Communication Technology

    from the University of Trento

    The author of the free book Android Security

    (and Not) Internals [1]

    A reviewer of the book Android Systems

    Development How-to [2]

    A developer of several research prototypes based on

    Android OS (YAASE [3], CRePE [4], MOSES [5])

    Currently, a Postdoctoral Researcher at the University of Trento

    2

  • Outline

    General Bits and Pieces

    Android Architecture

    Android Security Internals

    Security Problems and Solutions

  • What is the codename of the

    following Android version?

    4

  • General Bits and Pieces

    Android Architecture

    Android Security Internals

    Security Problems and Solutions

  • Mobile Operating Systems

    6

  • Why Android?

    Open source system

    On about 85% of all new mobile devices (according to the last IDC report [6])

    A highly customized system (FacebookHome, Kindle Fire, different devices from China, CyanogenMod)

    Running on different platforms (TV, Wearable, Auto)

    Third-party applications can be easily developed

    We can test third-party applications without publishing them in Google Play

    1 million+ applications in Google Play

    7

  • History of Android (2002-2007)

    8

    2002:

    Andy Rubin, CEO of Danger Inc., showed the first phone Sidekick

    at Stanford

    Larry Page and Sergey Brin attended this event and became users

    of this phone

    2003:

    Rubin has left the company because the things did not go well

    In October, Andy Rubin, Rich Miner, Nick Sears, and Chris White

    founded Android Inc. in Palo Alto

    2005:

    In August, Android Inc. is acquired by Google

  • History of Android (2007-2009)

    9

    2007:

    November 5, Open Handset Alliance was announced

    The first product Android

    2008:

    In October, the first phone (HTC Dream) running Android 1.0 was

    presented

    2009:

    In April, Android 1.5 Cupcake was presented

    In September, Android 1.6 Donut appeared

    In October, Android 2.0 Eclair was announced together with a

    new phone Motorola Droid (Milestone)

  • History of Android (2010-2013)

    10

    2010: Google launched Nexus series with HTC Nexus One

    Google announced Android 2.3 Gingerbread, which was the most popular version till 2013, together with Samsung Nexus S

    Android popularity first surpassed Apple iPhones

    2011: Android 3.0 Honeycomb for tabs released with Motorola Xoom

    Android 4.0 Ice Cream Sandwich appeared combining two development branches

    2012: Android 4.1 Jelly Bean, 4.2 Jelly Bean

    2013: Android 4.3 Jelly Bean, 4.4 Kitkat

  • Android Versions

    Astro Boy and Bender were code names for pre-1.0 milestones

    11http://www.xda-developers.com/android/the-evolution-of-android-part-i/http://www.androidpolice.com/2012/09/17/a-history-of-pre-cupcake-android-codenames/

    http://www.xda-developers.com/android/the-evolution-of-android-part-i/http://www.xda-developers.com/android/the-evolution-of-android-part-i/http://www.xda-developers.com/android/the-evolution-of-android-part-i/http://www.xda-developers.com/android/the-evolution-of-android-part-i/http://www.xda-developers.com/android/the-evolution-of-android-part-i/http://www.xda-developers.com/android/the-evolution-of-android-part-i/http://www.xda-developers.com/android/the-evolution-of-android-part-i/http://www.xda-developers.com/android/the-evolution-of-android-part-i/http://www.xda-developers.com/android/the-evolution-of-android-part-i/http://www.xda-developers.com/android/the-evolution-of-android-part-i/http://www.xda-developers.com/android/the-evolution-of-android-part-i/http://www.xda-developers.com/android/the-evolution-of-android-part-i/http://www.xda-developers.com/android/the-evolution-of-android-part-i/http://www.xda-developers.com/android/the-evolution-of-android-part-i/http://www.androidpolice.com/2012/09/17/a-history-of-pre-cupcake-android-codenames/http://www.androidpolice.com/2012/09/17/a-history-of-pre-cupcake-android-codenames/http://www.androidpolice.com/2012/09/17/a-history-of-pre-cupcake-android-codenames/http://www.androidpolice.com/2012/09/17/a-history-of-pre-cupcake-android-codenames/http://www.androidpolice.com/2012/09/17/a-history-of-pre-cupcake-android-codenames/http://www.androidpolice.com/2012/09/17/a-history-of-pre-cupcake-android-codenames/http://www.androidpolice.com/2012/09/17/a-history-of-pre-cupcake-android-codenames/http://www.androidpolice.com/2012/09/17/a-history-of-pre-cupcake-android-codenames/http://www.androidpolice.com/2012/09/17/a-history-of-pre-cupcake-android-codenames/http://www.androidpolice.com/2012/09/17/a-history-of-pre-cupcake-android-codenames/http://www.androidpolice.com/2012/09/17/a-history-of-pre-cupcake-android-codenames/http://www.androidpolice.com/2012/09/17/a-history-of-pre-cupcake-android-codenames/http://www.androidpolice.com/2012/09/17/a-history-of-pre-cupcake-android-codenames/

  • Android Version Share

    12

    Data collected during a 7-day period

    ending on August 12, 2014.

    https://developer.android.com/about/dashboards/index.html

    http://www.xda-developers.com/android/the-evolution-of-android-part-i/https://developer.android.com/about/dashboards/index.html

  • What is the codename of

    Android version 1.1?

    13

  • General Bits and Pieces

    Android Architecture

    Android Security Internals

    Security Problems and Solutions

  • Android Stack

    15

  • Linux Kernel

    Linux Kernel is used:

    Memory management

    Process management

    Security module

    Networking

    etc

    Android Enhancements:

    Ashmem

    Power management

    Binder IPC

    Logger

    etc

    16

  • Native Userspace

    Components

    Hardware Abstraction Layer

    Init / Toolbox

    Native Daemons (rild, adbd, vold, etc)

    Native Libraries

    Libraries:

    2D and 3D graphics

    Media codecs

    Font rendering

    SSL

    The core of web browser

    Bionic libc

    17

  • Android Runtime

    Dalvik VM:

    Virtual machine for Android to run applications

    Provides application portability

    Supports multiple instances

    CPU and memory optimized to run on mobile devices

    Core Libraries:

    Data structures

    Utilities

    File access

    Network access

    Graphics

    etc.

    18

  • Application Framework

    System Services:

    Essential services to the Android platform: ActivityManager Service

    PackageManager Service

    PowerManager Service

    etc.

    Hardware access services: Telephony Service

    Location Service

    Bluetooth Service

    etc.

    Framework Libraries:

    Provide API to services: Activity Manager

    Package Manager

    Power Manager

    Location Manager

    Sensor Manager

    Telephony Manager

    etc.

    19

  • Applications

    System apps:

    Supplied with the platform Email application

    SMS application

    Contacts

    Phone

    Browser

    etc.

    Third-party apps:

    Apps produced by third-party developers Evernote

    Facebook

    Dropbox

    Feedly

    Chrome

    etc.20

  • Android Stack

    21

  • General Bits and Pieces

    Android Architecture

    Android Security Internals

    Security Problems and Solutions

  • General Overview

    Linux Kernel:

    Application Sandboxing

    Android Middleware:

    IPC Reference Monitor

    23

  • Android Security Internals

    Linux Kernel Level

    Native Userspace Level

    Application Framework Level

    Application Level

  • Linux DAC

    25

    Subject

    user: user_xgroup: group_g

    Object

    Owner:owner: user_y

    group: group_g

    ACL:owner: rwx (7)

    group: rw- (6)

    others: r-- (4)

    Action:write

    Process

    FileSocket

  • Application Sandboxing

    Each app during installation:

    receives a distinct UID

    receives a distinct primary GID

    may receive membership in additional groups

    UID and primary GID do not change during apps life on a device

    Each app process runs under its own UID

    All app resources are owned by its UID

    AID (Android ID) == UID26

  • System Defined AIDs

    UID range 1000-9999 is reserved

    The values used to control access to:

    some system components (radio, camera, etc.)

    through running system processes with specified identities

    through assigning system components (unix-sockets, files, drivers) certain owners and permissions

    networking capabilities (paranoid networking patches)

    The values used in Android are hardcoded in android_filesystem_config.h

    27

  • System Defined AIDs

    28

    system/core/include/private/android_filesystem_config.h

  • System Component Protection

    29

    Camera

    /dev/cam

    Owner:owner: root (0)

    group: camera (1006)

    ACL:owner: rw- (6)

    group: rw- (6)

    others: --- (0)

  • Paranoid Networking Patches

    Vanilla Linux: by default all processes have access to network