Philippe THIERRY & Sylvain LEROY - October 28th 2011 Presentation for ELCE Toward the integration of Grsecurity in Embedded Android Operating System

Page created by Joe Bishop
IT & Technique
English
 
CONTINUE READING
Page content transcription
If your browser does not render page correctly, please read the page content below
Philippe THIERRY & Sylvain LEROY - October 28th 2011 Presentation for ELCE Toward the integration of Grsecurity in Embedded Android Operating System
Toward the integration of Grsecurity in Embedded
                                              Android Operating System

                                          Philippe THIERRY & Sylvain LEROY
                                                           October 28th 2011
                                                        Presentation for ELCE
Thales Communications & Security
Philippe THIERRY & Sylvain LEROY - October 28th 2011 Presentation for ELCE Toward the integration of Grsecurity in Embedded Android Operating System
2 / 23                                                         Summary

               Introduction
               What is the purpose of our work ?
               About Android software architecture
                        General software architecture
                        Zygote & the application management
                        The Binder ICC integration
                        Existing security considerations
               Why we chose Grsecurity
               Why we didn’t choose SELinux
               What we have enabled from GRSecurity
                        What is currently supported
                        Matching Android activities
                        Basic security enhancement
                        Specific Android security add-ons
                Currently working features
               Other works on Android security
               Conclusion

Thales Communications & Security
Philippe THIERRY & Sylvain LEROY - October 28th 2011 Presentation for ELCE Toward the integration of Grsecurity in Embedded Android Operating System
3 / 23                                                                     Introduction

       In 2011 :
               Android is in the top 3 mobile OSs used on smartphones world wide
                 It became number 2 in Europe
                         Before Backberry OS (RIM)
                         After iOS (Apple)

       Some figures :
               500,000 activations per day world wide1
               FIXME

       1Study    realized by ComScore (http://www.comscore.com)

Thales Communications & Security
Philippe THIERRY & Sylvain LEROY - October 28th 2011 Presentation for ELCE Toward the integration of Grsecurity in Embedded Android Operating System
4 / 23                                     Introduction

      Source : http://gs.statcounter.com
Thales Communications & Security
Philippe THIERRY & Sylvain LEROY - October 28th 2011 Presentation for ELCE Toward the integration of Grsecurity in Embedded Android Operating System
5 / 23                                                                           Introduction

       Let’s talk a little about GRSecurity

          Chroot advanced enhancements                advanced logging

       RBAC policy support with advanced              Trusted Path Execution (TPE) mode
       learning mode
                                                    Advanced uid & gid filtering for
          Modules auto-loading hardening           network access

          kernel threads and behavior hiding          Logging overload protections

          advanced RLIMIT NPROC support             kernel memory protection Null pointer
                                                    exception protection

                                                     NˆX bit software emulation various ELF
                                                    protections and randomization

   GRSecurity web site: http://www.grsecurity.net
Thales Communications & Security
Philippe THIERRY & Sylvain LEROY - October 28th 2011 Presentation for ELCE Toward the integration of Grsecurity in Embedded Android Operating System
6 / 23                                                 Introduction

       Our test components :

            Android froyo (2.2)

            Nexus One/G1 (dev phone)

            Android/Linux kernel 2.6.32.9

            Grsecurity 2.1.14-2.6.32.9-201003112025

Thales Communications & Security
Philippe THIERRY & Sylvain LEROY - October 28th 2011 Presentation for ELCE Toward the integration of Grsecurity in Embedded Android Operating System
7 / 23                                                          What is the purpose of our work ?

               GRSecurity is a well known solution mostly used in x86
                GNU/Linux architecture
                        This solution is able to harden standard GNU/Linux operating system
                        It is able to limit various security vulnerabilities (e.g. some rootkits)
               The purpose of this work is to validate the capacity to deploy the
                GRSecurity solution into Android devices
               The capacity of GRSecurity to handle current Android security
                threats remains to be done

Thales Communications & Security
8 / 23                                                About Android software architecture 1/6

                                                       Android is a Linux-based operating
                                                        system, with some specificities
                                                       Android   architecture is based on a
                                                        specific libc (i.e. Bionic) and a Java
                                                        virtual machine (i.e. Dalvik) based
                                                        applications management
                                                       Pthread   implementation is Android
                                                        specific, optimized for Dalvik

                Android is a Linux-based operating system, with some specificities
             Bionic is not compliant with a standard POSIX libc and does not implement
            some ususal functions like getprotobyname()
            Most of the Google added value has been implemented in the Dalvik virtual
            machine
             A new inter-process communication paradigm has been integrated in the Linux-
            kernel, using a Corba-like communication system (Binder)

Thales Communications & Security
9 / 23                                                       About Android software architecture 2/6

       Zygote, « the creator »
               Runs as root
               Forks to create new applications on demand
               Preloads Dalvik’s libraries
               Sometimes « forgets » to change its uid from root to application’s
                uid
                        Zimperlich’s exploit from Sebastian Krahmer (efficient on Froyo)

Thales Communications & Security
10 / 23                                                           About Android software architecture 3/6

       Packages management

               User management : uid/gid
                        User management : uid/gid
                        is chosen at installation time in respect with existing application on the smartphone as in
                         GNU/Linux systems

               Signed packages
                        Every package is signed with the private key of the developer. Only used to identify the
                         author of the application
                        Not for security purposes

               Permissions
                        Permissions are setup on package’s installation for its whole installed life

Thales Communications & Security
11 / 23                                             About Android software architecture 4/6

       Let’s talk about the Android Binder…
               Inter-application communication is done using an Android-specific (not
                POSIX-compliant) kernel component named Binder (based on OpenBinder)
                The Binder manages pre-defined capabilities defined originally for
                smartphones :
                        BATTERY_STATS
                        CALL_PHONE
                        CHANGE_WIFI_STATE
                        …
                These permissions are used through the Dalvik virtual machine, depending
                on the permissions declared by the developer in its activity’s Manifest.xml
                file
                The usage of the permissions is defined by the developer and validated by
                the user during the application installation
                Even if these permissions are used by Dalvik applications, standard IPC are
                still accessible

Thales Communications & Security
12 / 23                                              About Android software architecture 5/6

            Process separation
               « The kernel is solely responsible for sandboxing applications from each other.
                In particular the Dalvik VM is not a security boundary, and any app can run
                native code (see the Android NDK). All types of applications — Java, native, and
                hybrid — are sandboxed in the same way and have the same degree of security
                from each other. » Source :
                http://developer.android.com/guide/topics/security/security.html

        ASLR (Address Space Layout Randomization)

               A « random seed » is chosen at boot time and is unique for every
                application until reboot
               This limitation is introduced by prelinking optimization

Thales Communications & Security
13 / 23                                                         About Android software architecture 6/6

       Just In Time impact

                 The Dalvik virtual machine uses JIT (Just In Time) capacity. The goal of
                  JIT is to compile the code when it is about to be executed for the first time
                  by Dalvik

                 JIT is not compatible with Write^eXecute security enhancement because
                  it needs to :
                    1.    write (compile) code during runtime
                    2.    execute it

Thales Communications & Security
14 / 23                                                                               Why we chose GRsecurity

       What we have noticed
               The Android userspace is a complex and dynamic world
                        Dalvik is a large living software
                                  Total Physical Source Lines of Code (SLOC)   = 214,160
                         Native and Java applications are usually updated and varies from an Android version to
                         another
                        Depending on the phone, some add-on applications may be deployed
               As user-space source code access is not yet available for Android 3.x :
                        Adding or upgrading security features to a newer version might lead to fork Android because
                         user-space add-ons depend on a miminal source code access
                        Security is easier to manage when only one component is impacted
                        Furthermore, the kernel source code is under GPL license, which guarantee its availability

Thales Communications & Security
15 / 23                                                Why we didn’t choose SELinux

       About the impact of SELinux on the user-space
                 SELinux depends on the libselinux, a user-space library which
                  needs to be cross-compiled and deployed in the system
                 User-space applications have to be linked against the libselinux

       On SELinux policy management
                 SELinux security contexts management is harder to configure and
                  some new security policies need to be defined for Android
                  Activities

Thales Communications & Security
16 / 23                                    What we have enabled from GRSecurity in Android 1/3

   Most important features of the GRSecurity/PaX patch
     Chroot advanced enhancements

     RBAC policy support with advanced learning mode

     Modules auto-loading hardening

     kernel threads and behavior hiding

     advanced RLIMIT NPROC support

     advanced logging

     Trusted Path Execution (TPE) mode

     Advanced uid & gid filtering for network access

     Logging overload protections

     kernel memory protection Null pointer exception protection

     NˆX bit software emulation various ELF protections and randomization

Thales Communications & Security
17 / 23                                    What we have enabled from GRSecurity in Android 2/3

   Enabled official GRSecurity features
     Chroot advanced enhancements          (need to be tested)

     RBAC policy support with advanced learning mode        (Binder integration need to be implemented)

     Modules auto-loading hardening

     kernel threads and behavior hiding

     advanced RLIMIT NPROC support           (Not tested. Android needs have to be measured first)

     advanced logging

     Trusted Path Execution (TPE) mode       (Not tested at all)

     Advanced uid & gid filtering for network access      (Need functionnal RBAC policy)

     Logging overload protections

     kernel memory protection Null pointer exception protection

     NˆX bit software emulation various ELF protections and randomization     (JIT & prelinking incompatibilities)

Thales Communications & Security
18 / 23                                    What we have enabled from GRSecurity in Android 3/3

            How did we select which security feature to enable
               Some are specially difficult to manage
                        PaX memory management
               Some will need Android-specific modifications
                        Efficient RBAC based network access filtering
               Some are being deployed on new up-to-date hardware and
                software targets

Thales Communications & Security
19 / 23                                                                    Currently working features 1/2

       Detecting Activity creation
               Detecting Zygote behaviour when creating a new task

       Integrating basics

               Kernel threads and memory protections
               chroot enhancement
                        for native apps, not yet tested

               Simple white listing for Android Activities
                        execution authorization, depending on the application name defined by Zygote

       Advanced Android-specific

               Sandboxing Dalvik
                        scope limitation to Dalvik processes only
               Layout randomization for non-dalvik processes using glibc
                         currently in progress

Thales Communications & Security
20 / 23                                                 Currently working features 2/2

        Since Dalvik processes can be detected efficiently,
       other security add-ons (like white-listing) have been easier
       to deploy

        Nevertheless, defining correct security policy for some
       activities/providers/managers is not easy :
               The com.android.settings activity configures the system and needs
                to access every part of it and is, because of that, difficult to
                manage

Thales Communications & Security
21 / 23                                                                          Other works

       Taintdroid
               Detecting any access to sensitive informations by installed
                applications
                        Dalvik, libcore and vold have been patched
                        Not tested by us

       Other existing solutions
               Application allowing the user to reduce permissions asked during
                application installation
                        User friendly permissions management per application
                        The user select how restrictive permissions should be
                        Unkown impact on the dalvik and bionic source code
                        Not tested by us

Thales Communications & Security
22 / 23                                                                  Conclusion

       Status of work
               Grsecurity is a kernel security patch, which need to be ported to
                various Android kernel version
               This means that the kernel should be recompiled and flashed
                on the targets, which is not always easy
               GRSecurity-based devices are efficiently protected when
                associated with a controlled infrastructure (i.e. market, VPN…)
               GRSecurity-based devices security needs to be validated
                against existing known vulnerabilities

Thales Communications & Security
23 / 23                                 Questions ?

     Picture source: wheb.ac-reims.fr

Thales Communications & Security
24 / 23                                      References

            https://grsecurity.net

            https://developer.android.com

Thales Communications & Security
You can also read
Leonardo e le PMI, il prossimo evento del Roadshow - Torino, 4 Luglio 2019 - CYBER SECURITY DIVISION - ETSI
Leonardo e le PMI, il prossimo evento del Roadshow - Torino, 4 Luglio 2019 - CYBER SECURITY DIVISION - ETSI
C / C++ Developer - Bachmann electronic
C / C++ Developer - Bachmann electronic
SAP Innovation Awards 2018 Entry Pitch Deck - Talent Exchange - a custom SAP Cloud Platform solution ExxonMobil
SAP Innovation Awards 2018 Entry Pitch Deck - Talent Exchange - a custom SAP Cloud Platform solution ExxonMobil
Kishoge Community College Admissions Policy 2020
Kishoge Community College Admissions Policy 2020
DEVELOPING WINDOWS MOBILE APPLICATIONS - TOM SLEE SQL ANYWHERE PRODUCT MANAGEMENT AUGUST 2009
DEVELOPING WINDOWS MOBILE APPLICATIONS - TOM SLEE SQL ANYWHERE PRODUCT MANAGEMENT AUGUST 2009
Adhesives Adhesives selector guide - General Adhesivos
Adhesives Adhesives selector guide - General Adhesivos
MATURE-AGE ENTRY SCHEME 2018 - The University of Sydney
MATURE-AGE ENTRY SCHEME 2018 - The University of Sydney
Town of Lexington Community Preservation Committee Report to - Lexington, MA
Town of Lexington Community Preservation Committee Report to - Lexington, MA
Ohio University Computer Services Center
Ohio University Computer Services Center
The only Self Storage management software you need.
The only Self Storage management software you need.
STRATUS FTSERVICES FOR FTSERVER PLATFORMS - INSOURCE SOLUTIONS
STRATUS FTSERVICES FOR FTSERVER PLATFORMS - INSOURCE SOLUTIONS
Vehicle Standards Information - NSW Government
Vehicle Standards Information - NSW Government
Charlotte Cooke Called to the Bar 2008 - South Square
Charlotte Cooke Called to the Bar 2008 - South Square
MEETING HIPPA COMPLIANCE RULES WITH LOGMEIN - LOGMEIN WHITE PAPERS
MEETING HIPPA COMPLIANCE RULES WITH LOGMEIN - LOGMEIN WHITE PAPERS
SUBMIT A PERMIT REQUEST ON DEVHUB - DEVELOPMENT HUB PDX
SUBMIT A PERMIT REQUEST ON DEVHUB - DEVELOPMENT HUB PDX
2020 Northern Neck Vegetable Growers Association Scholarship Program
2020 Northern Neck Vegetable Growers Association Scholarship Program
The Global Remote Work Productivity Tracker - VOLUME 4: THE EMERGENCE OF COLLABORATION APP SPRAWL - Aternity
The Global Remote Work Productivity Tracker - VOLUME 4: THE EMERGENCE OF COLLABORATION APP SPRAWL - Aternity
CANADA-BRAZIL IMMERSIVE MEDIA INCENTIVE - By Canada Media Fund and SP CINE GUIDELINES
CANADA-BRAZIL IMMERSIVE MEDIA INCENTIVE - By Canada Media Fund and SP CINE GUIDELINES
CANADA-SOUTH AFRICA CO- DEVELOPMENT INCENTIVE FOR TELEVISION PROJECTS GUIDELINES 2019
CANADA-SOUTH AFRICA CO- DEVELOPMENT INCENTIVE FOR TELEVISION PROJECTS GUIDELINES 2019
EXCELLENCE THROUGH EDUCATION 2020 - 2021 - Aspire Business ...
EXCELLENCE THROUGH EDUCATION 2020 - 2021 - Aspire Business ...
Boorley Park Primary School (Wildern Multi Academy Trust) Admission Arrangements for 2019-2020
Boorley Park Primary School (Wildern Multi Academy Trust) Admission Arrangements for 2019-2020
CALL FOR PROPOSALS 2016-2018 - "FONDATION ARTHRITIS & CLARINS WORLDWIDE 2016"
CALL FOR PROPOSALS 2016-2018 - "FONDATION ARTHRITIS & CLARINS WORLDWIDE 2016"
MARKLOGIC AND RUBY WITH ACTIVEDOCUMENT - DEVELOPER LOUNGE LAB - USER CONFERENCE 2011
MARKLOGIC AND RUBY WITH ACTIVEDOCUMENT - DEVELOPER LOUNGE LAB - USER CONFERENCE 2011
The game changer for South Africa's oldest bank
The game changer for South Africa's oldest bank
2021 Georgia PGA Foundation Scholarship Program Information and Application - Georgia PGA Foundation Murray Golf House 2205 Northside Drive NW ...
2021 Georgia PGA Foundation Scholarship Program Information and Application - Georgia PGA Foundation Murray Golf House 2205 Northside Drive NW ...
SSL for Apps Best Practices for Developers - White Paper
SSL for Apps Best Practices for Developers - White Paper
HELLO, MY NAME IS SMARTTRAM, HUMAN FACTORS IS ON BOARD, ENJOY THE RIDE! DEVELOPING A HUMAN FACTORS PROGRAM FOR AUTOMATIC TRAMS
HELLO, MY NAME IS SMARTTRAM, HUMAN FACTORS IS ON BOARD, ENJOY THE RIDE! DEVELOPING A HUMAN FACTORS PROGRAM FOR AUTOMATIC TRAMS
Aalto University School of Electrical Engineering Information sheet 2020-2021 - ETSIT
Aalto University School of Electrical Engineering Information sheet 2020-2021 - ETSIT
Introduction to E-Learning Technologies - Prof. dr. Paul De Bra Dr. ir. Natalia Stash
Introduction to E-Learning Technologies - Prof. dr. Paul De Bra Dr. ir. Natalia Stash
Specifications 2021 - Weischer.Media
Specifications 2021 - Weischer.Media
Training Support Programme - For NAFA 2021 Fresh Graduates - Centre for Lifelong Education - Nanyang Academy of Fine Arts
Training Support Programme - For NAFA 2021 Fresh Graduates - Centre for Lifelong Education - Nanyang Academy of Fine Arts
Switzerland: Banking, Finance, and Social Responsibility - Fall 2021 - SIT Study Abroad
Switzerland: Banking, Finance, and Social Responsibility - Fall 2021 - SIT Study Abroad
Admissions Policy 2019/20 - Studfall Infant Academy
Admissions Policy 2019/20 - Studfall Infant Academy
KING'S SCHOLARSHIP 2019 - Eton College
KING'S SCHOLARSHIP 2019 - Eton College
2021 Bridging Programme for Advanced Diploma (Logistics) - CONTINUING EDUCATION PROGRAMME (CEP) - UJ
2021 Bridging Programme for Advanced Diploma (Logistics) - CONTINUING EDUCATION PROGRAMME (CEP) - UJ
ALLEYNIAN SCHOLARSHIP PROGRAMME (IB DIPLOMA) GUIDE
ALLEYNIAN SCHOLARSHIP PROGRAMME (IB DIPLOMA) GUIDE
India: Sustainable Development and Social Change Spring 2020 - SIT Study Abroad
India: Sustainable Development and Social Change Spring 2020 - SIT Study Abroad
Applying for Access Access Services
Applying for Access Access Services
COMMUNITY GRANTS PROGRAM 2020-2021 - Frequently Asked Questions - Glen Eira ...
COMMUNITY GRANTS PROGRAM 2020-2021 - Frequently Asked Questions - Glen Eira ...
O2O JAMES SAMPSON REGIONAL HEAD, STRATEGY & PARTNERSHIPS, GRABADS - MOBILE MARKETING ASSOCIATION
O2O JAMES SAMPSON REGIONAL HEAD, STRATEGY & PARTNERSHIPS, GRABADS - MOBILE MARKETING ASSOCIATION
Direction after completing the application: Print screen of page one and paste it into an email. Continue the process with pages 2-4. Attach ...
Direction after completing the application: Print screen of page one and paste it into an email. Continue the process with pages 2-4. Attach ...
GRID CONNECTED AND STAND-ALONE PHOTOVOLTAIC SYSTEMS
GRID CONNECTED AND STAND-ALONE PHOTOVOLTAIC SYSTEMS
OUTNOW! 2019 International Performing Arts Festival From June 7 to 10, 2019 A cooperation project of the Schwankhalle and Theater Bremen - sch wa ...
OUTNOW! 2019 International Performing Arts Festival From June 7 to 10, 2019 A cooperation project of the Schwankhalle and Theater Bremen - sch wa ...
THE VALUE OF CONNECTED APPLICATIONS
THE VALUE OF CONNECTED APPLICATIONS
CANADA-SOUTH AFRICA CO- DEVELOPMENT INCENTIVE FOR TELEVISION PROJECTS GUIDELINES 2018
CANADA-SOUTH AFRICA CO- DEVELOPMENT INCENTIVE FOR TELEVISION PROJECTS GUIDELINES 2018
CANADA-SOUTH AFRICA CO-DEVELOPMENT INCENTIVE FOR TELEVISION PROJECTS GUIDELINES 2021-2022
CANADA-SOUTH AFRICA CO-DEVELOPMENT INCENTIVE FOR TELEVISION PROJECTS GUIDELINES 2021-2022
Regirer Nursing Scholarship 2021 Application - Presented by the Commonwealth Long Term Care Foundation - Virginia ...
Regirer Nursing Scholarship 2021 Application - Presented by the Commonwealth Long Term Care Foundation - Virginia ...
Exchange Fact Sheet 2020-2021 - University of San Diego
Exchange Fact Sheet 2020-2021 - University of San Diego
Thomas Edison High School of Technology
Thomas Edison High School of Technology
The Tile Contractors' Association of America's 2019 Architecture/Interior Design Scholarship for Professional Degree Candidates
The Tile Contractors' Association of America's 2019 Architecture/Interior Design Scholarship for Professional Degree Candidates
We use cookies. Please refer to the Privacy Policy.