A Secure and Reliable Document Management System is Essential.docx
Android Security Internals
1. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 1/68
Android Security InternalsAndroid Security Internals
Embedded World 2019Embedded World 2019
2. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 2/68
CC-BY-SA 3.0 - Attribution requirements and misc.,
PLEASE READ:
This slide must remain as-is in this specific location (slide #1),
everything else you are free to change; including the logo :-)
Use of figures in other documents must feature the below "Originals
at" URL immediately under that figure and the below copyright
notice where appropriate.
You are FORBIDDEN from using the default "About" slide as-is or
any of its contents.
Copyright (C) 2019, Opersys inc.
These slides created by: Karim Yaghmour
Originals at: http://www.opersys.com/training/
8. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 8/68
Taken from "Thompson -- Reflections on Trusting Trust -- Turing Award
Lecture, 1984"
9. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 9/68
/ Also at
/ Also at and
DDR analysis tools: , ,
Logic analyzer ( )
JTAG tools: , , ...
UART soldering -- see Ch13 "Android Hacker's Handbook"
,
iPhone chip "data recovery" tools: , ,
,
Chip programmers (and readers):
JTAGulator Adafruit
Bus Pirate Sparkfun Adafruit
Teledyne/Lecroy EPN Solutions
FuturePlus Systems
saleae
Lauterbach Flyswatter 2
Interposer film chip sockets
AliExpress AliExpress
pinterest pinterest
xeltek
10. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 10/68
USB analysis/hacking tools:
Any dev board w/ USB client interface running Linux
Cold boot attacks:
DMA attacks
And many, many more ...
Facedancer 2.0
Total phase
Wireshark
IDA
FROST
"Reverse engineering the PSP"
11. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 11/68
Software, etc.Software, etc.
Early boot software
Trusted environment
HLOS/Linux
Android
Apps
Network
Cloud services
OTA
15. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 15/68
Taken from "ARM -- TrustZone Ready Program"
16. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 16/68
Taken from "ARM -- Building a Secure System using TrustZone Technology"
17. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 17/68
Taken from "ARM -- ARM1176JZ-S Technical Reference Manual"
18. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 18/68
Taken from "ARM -- ARM1176JZ-S Technical Reference Manual"
19. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 19/68
Taken from "LCU13: An Introduction to ARM Trusted Firmware"
20. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 20/68
Taken from "LCU13: An Introduction to ARM Trusted Firmware"
21. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 21/68
VulnerabilitiesVulnerabilities
Probing available pins
Tapping into JTAG / test points
Side channel attacks:
Cache attacks
Timing attacks
Power-monitoring attacks
Electromagnetic attacks
Acoustic cryptanalysis
Differential fault analysis
Data ramanence
Fault attacks (row hammer)
Optical
Decapsulation
24. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 24/68
Taken from "LCU13: Deep Dive into ARM Trusted Firmware"
25. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 25/68
2. Execution Location2. Execution Location
PBL & RPM FW: RPM ROM and RPM RAM
SBL1: OCM
SBL2: OCM
TZ Image: OCM
SBL3: System RAM
APPSBL (bootloader): System RAM
HLOS: System RAM
26. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 26/68
3. Bootloader / LK3. Bootloader / LK
Google doesn't mandate a specific bootloader
Vendors can use whatever they want, including U-Boot
Many Android bootloaders based on "Little Kernel":
15-20KB in size on ARM
Almost NO traces of Android functionality in main LK
Highly customized in every case
SoC vendor LKs have the goodies -- Linaro sample:
Detailed internals explanation for 410E/8016E:
https://github.com/littlekernel/lk/wiki/Introduction
https://git.linaro.org/landing-
teams/working/qualcomm/lk.git/
https://developer.qualcomm.com/download/db410c/little-
kernel-boot-loader-overview.pdf
27. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 27/68
Locked vs. unlocked:
Locked: Device cannot be flashed, verif OEM or user key
Unlocked: Device freely flashable, no sig verif done
Lock state communicated to TEE and persisted:
CRUCIAL: ties TEE key instantiation to lock state
Boot image sig verification -- built-in key
Bootloader signed by manufacturer key
Build system:
Android-like
Allows unmodified inclusion into bigger project
"apps" listed in table, started as threads
LK APIs provide: wait queues, mutexes, semaphores, timers, events,
threads
28. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 28/68
TrustZone & Trusted Execution EnvironmentsTrustZone & Trusted Execution Environments
Issues
Hardware-backing
Secure monitor
TEE services
TEEs on the market
TAs
REE communication
Secure storage
Attestation
Example Trusty TAs
29. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 29/68
1. Issues1. Issues
Lack of public documentation
Some common GP devices have disabled TZ
Linaro TZ emulator:
Optee on Hikey
"Arm TrustZone in QEMU"
"Testing QEMU Arm TrustZone"
30. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 30/68
2. Hardware-backing2. Hardware-backing
Processor always boots in secure mode
Peripherals boot in most secure state
Peripherals can be configured to be secure
"Secure flag" communicated across internal buses
Caches are security-aware
Secure interrupts
Internal memory:
SRAM
Reset on reboot (avoid coldboot attacks)
31. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 31/68
Taken from "ARM -- Fundamentals of HW-based Security"
32. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 32/68
3. Secure monitor3. Secure monitor
Must use SMC call to enter into monitor
SMC call only possible from kernel, not user-space
Switches to ARM Trusted Firmware (ATF)
ATF ensures the switch to the TZ OS
Register switching and saving done on call
33. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 33/68
Taken from "LCA 2014 -- Adopting ARM Trusted Firmware"
34. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 34/68
4. TEE services4. TEE services
Completely separate execution from HLOS/Linux
OS with APIs, like other OSes:
Scheduling
IPC
Communication with HLOS
Secure storage
Not very open world
Some systems run two TEEs in the same time
35. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 35/68
5. TEEs on the market5. TEEs on the market
Qualcomm Secure Execution Environment (QSEE):
Looks like it's widely used
Trustonic/Kinibi
This one too
:
Google OSS TEE for Android
Based on Little Kernel
Used in some real products
:
Also OSS
Trusty
Optee
36. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 36/68
6. Trusted Applications6. Trusted Applications
Actual applications like any other OS
Can be loaded from HLOS by request to TEE
Isolated from one-another like HLOS processes
Ever-increasing number of them
37. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 37/68
7. REE communication7. REE communication
Done via driver on the HLOS/Linux side
Might involve a user-space daemon
TA<->kernel communication done in RAM
38. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 38/68
8. Secure storage / RPMB8. Secure storage / RPMB
Taken from "ARM -- Fundamentals of HW-based Security"
39. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 39/68
9. Example Trusty TAs9. Example Trusty TAs
See
AVB resource manager
Keymaster
Gatekeeper
Fingerprint
Secure storage service
Access-controlled NVRAM
https://android.googlesource.com/trusty/app/
40. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 40/68
HLOS / Linux KernelHLOS / Linux Kernel
Security-related built-in mechanisms
Verified boot
Full disk encryption
File-based encryption
43. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 43/68
3. Full Disk Encryption3. Full Disk Encryption
Taken from "ELCE 2017 -- Protecting your system from the scum of the
universe"
44. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 44/68
4. File-Based Encryption4. File-Based Encryption
Taken from "ELCE 2017 -- Protecting your system from the scum of the
universe"
45. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 45/68
SELinux / SEAndroidSELinux / SEAndroid
Technology generalities
Functionality generalities
Core Policies
Linux integration
Linux Security Module Hooks
Current Linux implementation
46. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 46/68
1. Technology generalities1. Technology generalities
Tremendous amount of unreferenced and undocumented baggage
Quite a few concepts and tenets required to begin understanding
Lumps together several key concepts that were developed and
discussed independently within security research communities over
several years/decades.
Almost invariably presented with no reference to its historical roots
Nomenclature has evolved over the years
Different people refer to different parts using different terms
Own authors/maintainers use several terms for same things
SEAndroid/SELinux have built-in simplifications over source
designs
Vast majority of explanations require absorbing semantic space as-is
Some explanations rely on over-simplified analogies
"life is too short to enable SELinux" -- Ted Ts'o
47. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 47/68
From: Linus Torvalds
Newsgroups: fa.linux.kernel
Subject: Re: Security fix for remapping of page 0 (was [PATCH] Change
Date: Wed, 03 Jun 2009 16:48:28 UTC
Message-ID:
On Wed, 3 Jun 2009, Rik van Riel wrote:
>
> Would anybody paranoid run their system without SELinux?
You make two very fundamental mistakes.
The first is to assume that this is about "paranoid" people. Security is
_not_ about people who care deeply about security. It's about everybody.
Look at viruses and DDoS attacks - the "paranoid" people absolutely depend
on the _non_paranoid people being secure too!
The other mistake is to think that SELinux is sane, or should be the
default. It's a f*cking complex disaster, and makes performance plummet on
some things. I turn it off, and I know lots of other sane people do too.
So the !SElinux case really does need to work.
Linus
48. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 48/68
2. Functionality generalities:2. Functionality generalities:
Denial by default
-EPERM
permissive vs. enforcing vs. disabled
"Security context" specified as:
user:mode:type:mls_level
Principle of least privilege
50. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 50/68
3.1. Multi-Level Security (MLS)3.1. Multi-Level Security (MLS)
Taken from "Red Hat Enterprise Linux Deployment Guide"
51. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 51/68
3.2. Type Enforcement (TE)3.2. Type Enforcement (TE)
Taken from "Usenix SSYM'03 -- Analyzing Integrity Protection in the SELinux
Example Policy"
52. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 52/68
3.3. Role-Based Access Control (RBAC)3.3. Role-Based Access Control (RBAC)
"... provides a higher level abstraction to simplify user management."
Authorize each user as a set of roles
Authorize each role for a set of TE domains
Role field in security context in SELinux:
Maintained per RBAC model for each process
Set to a generic "object_r" for objects => i.e. unused
Role transition limited to certain TE domains per policy
Mostly unused in SEAndroid
53. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 53/68
3.4. User-Based Access Control (UBAC)3.4. User-Based Access Control (UBAC)
Issues w/ regular Linux UID model:
Often change to express permission or privilege, not user change
Change at any time w/ setuid calls w/o control over initialization
Arbitrarily changed by superuser
SELinux uses orthogonal UIDs:
Rigourous enforcement, unlike Linux
Policy limits UID changes to certain TE domains
Mostly unused in SEAndroid
54. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 54/68
4. Linux integration4. Linux integration
Taken from "USENIX/FREENIX 2001 -- Integrating Flexible Support for
Security Policies into the Linux Operating System"
55. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 55/68
5. Linux Security Module Hooks5. Linux Security Module Hooks
Taken from "USENIX SSYM 2002 -- Linux Security Modules: General Security
Support for the Linux Kernel"
56. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 56/68
6. Current Linux implementation6. Current Linux implementation
Taken from "Haines -- The SELinux Notebook (4th Ed.)"
57. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 57/68
AOSP User-SpaceAOSP User-Space
adb
App signing
App permission system
OTA
Google's on-device security
Keystore/Keymaster
Logging in
DRM
Android for work
App reverse engineering
59. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 59/68
2. App signing2. App signing
All apps signed
All certs used are self-signed -- no CA in Android ecosystem
Signature used by Package Manager:
Ensures replaced apps is signed with same key:
If >1 apps have same signature, can share same User ID
Signature used between apps to gate permissions:
granted to same-sig apps only
Can define permissions
Can manually check remote app signature
"Signature" permissions
"custom"
60. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 60/68
3. App permission system3. App permission system
Managed by PackageManager System service
At boot time, PM's
grants
platform-signed apps perms they've requested.
Normal apps checked at runtime for dangerous perms now
System services check caller permissions on call reception
Global framework permission definitions:
checkCallingPermission()
enforceCallingPermission()
grantPermissionsToSysComponentsAndPrivApps()
frameworks/base/core/res/Android.mk
61. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 61/68
4. OTA4. OTA
Two paths:
Recovery: Relies on recovery image
A/B ("seamless"): Relies on:
update_engine user-space binary
boot_control HAL
Both use AOSP release tools
A/B supports "streaming" updates
A/B support is SoC-vendor dependent: Qualcomm, Mediatek
62. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 62/68
5. Google's on-device security5. Google's on-device security
Connected to Google backend
Runs on all official Android devices (> 1B)
Provides:
Verify apps:
Continuously running on all apps
Detects/removes harmful apps and warns
Attestation
Safe browsing (phishing, malware, etc.)
Recaptcha
SafetyNet
63. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 63/68
6. Keystore/Keymaster6. Keystore/Keymaster
Taken from "Google -- Keystore attestation"
64. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 64/68
7. Logging in7. Logging in
Taken from "Google -- Authentication overview"
65. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 65/68
8. DRM8. DRM
Taken from "Inforce -- Protecting your premium HD content with Widevine™
Digital rights management (DRM) on Inforce platforms
66. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 66/68
9. Android for work / EMM9. Android for work / EMM
Taken from "Google -- Develop a solution"
67. 2/28/2019 Android Security Internals
file:///home/karim/opersys-dev/presentations/ewc-2019/android-security-internals/slides-main.html#/ 67/68
Google's InfrastructureGoogle's Infrastructure
Taken from "Google -- Keeping Google Play safe"