Ασφάλεια android - Βασικές αρχές, αδυναμίες και λύσεις
DESCRIPTION
Σύντομη παρουσίαση του μοντέλου ασφάλειας του Android, ενδεικτικών αδυναμιών του και λύσεων στο πλαίσιο εργασίας του μαθήματος "Προστασία και ασφάλεια πληροφοριών και συστημάτων" του μεταπτυχιακού προγράμματος στην Πληροφορική και Τηλεματική του Χαροκόπειου Πανεπιστημίου.TRANSCRIPT
- 1. [email protected] 22 2013
2. Android; Android; ; . . 3. Android (smartphones & tablets) Linux. Google OpenHandset Alliance. developers Java, Google. Android 5 2007, OpenHandset Alliance, 48 , hardware, . Google Android Apache License, . 4. 500 (9/2012)1,3 (9/2012) Android 5. developers smartphones (Mail, Contacts, Calendar, Facebook, Twitter .) (privacy) . 6. http://source.android.com/tech/security/ 7. O kernel Linux Android : (User-Based permission model) Inter-processcommunication kernel , o kernel Linux : A CPU (.., GPS, Bluetooth, Camera .) 8. The Application Sandbox UID GID app (Binders, Services, Intends, ContentProviders). 9. Dalvik VM security manager ( Core Libraries Libraries) VM 10. "" (permission) Android . . Permissions AndroidManifest.xml 11. Normalandroid.permission.VIBRATEandroid.alarm.permission.SET_ALARM Dangerousandroid.permission.SEND_SMSandroid.permission.CALL_PHONE Signatureandroid.permission.FORCE_STOP_PACKAGESandroid.permission.INJECT_EVENTS SignatureOrSystemandroid.permission.ACCESS_USBandroid.permission.SET_TIME 12. , (malware). 2011, Computer Science Department University ofCalifornia, Berkeley 25 Android. Permissions 95% CI permissions 4 (17% ) 5% to 37% 10 (42% ) 22% to 63% 10 (42% ) 22% to 63%Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D., Android permissions: User attention, comprehension, and behavior, 2012 13. permissions reviews developer 14. Android 2.2 (API 8) (APKs) (microSD .). Linux Android ( VFAT). Android 3.0 , by default. 15. Android . . 16. Armando, A., Merlo, A., Migliardi, M., Verderame, L.,Would you mind forking this process? A denial of service attack on android (andsome countermeasures), 2012 Zygote Android fork . Zygote socket. Armando, A., Merlo, A., Migliardi, M., Verderame, L., com.android.internal.util.WithFramework Zygote fork dummy Linux layer , android kill. . socket . 17. Zygote process fixZygote socket fix 18. http://source.android.com/tech/security/ Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.,Android permissions: User attention, comprehension, andbehavior, 2012 Armando, A., Merlo, A., Migliardi, M., Verderame, L., Wouldyou mind forking this process? A denial of service attack onandroid (and some countermeasures), 2012 19. [email protected]