Presentation is loading. Please wait.

Presentation is loading. Please wait.

Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.

Published byAshlee Craig Modified over 8 years ago

Similar presentations

Presentation on theme: "Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java."— Presentation transcript:

1 Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Inc. pragati.rai@paypal.com @pragatiogal Java Conference, Bangalore, Dec 8, 2012

2 Agenda  Java 2 Security Model  Android Security Model  Summarize

3 Java 2 Security Model

4 Java  Developed by Sun Microsystems in the early 1990s  Platform Independent  Compiled to bytecode that runs on a Virtual Machine  “Java is Secure”

5 Java 2 Security Model  Platform Security  Crypto APIs  Authentication & Access Control APIs  Secure Communication APIs  Key Management APIs

6 Java Language Security  Programs cannot access arbitrary memory locations  Variables cannot be used before initialization  Access methods are strictly adhered to  Entities declared final must not be changed  Objects cannot be arbitrarily cast into other objects  Array bounds must be checked on all array accesses

7 Java 2 Platform Security Model Remote Class FilesLocal Class FilesSigned Class Files Bytecode Verifier Class Loader Core API Class Files Core Java API Security Package Key Database Operating System Security Manager Access Controller

8 Java 2 Sandbox Model Fine grained access control Configurable Security Policy No built-in concept of trusted local code

9 Security Policy File Example // If the code is signed by ”Pragati", grant it read/write access to all //files in /tmp/pragati grant signedBy ”Pragati" { permission java.io.FilePermission "/tmp/pragati/*", "read,write"; }; // If the code is signed by ”John", grant it read/write access to all //files in /tmp/john grant signedBy ”John" { permission java.io.FilePermission "/tmp/john/*", "read,write”; }; // Grant everyone the following permission: grant { permission java.io.FilePermission "/tmp/pragati/*", "read"; }; ………….. ……….

10 Protection Domain Domain name “Pragati” Pragati’s certificate Read/write access to /temp/pragati/* Domain name “John” John’s certificate Read/write access to /temp/john/* Read access to /temp/pragati/* ………….. ………. Protection Domain = Code Source + Permission

11 Java 2 Security Model  All code runs in a sandbox  All classes are loaded with full bytecode verification  All classes are loaded with Java language features  Signed classes verify the integrity and origination of Java classes  Security policy provides fine-grained access  Crypto APIs

12 The Android Stack

13 Android  Open Platform  First phone based on Android came out in 2009  75% smartphone market share as of October 1 1: idc.com

14 Android Security Model  Platform Security  Crypto APIs  Secure Communication APIs  Key Management APIs

15 Install Time User Consent

16 Android OS Architecture http://developer.android.com

17 Linux Kernel  Unique UID and GID for each application at install time  Sharing can occur through component interactions  Linux Process Sandbox

18 Linux Kernel (Cont’d) include/linux/android_aid.h AID_NET_BT3002Can create Bluetooth Sockets AID_INET3003Can create IPv4 and IPv6 Sockets

19 Middleware  Libraries for code execution  Libraries for services  Take care of device specific issues  Compiled to machine language  Native and Java code

20 Java Virtual Machine?  There is no JVM in Android platform  No bytecode is executed  JAR file will not run on Android platform

21 Dalvik Virtual Machine  Dalvik does not align to Java SE or Java ME  Library built on a subset of the Apache Harmony Java  Highly optimized VM to support multiple VM instances  Register based architecture  Shared constant pool  Executes Dalvik executables (.dex)

22 Dalvik Virtual Machine  No security manager  Permissions are enforced in OS and not in VM  As of Android 2.2 Dalvik has a JIT compiler  Dalvik Bytecode verification mainly for optimization  GC for each VM instance

23 Android Application Structure  Application is made of components  Activity: Define screens  Service: Background processing  Broadcast Receiver: Mailbox for messages from other applications  Content Provider: Relational database for sharing information  Applications communicate through Intents  Secure RPC using Binder  AndroidManifest.xml defines policy for application

24 Permission Protection Levels  Normal android.permission.VIBRATE com.android.alarm.permission.SET_ALARM  Dangerous android.permission.SEND_SMS android.permission.CALL_PHONE  Signature android.permission.FORCE_STOP_PACKAGES android.permission.INJECT_EVENTS  SignatureOrSystem android.permission.ACCESS_USB android.permission.SET_TIME All components are secured by permissions Developers can define their own permissions as well

25 Application Layer Security  Permissions restrict component interaction  Permission labels defined in AndroidManifest.xml  Applications are self-signed; no CA required  Signatures define persistence and authorship

26 Android Security Model  Linux process sandbox  Permission based component interaction  Dalvik is not a security boundary  All applications need to be signed  Signature define persistence and authorship  Install time security decisions  Crypto APIs

27 Summary

28 Install Time Check Who are you? What do you want to do?

29 Sandbox Based on permissions, code sources, policy, keystore, protection domains Process Sandbox

30 Signature Identity and Trust Authorship and Persistence

31 Permissions Enforced by VM Enforced by OS

32 Protection Domain Code Sources + Permissions Process

33 Virtual Machine Is a security boundary Is NOT a security boundary

34 Thank you! pragati.rai@paypal.com @pragatiogal http://www.slideshare.net/pragatiogal

Download ppt "Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Introduction.  Professor  Adam Porter 

Introduction.  Professor  Adam Porter 
Android architecture overview

Android architecture overview
Introduction to Android Mohammad A. Gowayyed CS334-Spring 2014.

Introduction to Android Mohammad A. Gowayyed CS334-Spring 2014.
Java Applet Security Diana Dong CS 265 Spring 2004.

Java Applet Security Diana Dong CS 265 Spring 2004.
Java security (in a nutshell)

Java security (in a nutshell)
COEN 351: E-Commerce Security

COEN 351: E-Commerce Security
Java Security CS-328. JDK 1.0 Security Model Sandbox Java Virtual Machine Local Code Remote Code Local Host System Resources (File System, Sockets, Printers…)

Java Security CS-328. JDK 1.0 Security Model Sandbox Java Virtual Machine Local Code Remote Code Local Host System Resources (File System, Sockets, Printers…)
Dan Sedlacek CTO, Systems Management Group Sterling Software Java Security and Encryption.

Dan Sedlacek CTO, Systems Management Group Sterling Software Java Security and Encryption.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
DEPARTMENT OF COMPUTER ENGINEERING

DEPARTMENT OF COMPUTER ENGINEERING
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Android An open handset alliance project Janice Garcia September 18, 2008 MIS 304.

Android An open handset alliance project Janice Garcia September 18, 2008 MIS 304.
@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.

@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.
Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department.

Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.
Case study 2 Android – Mobile OS.

Case study 2 Android – Mobile OS.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.

Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.

Similar presentations

Ads by Google