Date post: | 29-Dec-2015 |
Category: |
Documents |
Upload: | samson-malone |
View: | 224 times |
Download: | 4 times |
AndroidiOSWindows MobileSymbian ?RIM (Blackberry)?
Common Mobile OS
The good
The bad (challenges) must support different hardware
(phones, netbooks, GoogleTV, cameras, Google glass…)
built on top of Linux kernel apps largely written in Java (Apache Harmony) open source
version proliferation(Cupcake, Donut, Éclair, Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat …)
application piracy
legal issues
Security a priority in the software life cycle
Mandatory app sandbox
Application signing
Other
each process is a subject & has its own ID safe mode ensures the system partition is read-only the API includes common encryption ciphers
the kernel intercepts common software vuls (buffer overflow, integer overflow, heap corruption, format string errors) hardware-based Never eXecute
user consulted to grant permission to new app
every application must be signed with a public key
CA not required and no CA verification is currently performed
iOSiOSLayers of Security
secure boot process
secure system install/upgrade
app security
runtime protections
file encryption
passcode security
support for network security standards
iOSiOSSecure Boot Process
1) run boot program (integrity guaranteed by ROM)
2) Remaining system code is signed by Apple
3) Recovery to iTunes if necessary
Boot Program
ApplePublicKey
iOSiOSSystem install/upgrade
iOSiOS
app security
provided software (Mail, Safari, etc.) signed by Apple
other apps from registered developers are signedApple supplies certificates to registered developers.
firms can use Apple service for in-house only software
runtime protections
each app has its own home directory for files
most processes run in a non-privileged mode
all OS code is in read-only memory
processes are assigned to random memory locations
iOSiOSfile encryption
crypto engine for AES-256 and SHA-1
There is also a random numbergenerator using interrupt timing.
Each file encrypted with _________ key
Each file's metadata includes wrapped per-file key and class key encrypted with ____________ key
UID | GIDUID | GID
Each per-file key is wrapped (encrypted) with _________ key
Each class key is encrypted with UID (and possibly a passcode)
iOSiOS
passcode security
The passcode is "tangled with UID
Passcode checking ________ to 80 msec.
iOSiOSsupport for network standards
secure low-level protocols (SSL, TLS)
secure higher-level VPN (L2TP, PPTP)
wi-fi via 128-bit AES encryption
…and many others