l4 android slides
TRANSCRIPT
![Page 1: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/1.jpg)
L4Android: A Generic Operating System Framework for Secure Smartphones
Presented by:Irfan sheikhAbu bakr Eirabie
![Page 2: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/2.jpg)
CONTENTSSmartphonesFour challenges in smartphone securityL4 Android Framework Introduction of AndroidAndroid ArchitectureThreats in Android ArchitectureMonolithic ArchitectureHow L4 Android Frame work helps?Virtual MachinesNFCHow L4 Android will solve the security problems?
![Page 3: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/3.jpg)
![Page 4: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/4.jpg)
Smartphone“A smartphone is a mobile phone built on a
mobile computing platform, with more advanced computing ability and connectivity then a feature phone” – Wikipedia
Smartphones are devices that can take care of all of your handheld computing and communication needs in a single, smart package.
When a different set of standards are applied for cellphones to fulfill your daily requirements, that becomes a smartphone
![Page 5: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/5.jpg)
Advantages of SmartphonesNever out of touchBetter information sharing Greater functionalityFaster Communication etc
![Page 6: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/6.jpg)
Smartphones replacing Computers
• Google believes that in three years or so smartphones will replace desktops as the primary way consumers retrieve
information and entertainment
As this chart from Silicon Valley Insider shows smartphone sales are increasing rapidly
![Page 7: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/7.jpg)
Four challenges in smartphone security…
![Page 8: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/8.jpg)
Four challenges in smartphone securitySecure Software Smartcards: which is
used for NFC applications or software SIM cards
Unified Corporate and Private Phone: shows how the business and the private phone can be securely combined on one device
Mobile Rootkit Detection, a technology that was previously restricted to desktop computers
Hardware Abstraction Layer (HAL):giving programs direct access to the hardware resources.
![Page 9: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/9.jpg)
NFC ?
![Page 10: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/10.jpg)
What is NFC(near field communication)?Short range wireless communication
technology b/w electronic devicesUsed in mobile devices
![Page 11: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/11.jpg)
L4 Android Framework
![Page 12: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/12.jpg)
L4 Android:
“is a framework to maximize the security of Android. This framework help us how to solve Security problems “Goal: is to run Android in a virtual machine on top of the microkernel
![Page 13: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/13.jpg)
MicrokernelDesign principles _maintenance of system security is implemented in kernel – Implement only functionality in kernel that cannot be implemented at user level Everything else in user space – Hardware enforced isolation boundaries Address spaces – Fast communication (IPC) –Improvements over monolithic kernels (such as Linux) – Fault isolation: limit scope of faultsScheduling: execute real-time applications beside non-
real-time applications
![Page 14: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/14.jpg)
L4Android.org• Open Source Project• See l4android.org for details
![Page 15: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/15.jpg)
![Page 16: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/16.jpg)
What is Android???
Android = operating system + middleware + key applications
![Page 17: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/17.jpg)
Introduction…Android is an open source platform
developed under the open handset alliance to enable faster development of mobile applications and provisions of services to the users.
Google is the leading company to develop and promote android, however there are other companies as well who are involved in the development of android.
![Page 18: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/18.jpg)
Android Architecture
![Page 19: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/19.jpg)
Android Architecture
19
![Page 20: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/20.jpg)
ApplicationAll applications are written using the java
programming language.Core applications include –
Email clientSMS programcalendarMapsBrowserContacts etc.
![Page 21: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/21.jpg)
Application FrameworkUnderlying all applications is a set of services
and systems, including:ViewsContent providersResource managerNotification managerActivity manager
![Page 22: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/22.jpg)
Android RuntimeEvery android application runs in its own
process, with its own instance of the Dalvik Runtime machine.
Dalvik has been written so that a device can run multiple VMs efficiently.
![Page 23: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/23.jpg)
Linux kernelAndroid relies on Linux version 2.6 for core
system services such as security, memory management, process management, network stack, and driver model.
![Page 24: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/24.jpg)
LibrariesIncludes a set of C/C++ libraries used by
various components of the android system.Some of the core libraries are System C
library, Media library, surface manager, libWebcore, SGL, 3D libraries, Freetype, SQLite.
![Page 25: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/25.jpg)
Threats in this Android Architecture…
![Page 26: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/26.jpg)
Threats in this Android Architecture Delayed System Updates security critical software updates are delayed or not deployed at all
In software security the time span from the discovery of a vulnerability until the deployment of the security patch is critical. During this time span the system is vulnerable and attackers race to create exploits
Linux Kernel: Android is based on the Linux kernel. Linux implements a monolithic All kernel components, including device drivers, run in kernel mode no isolation between components is provided. Any kernel bug that can be exploited enables an attacker to modify kernel memory,
Rooted PhonesRooting is the process that overcomes the kernel’s integrity barrier. The modified kernel might disable Android security measures, contain malware such as key loggers, or subtly alter the system’s behavior to leak private information.
Android Permission SystemAt installation time an application can request permission to access system resources such as location, Internet, or the cellular network, from the user. The user is then presented with a screen allowing him to either grant all the permissions or cancel the installation. It is not possible to selectively accept or deny accessprivileges. Thus, many users simply accept such permission requests without considering their implications
![Page 27: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/27.jpg)
Monolithic Architecture?
![Page 28: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/28.jpg)
Monolithic ArchitectureMonolithic Architecture—the early operating
systems
Every component is contained in the kernel, can directly communicate with other components
Computer Hardware
OS Layer
User SpaceApplications
System Calls
![Page 29: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/29.jpg)
Drawbacks of monolithic architecture?
![Page 30: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/30.jpg)
Draw Backs?Monolithic architecture of Android is the main reason
for its security problemsA bug in one of them is enough for an attacker to tamper
with any part of the component and to leverage all of its permissions.
The design of our OS frameworks is based on the principle of divide and conquer.
Dividing monolithic systems into smaller subsystems is a complex task, because these subsystems have complex dependencies with one another
This problem is prominent with OS kernels. Therefore it is not possible to apply our OS construction mechanism to existing OSes.
![Page 31: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/31.jpg)
How L4 Android Frame work helps?
![Page 32: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/32.jpg)
Solution So L4 Android framework provides Virtual Machines to run existing systems. Security conscious applications are implemented outside of the VM.
![Page 33: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/33.jpg)
Virtual Machines ?…
![Page 34: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/34.jpg)
Virtual MachinesCan create the
illusion that there are more than one separate machines
An instance of Android is run inside a virtual machine to secure kernel from attacks.
Computer Hardware
Virtual machine implementation
Kernel
User Space
VM1
Kernel
User Space
VM1
User Space
Host Operating System
![Page 35: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/35.jpg)
How L4 Android will solve the security problems?
![Page 36: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/36.jpg)
How L4 Android will solve the security problems? Software SmartcardL4 Android framework facilitates the secure implementation of smartcard functionality in software via download, thus minimizing the cost of including physical smartcards and their readers in phone housing.
Unified Corporate and Private Phone: It shows how a private and a business phone can be unified in one device in a secure manner, using virtual machines to run multiple instances of android.
Mobile Rootkit Detection: It describes how our framework enables rootkit detection on mobile devices. Rootkit detectors are isolated a layer below target OS so that a compromised kernel cannot be exploited further.
Hardware Abstraction: It’s purpose to implement device specific drivers in a layer below Android. This allows Google to supply generic kernel versions that are readily applicable to all devices, which allows for much faster security updates.
![Page 37: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/37.jpg)
![Page 38: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/38.jpg)
THANK YOU
![Page 39: L4 Android Slides](https://reader034.vdocument.in/reader034/viewer/2022042515/5450ae8bb1af9ffd328b4bf8/html5/thumbnails/39.jpg)
Queries?