Android Security #1. Prabhaker Mateti A frst lecture on Android Security, assuming familiarity with Android Internals.
|
|
- Warren Freeman
- 5 years ago
- Views:
Transcription
1 Android Security #1 Prabhaker Mateti A frst lecture on Android Security, assuming familiarity with Android Internals.
2 Pwned Pwn is a leetspeak slang term derived from the verb own, as meaning to appropriate or to conquer to gain ownership Your Android device is now pwned by me A real possibility in 201x. Not because it was stolen. Through malware. Anything you can 2
3 No 100% Secure Devices Exist 1. Every OS in use today has 1000s of bugs. 2. No software longer than 1000 SLOC is bug-free 3. TCP/IP suite designed without security as a goal. 4. State of the Art: Do not know how to develop without security holes 5. Ability to exploit these holes is increasing. 3
4 Screen Lock, Enable Screen Lock Slide Connect the Dots (Pattern) PIN Password Face Unlock Finger print All exploited already Security Settings Apps from Unknown Device Admins Verify Apps Trusted CA SMS limit per minute Install a Stolen Device Location App Kill switc 4
5 Labeling People Hacker One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. Noobie Whitehat Whitehats are the "good" guys. They Attackers Script kiddies A script kiddie is an unskilled individ ual who uses scripts or programs developed by others to attack computer systems. Blackhat Blackhats are the "bad" guys in that they use their 5
6 Security/Privacy of Android Devices All the security/privacy issues of Mobile Computing Linux OS Specifc to the Android Application framework AndroidManifest.xml Activity, Service, Provider, We focus on Android Mateti Android Security #1 6
7 Breadth of MobiComp Security Issues Mobile Computing includes standard TCP/IP networking Wi-Fi, Access Points, WEP, WPA, bluetooth, cellular, networking So all network security relevant Additional areas of concern theft/loss of mobile device and its content limited computational power limited storage capacity 7
8 Security Philosophy Prevent vulnerabilities and security breaches Minimize their impact Detect vulnerabilities and security breaches when they happen React swiftly afterwards 8
9 Prevent Prevent before they happen Design and build better source code Examined by security experts Prevent installation of bad apps. Runtime Vigil Test for known security issues Bufer Overfow Attacks ProPolice stack overfow protection Heap protection in dlmalloc Remote (via Network) attacks Media codecs 9
10 Apps From Unknown Google Play does check the APK. But dynamic analysis tools do fail Sources s.com/2014/05/dynam ic-analysis-tools-f or-android-fail.htm l Before install Android checks. Settings > Security > Verify apps. Apps from identifable sources Code signing Trust To install apps from other sources, go to Settings > Security, then touch the box next to Unknown sources. 10
11 Better Design + Build Android Code Complexity 5+ million lines of code on top of Linux kernel Uses 100+ libraries open source can't rely on obscurity Code audits Secure Code Dev Edu Correct by design? Known to be free of bugs via thorough testing? Can compilers and other build tools be Trojans? Yes. K&R Turing Lecture. 11
12 Keep Software Up-to-date Every OS should be responsible for: Automatically updating itself Providing a central update system for third-party applications Auto updaters Android Over-The- Air update system (OTA) User interaction is optional No additional computer or cable is required Very high update rate 12
13 Minimize the Impact of Security Holes Traditional OS security Host based User separation Same origin policy webmail cannot access banking app Mobile OS are for single users Sandboxed Each app runs as a process owned by its own UID. 13
14 Detection of Security Holes Fuzzing Testing via invalid, unexpected, or random data as the inputs org/wiki/fuzz_testin g Enable everyone to detect. Everyone: Users Developers Security Researcher s Honeypot A sting operation. A trap set to detect, defect, or counteract unauthorized use of systems. (computing) 14
15 React to Security Incidents Suppose we discovered a security incident. What to do now? Shut the device down? How long does it take? Meanwhile Collect info. But, how and what? Answers are non- For enterprise situations osoft.com/en-us/lib rary/ cc aspx / groups/ SMA/ fasp/ documents/ incident_response / Incident-Response - Guide.pdf 15
16 Android Platform Security Architecture Security at the OS through the Linux kernel Mandatory application sandbox Secure IPC (inter-process communication) Application signing Application-defned and user-granted permissions 16
17 Linux Security Linux is used in millions of securitysensitive environments. constantly being researched, attacked, and fxed by thousands of developers Linux has become trusted by many A user-id-based permissions model Process isolation Extensible mechanism for secure IPC The ability to remove unnecessary and potentially insecure parts of the 17 kernel
18 Android Security Basics Apps have NO permissions, by default Permissions list: Manifest.permission Apps declare the permissions required in source code AndroidManifest.xml e.g., <uses-permission android:name = "android.permission.receive_sms" /> Android system prompts the user for 18 consent at the time the application is
19 Code Injection The virtual memory model of processes in execution consists of Code pages and segments. Assumed not writeable. Readable and Executable. Text Stack of variables local to method/proc/func Heap of objects dynamically allocated. Should a CPU fetch code from Stack 19
20 Code Injection #2 Code injection was often called Bufer Overfow because of the technique used to inject. Abstract idea: Masquerade code as data. Transfer control to this data. Other concrete versions Format strings SQL injection Remote fle injecttion Cross-site scripting 20
21 Qs on the State of the Art Without reading the source code, can we detect that an app contains (malicious) code injection? With reading? Recall the size of software. Can we prevent the execution of such? Can we detect that it happened (after the fact)? 21
22 Android Security Features Hardware-based No execute (NX) to prevent code execution on the stack and heap ProPolice canaries to prevent stack bufer overruns safe-iop safe integer op lib for C Extensions to dlmalloc to prevent double free() exploits Linux mmap_min_addr() to mitigate null pointer dereference privilege 22
23 Safe Mode When the device is in Safe Mode only core Android applications are available. free of third-party software. A user can boot into safe mode. Some non-obvious button presses. Android detects a problem and goes into the safe mode. 23
24 OS protected APIs Cost-Sensitive APIs Telephony SMS/MMS Network/Data connections In-App Billing NFC Access Personal Information Sensitive Data Input Devices Location data (GPS) Camera functions Microphone Bluetooth functions 24
25 Interprocess Communication Standard IPC fle system, local sockets, or signals. Linux permissions still apply. Binder: RPC mechanism for inprocess and crossprocess calls. Via a custom Linux driver. Services: interfaces directly accessible using binder. Intents: A message object that represents an "intention" to do something. ContentProviders: A data storehouse 25
26 Application Signing CA = certifcate authority Why self signing? Market ties identity to developer account CAs have had major problems with fdelity in the past No applications are trusted. No "magic key" All.apk fles must be signed with a certifcate identifes the author of the application. does not need to be signed by a CA 26
27 Application Signing #2 What does signing determine? Shared UID for shared keys Self-updates If the public key matches, the new APK may request to share UID of the other APK. Allows the system to grant or deny access signature-level perm issions request to be given the same Linux ident ity as another app 27
28 User IDs and File Access Each apk is assigned a distinct Linux UID no /etc/passwd as in Linux diferent device => may have a diferent UID fles created by apk are owned by this user Shared UID feature Two applications can share UIDs More interactivity 28
29 Android Permissions Whitelist model Allow minimal access by default User accepted access Facilitate asking users fewer questions Make questions more understandable 200+ permissions 29 More granularity
30 Permissions #2 PERMISSION_GRAN TED or PERMISSION_DENI ED Context.checkPermi ssion (String, pid, uid) Context.checkCalli ngpermission () Arbitrarily fnegrained permissions 30
31 Android Sandbox The sandbox is based on separation of processes fle permissions Authenticated IPC Sandboxes native code and sys applications Each application is a diferent user ; its own UID runs in its own Linux process its own Dalvik VM 31
32 Application Sandbox Place access controls close to the resource, not in the VM Smaller perimeter easier to protect Default Linux applications have too much power Lock down user access for a "default" application Fully locked down applications limit innovation Relying on users making correct 32
33 File System Encryption Full fle system encryption AES128 Password random salt CPU and mem intense id.com/devices/tech /encryption/ Encryption on Android uses the dm-crypt layer in the Linux kernel. Works at the block device layer. Emmc and similar Android volume daemon (vold) Android 3.0 and later 33
34 Rooting of Android Devices root uid == 0 as in Linux has full access to all applications and all application data system the kernel and sys applications Boot Loaders embedded system boot techniques Locked : Check a signature of the OS fles being booted, or installed. 34
35 SIM Card Access Low level access to the SIM card is not available to third-party apps. The OS handles all communications with the SIM card including access to personal information (contacts, ) on the SIM card memory. Apps also cannot access AT commands, as these are managed exclusively by the Radio Interface Layer (RIL). The RIL provides no high 35
36 GSM/CDMA Vulnerabilities GSM = Global System for Moblie Communication GSM: Largest Mobile network in the world GSM: 3.8 billion phones on network USA GSM: AT&T, T- Mobile CDMA: Others Crack GSM encryption Can crack encryption in under 30 seconds Allows for undetectable eves dropping gsm/ simtoolkit Similar exploits available for CDMA 36
37 SMS Vulnerabilities SMS = Short Messaging System GSM uses two signal bands: control, data. SMS operates entirely on the control band. High volume text messaging can disable the control band, which also disables voice calls. Can render entire city 911 services unresponsive. 37
38 MMS Vulnerabilities MMS = Multimedia Messaging Service Insecure data protocol for GSM Extends SMS, allows for WAP connectivity Exploit of MMS can drain battery 22x faster Multiple UDP requests are sent concurrently, draining the battery as it responds to request Mateti Does not expose Android data Security #1 38
39 Bluetooth Vulnerabilities Bluetooth Short range wireless communication protocol Requires no authentication, just pairing An attack could take over Bluetooth device. Attacker would have access to all data on the Bluetooth enabled device 39 ing
40 A Study of Android Market Apps 40
41 Information Misuse by Apps Phone identifers phone number, IMEI (device identifer), I MSI (subscriber identifer), and ICC-ID (SIM card serial number). Phone identifers are frequently leaked through plaintext requests. Phone identifers are used as device fnger prints. to track individual users. for ad and analytics servers. 41
42 Android Privacy Private information is written to Android s general logging interface. Apps broadcast private information in IPC accessible to all applications. A few apps are vulnerable to forging attacks to dynamic broadcast receivers. Some apps defne intent addresses based on IPC input. 42
43 Null Pointers Null dereferences cause an application to crash, and can thus be used to as a DoS (denial of service). Apps should perform null checks on IPC input. 43
44 More Privilege Separation Media codecs are very complex very insecure Won't fnd all the issues in media libraries Banish OpenCore media library to a lesser privileged process mediaserver Immediately paid of Charlie Miller reported a vulnerability in our MP3 parsing Mateti Android Security #1 44 CERT
45 References Android Security Overview, ndex.html -android-security-basics Google's director of Android Security explains the operating system's builtin security features. Aug 30, 2016
Security Philosophy. Humans have difficulty understanding risk
Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy
More information2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions
2 Lecture Embedded System Security A.-R. Sadeghi, @TU Darmstadt, 2011-2014 Android Security Extensions App A Perm. P 1 App B Perm. P 2 Perm. P 3 Kirin [2009] Reference Monitor Prevents the installation
More informationLecture 10. Denial of Service Attacks (cont d) Thursday 24/12/2015
Lecture 10 Denial of Service Attacks (cont d) Thursday 24/12/2015 Agenda DoS Attacks (cont d) TCP DoS attacks DNS DoS attacks DoS via route hijacking DoS at higher layers Mobile Platform Security Models
More informationLecture 2 PLATFORM SECURITY IN ANDROID OS
Lecture 2 PLATFORM SECURITY IN ANDROID OS You will be learning: Android as a software platform Internals and surrounding ecosystem Security techniques in Android: Application signing Application isolation
More informationCh 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated
Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture
More informationAdvanced Diploma on Information Security
Course Name: Course Duration: Prerequisites: Course Fee: Advanced Diploma on Information Security 300 Hours; 12 Months (10 Months Training + 2 Months Project Work) Candidate should be HSC Pass & Basic
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationSymantec Endpoint Protection Family Feature Comparison
Symantec Endpoint Protection Family Feature Comparison SEP SBE SEP Cloud SEP Cloud SEP 14.2 Device Protection Laptop, Laptop Laptop, Tablet Laptop Tablet & & Smartphone Smartphone Meter Per Device Per
More informationEthical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition
Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition Chapter 7 Hacking Mobile Phones, PDAs, and Handheld Devices Objectives After completing this chapter,
More informationLecture Embedded System Security
Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2011 Overview Introduction Android Software Stack Android
More informationLaura Arribas Vodafone WAC 6th ETSI Security Workshop January ETSI, Sophia Antipolis, France
Security in WAC Laura Arribas Vodafone WAC (laura.arribas@vodafone.com) 6th ETSI Security Workshop 19 20 January 2011 - ETSI, Sophia Antipolis, France The largest wholesale applications platform Money
More informationAndroid Samsung Galaxy S6 Edge
Android 6.0.1 Samsung Galaxy S6 Edge Access your quick menu by using two fingers to pull down the menu from the top-center of the screen. You can use this to quickly turn your Wi-Fi, Location, Bluetooth,
More informationThe Case for Security Enhanced (SE) Android. Stephen Smalley Trusted Systems Research National Security Agency
The Case for Security Enhanced (SE) Android Stephen Smalley Trusted Systems Research National Security Agency Background / Motivation Increasing desire to use mobile devices throughout the US government.
More informationChapter 2. Operating-System Structures
Chapter 2 Operating-System Structures 2.1 Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System Calls System Programs Operating System
More informationSmartphone Security Overview
Smartphone Security Overview Jagdish Prasad Achara Speaker, Claude Castelluccia ENSIMAG, Grenoble 11 décembre 2013 J. P. Achara, C. Castelluccia (ENSIMAG, Grenoble) Smartphone Security Overview 11 décembre
More informationSecurity and Authentication
Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed
More informationSecure coding practices
Secure coding practices www.infosys.com/finacle Universal Banking Solution Systems Integration Consulting Business Process Outsourcing Secure coding practices Writing good code is an art but equally important
More informationAndroid - open source mobile platform
Android - open source mobile platform Alexander Schreiber http://www.thangorodrim.de/ Chemnitzer Linux-Tage 2009 Alexander Schreiber Android - open source mobile
More informationFAQ for KULT Basic. Connections. Settings. Calls. Apps. Media
FAQ for KULT Basic 1. What do the Icons mean that can be found in notifications bar at the top of my screen? 2. How can I move an item on the home screen? 3. How can I switch between home screens? 4. How
More informationOperating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
More informationWireless Attacks and Countermeasures
Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections
More informationAndroid Internals and the Dalvik VM!
Android Internals and the Dalvik VM! Adam Champion, Andy Pyles, Boxuan Gu! Derived in part from presentations by Patrick Brady, Dan Bornstein, and Dan Morrill from Google (http://source.android.com/documentation)!
More informationAndroid System Architecture. Android Application Fundamentals. Applications in Android. Apps in the Android OS. Program Model 8/31/2015
Android System Architecture Android Application Fundamentals Applications in Android All source code, resources, and data are compiled into a single archive file. The file uses the.apk suffix and is used
More informationLecture 08. Android Permissions Demystified. Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner. Operating Systems Practical
Lecture 08 Android Permissions Demystified Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner Operating Systems Practical 20 November, 2013 OSP Lecture 08, Android Permissions Demystified
More informationISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo
ISC2 Exam Questions CISSP Certified Information Systems Security Professional (CISSP) Version:Demo 1. How can a forensic specialist exclude from examination a large percentage of operating system files
More informationAnother difference is that the kernel includes only the suspend to memory mechanism, and not the suspend to hard disk, which is used on PCs.
9. Android is an open-source operating system for mobile devices. Nowadays, it has more than 1.4 billion monthly active users (statistic from September 2015) and the largest share on the mobile device
More informationOffense & Defense in IoT World. Samuel Lv Keen Security Lab, Tencent
Offense & Defense in IoT World Samuel Lv Keen Security Lab, Tencent Keen Security Lab of Tencent Wide coverage of software and hardware security research Mainstream PC & Mobile Operating Systems Mainstream
More informationMU2a Authentication, Authorization & Accounting Questions and Answers with Explainations
98-367 MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations Which are common symptoms of a virus infection? (Lesson 5 p 135-136) Poor system performance. Unusually low
More informationApplications Mobiles et Internet des Objets Introduction a l architecture d Android
Applications Mobiles et Internet des Objets Introduction a l architecture d Android Thibault CHOLEZ - thibault.cholez@loria.fr TELECOM Nancy - Universite de Lorraine LORIA - INRIA Nancy Grand-Est From
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including
More informationQuick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.
Free protection for your Android phone against virus attacks, unwanted calls, and theft. Product Highlights With an easy-to-update virus protection and a dynamic yet simple interface, virus removal from
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationThe Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez
The Attacker s POV Hacking Mobile Apps in Your Enterprise to Reveal Real Vulns and Protect the Business Tony Ramirez AGENDA & SPEAKERS Introduction Attacks on Mobile Live Demo Recommendations Q&A Tony
More informationANDROID NATIVE APP: INTRODUCTION TO ANDROID. Roberto Beraldi
ANDROID NATIVE APP: INTRODUCTION TO ANDROID Roberto Beraldi Role of an operating system APPLICATIONS OPERATING SYSTEM CPU MEMORY DEVICES Android = OS + Middleware Based on Linux Not just another distribution.
More informationIJRDTM Kailash ISBN No Vol.17 Issue
ABSTRACT ANDROID OPERATING SYSTEM : A CASE STUDY by Pankaj Research Associate, GGSIP University Android is a software stack for mobile devices that includes an operating system, middleware and key applications.
More informationBeta Mobile app Testing guidelines
Beta Mobile app Testing guidelines Quality Assurance (QA) plays an important role in the mobile applications development life cycle, but many overlook the critical nature of this piece of the app development
More informationQuick Heal Mobile Security. Anti-Theft Security. Real-Time Protection. Safe Online Banking & Shopping.
Anti-Theft Security. Real-Time Protection. Safe Online Banking & Shopping. Product Highlights With an easy-to-update virus protection and a dynamic yet simple interface, virus removal from your mobile
More informationPass, No Record: An Android Password Manager
Pass, No Record: An Android Password Manager Alex Konradi, Samuel Yeom December 4, 2015 Abstract Pass, No Record is an Android password manager that allows users to securely retrieve passwords from a server
More informationSecuring Devices in the Internet of Things
AN INTEL COMPANY Securing Devices in the Internet of Things WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe
More informationIntroduction to Computer Security
Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu 1 Introduction So you can specify a well-thought-out policy and a concrete model now what? Now it s time for a system
More informationLecture 3 MOBILE PLATFORM SECURITY
Lecture 3 MOBILE PLATFORM SECURITY You will be learning: What techniques are used in mobile software platform security? What techniques are used in mobile hardware platform security? Is there a common
More informationPROTECTION FOR EVERY ENTERPRISE. How BlackBerry Security Works. Whitepaper. Brochure. Whitepaper
1 PROTECTION FOR EVERY ENTERPRISE How Security Works Whitepaper Whitepaper Brochure 2 Why Mobile Security Matters More than Ever The BYOD trend has re-shaped enterprise mobility. While its pros and cons
More informationG/On OS Security Model
Whitepaper G/On OS Security Model Technical Whitepaper with Excitor comments on CESG Guidance 1 About this document This document describes the security properties of G/On OS, which is a Linux based, client
More informationAdvanced Android Security APIs. KeyStore and Crypto VPN
Advanced Android Security APIs KeyStore and Crypto VPN 1 KEYCHAIN AND CRYPTO APIS Like any other OS: support for crypto operations - SecureRandom: generate cryptographically secure random data E.g., seeding
More informationQuick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.
Quick Heal Mobile Security Free protection for your Android phone against virus attacks, unwanted calls, and theft. Product Highlights Complete protection for your Android device that simplifies security
More informationCSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno
CSE 484 / CSE M 584: Computer Security and Privacy Anonymity Mobile Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli,
More informationBreaking and Securing Mobile Apps
Breaking and Securing Mobile Apps Aditya Gupta @adi1391 adi@attify.com +91-9538295259 Who Am I? The Mobile Security Guy Attify Security Architecture, Auditing, Trainings etc. Ex Rediff.com Security Lead
More information3CX Mobile Device Manager
3CX Mobile Device Manager Manual 1 Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationHACKING TIZEN THE OS OF EVERYTHING. AJIN
HACKING TIZEN THE OS OF EVERYTHING AJIN ABRAHAM @ajinabraham WHOMAI Application Security Engineer,Yodlee Blogs at opensecurity.in Spoken at NULLCON, ClubHack, OWASP AppSec, BlackHat, Ground Zero Summit.
More informationios vs Android By: Group 2
ios vs Android By: Group 2 The ios System Memory Section A43972 Delta Core OS Layer Core Services Layer Media Layer CoCoa Touch Layer Memory Section A43972 Delta Aaron Josephs Core OS Layer - Core OS has
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including steep financial losses, damage
More information1.1 1.2 2.1 2.2 2.3 3.1 3.2 INTRODUCING YOUR MOBILE PHONE Learn about your mobile phone s keys, display and icons. Keys From the front view of your phone you will observe the following elements: (See 1.1
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationCS 290 Host-based Security and Malware. Christopher Kruegel
CS 290 Host-based Security and Malware Christopher Kruegel chris@cs.ucsb.edu Windows Windows > 90 % of all computers run Windows when dealing with security issues, it is important to have (some) knowledge
More informationSHWETANK KUMAR GUPTA Only For Education Purpose
Introduction Android: INTERVIEW QUESTION AND ANSWER Android is an operating system for mobile devices that includes middleware and key applications, and uses a modified version of the Linux kernel. It
More informationImproving Security in Embedded Systems Felix Baum, Product Line Manager
Improving Security in Embedded Systems Felix Baum, Product Line Manager The Challenge with Embedded Security Business Imperatives Security Imperatives I need to keep my production expenses as low as possible.
More informationAutomotive Anomaly Monitors and Threat Analysis in the Cloud
Automotive Anomaly Monitors and Threat Analysis in the Cloud Dr. André Weimerskirch Vector Automotive Cyber Security Symposium October 12, 2017 Cybersecurity Components Secure Internal & External Communications
More informationChapter 2: Operating-System Structures
Chapter 2: Operating-System Structures Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System Calls System Programs Operating System
More informationECE 471 Embedded Systems Lecture 22
ECE 471 Embedded Systems Lecture 22 Vince Weaver http://www.eece.maine.edu/~vweaver vincent.weaver@maine.edu 31 October 2018 Don t forget HW#7 Announcements 1 Computer Security and why it matters for embedded
More informationMOBILE THREAT PREVENTION
MOBILE THREAT PREVENTION BEHAVIORAL RISK ANALYSIS AN ADVANCED APPROACH TO COMPREHENSIVE MOBILE SECURITY Accurate threat detection and efficient response are critical components of preventing advanced attacks
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationSECURE CODING PART 1 MAGDA LILIA CHELLY ENTREPRENEUR CISO ADVISOR CYBERFEMINIST PEERLYST BRAND AMBASSADOR TOP 50 CYBER CYBER
SECURE CODING PART 1 MAGDA LILIA CHELLY ENTREPRENEUR CISO ADVISOR CYBERFEMINIST PEERLYST BRAND AMBASSADOR TOP 50 CYBER INFLUENCER @RESPONSIBLE CYBER 1 AGENDA 1. Introduction: What is security? How much
More informationCourse Outline (version 2)
Course Outline (version 2) Page. 1 CERTIFIED SECURE COMPUTER USER This course is aimed at end users in order to educate them about the main threats to their data s security. It also equips the students
More informationVerification & Validation of Open Source
Verification & Validation of Open Source 2011 WORKSHOP ON SPACECRAFT FLIGHT SOFTWARE Gordon Uchenick Coverity, Inc Open Source is Ubiquitous Most commercial and proprietary software systems have some open
More informationChapter 2: System Structures
Chapter 2: Operating System Structures Operating System Services System Calls Chapter 2: System Structures System Programs Operating System Design and Implementation Operating System Structure Virtual
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.1: OS Security Basics of secure design Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Dan Boneh (Stanford)
More informationSecuring Today s Mobile Workforce
WHITE PAPER Securing Today s Mobile Workforce Secure and Manage Mobile Devices and Users with Total Defense Mobile Security Table of Contents Executive Summary..................................................................................
More informationPutting It (almost) all Together: ios Security. Konstantin Beznosov
Putting It (almost) all Together: ios Security Konstantin Beznosov BSD based OS Chain of trust during boot Secure Enclave Effaceable Storage (Secure deletion) Touch Id (Usable authentication) Per file
More informationEnterprise Security Solutions by Quick Heal. Seqrite.
Enterprise Security Solutions by Quick Heal Seqrite Infinite Devices. One Unified Solution. A simple yet powerful solution, Seqrite is a unified platform for managing and monitoring multiple mobile devices
More informationCERTIFIED SECURE COMPUTER USER COURSE OUTLINE
CERTIFIED SECURE COMPUTER USER COURSE OUTLINE Page 1 TABLE OF CONTENT 1 COURSE DESCRIPTION... 3 2 MODULE-1: INTRODUCTION TO DATA SECURITY... 4 3 MODULE-2: SECURING OPERATING SYSTEMS... 6 4 MODULE-3: MALWARE
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationAndroid App Development
Android App Development Outline Introduction Android Fundamentals Android Studio Tutorials Introduction What is Android? A software platform and operating system for mobile devices Based on the Linux kernel
More informationCYBERSECURITY RISK LOWERING CHECKLIST
CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they
More informationChapter 2: Operating-System Structures. Operating System Concepts 9 th Edition
Chapter 2: Operating-System Structures Silberschatz, Galvin and Gagne 2013 Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System
More informationCHAPTER 2: SYSTEM STRUCTURES. By I-Chen Lin Textbook: Operating System Concepts 9th Ed.
CHAPTER 2: SYSTEM STRUCTURES By I-Chen Lin Textbook: Operating System Concepts 9th Ed. Chapter 2: System Structures Operating System Services User Operating System Interface System Calls Types of System
More informationThe Android security jungle: pitfalls, threats and survival tips. Scott
The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab The Jungle Ecosystem Google s protection Threats Risks Survival Network Data protection (encryption) App/device
More informationOutline. V Computer Systems Organization II (Honors) (Introductory Operating Systems) Language-based Protection: Solution
Outline V22.0202-001 Computer Systems Organization II (Honors) (Introductory Operating Systems) Lecture 21 Language-Based Protection Security April 29, 2002 Announcements Lab 6 due back on May 6th Final
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationBraindumpsVCE. Best vce braindumps-exam vce pdf free download
BraindumpsVCE http://www.braindumpsvce.com Best vce braindumps-exam vce pdf free download Exam : SY0-501 Title : CompTIA Security+ Certification Exam Vendor : CompTIA Version : DEMO Get Latest & Valid
More informationNew Technologies for Cyber Security
New Technologies for Cyber Security Presented by Jim Davidson jdavidson@osisoft.com Security Products Manager OSIsoft, LLC Bryan Owen bowen@osisoft.com Cyber Security Manager OSIsoft, LLC 2 How Do Breaches
More informationCS 155 Final Exam. CS 155: Spring 2012 June 11, 2012
CS 155: Spring 2012 June 11, 2012 CS 155 Final Exam This exam is open books and open notes. You may use course notes and documents that you have stored on a laptop, but you may NOT use the network connection
More informationAchieving End-to-End Security in the Internet of Things (IoT)
Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationBuffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationQuick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.
Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping. Product Highlights Complete protection for your Android device that simplifies security and significantly
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More informationIntroduction to Information Security Dr. Rick Jerz
Introduction to Information Security Dr. Rick Jerz 1 Goals Explain the various types of threats to the security of information Discuss the different categorizations of security technologies and solutions
More informationSandboxing Untrusted Code: Software-Based Fault Isolation (SFI)
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI) Brad Karp UCL Computer Science CS GZ03 / M030 9 th December 2011 Motivation: Vulnerabilities in C Seen dangers of vulnerabilities: injection
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationKey Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge
Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering Key Threats Code Red and Nimda (2001), Blaster (2003), Slammer
More informationCh 9: Mobile Payments. CNIT 128: Hacking Mobile Devices. Updated
Ch 9: Mobile Payments CNIT 128: Hacking Mobile Devices Updated 4-24-17 Current Generation Scenarios Mobile banking apps NFC-based or barcode-based payment apps used by consumers to purchase goods Premium-rated
More informationTolerating Malicious Drivers in Linux. Silas Boyd-Wickizer and Nickolai Zeldovich
XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory,...
More informationFirefox OS App Days. Overview and High Level Architecture. Author: José M. Cantera Last update: March 2013 TELEFÓNICA I+D
Firefox OS App Days Overview and High Level Architecture Author: José M. Cantera (@jmcantera) Last update: March 2013 TELEFÓNICA I+D 1 Introduction What is Firefox OS? A new mobile open OS fully based
More information5 Tips to Fortify your Wireless Network
Article ID: 5035 5 Tips to Fortify your Wireless Network Objective Although Wi-Fi networks are convenient for you and your employees, there may be unwanted clients using up the bandwidth you pay for. In
More informationIS THERE A HOLE IN YOUR RISC-V SECURITY STACK? JOTHY ROSENBERG DOVER MICROSYSTEMS
IS THERE A HOLE IN YOUR RISC-V SECURITY STACK? JOTHY ROSENBERG DOVER MICROSYSTEMS I understand the difference in destruction is dramatic, but this has a whiff of August 1945. Someone just used a new weapon,
More informationSecurity Enhancements
OVERVIEW Security Enhancements February 9, 2009 Abstract This paper provides an introduction to the security enhancements in Microsoft Windows 7. Built upon the security foundations of Windows Vista, Windows
More information19.1. Security must consider external environment of the system, and protect it from:
Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT 19.1 The Security Problem Security must consider external
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More information