Table Of Content

SSyyrraaccuussee UUnniivveerrssiittyy SSUURRFFAACCEE Dissertations - ALL SURFACE December 2016 UUnnddeerrssttaannddiinngg aanndd IImmpprroovviinngg SSeeccuurriittyy ooff tthhee AAnnddrrooiidd OOppeerraattiinngg SSyysstteemm Edward Paul Ratazzi Syracuse University Follow this and additional works at: https://surface.syr.edu/etd Part of the Engineering Commons RReeccoommmmeennddeedd CCiittaattiioonn Ratazzi, Edward Paul, "Understanding and Improving Security of the Android Operating System" (2016). Dissertations - ALL. 592. https://surface.syr.edu/etd/592 This Dissertation is brought to you for free and open access by the SURFACE at SURFACE. It has been accepted for inclusion in Dissertations - ALL by an authorized administrator of SURFACE. For more information, please contact surface@syr.edu. ABSTRACT Successfulrealizationofpracticalcomputersecurityimprovementsrequiresanunderstanding andinsightintothesystem’ssecurityarchitecture,combinedwithaconsiderationofend-users’ needsaswellasthesystem’sdesigntenets.InthecaseofAndroid,asystemwithanopen, modulararchitecturethatemphasizesusabilityandperformance,acquiringthisknowledgeand insightcanbeparticularlychallengingforseveralreasons.InspiteofAndroid’sopensource philosophy,thesystemisextremelylargeandcomplex,documentationandreferencematerials arescarce,andthecodebaseisrapidlyevolvingwithnewfeaturesandfixes.Tomakematters worse,thevastmajorityofAndroiddevicesinusedonotruntheopensourcecode,butrather proprietaryversionsthathavebeenheavilycustomizedbyvendorsforproductdifferentiation. Proposingsecurityimprovementsormakingcustomizationswithoutsufficientinsightintothe systemtypicallyleadstoless-practical,less-efficient,orevenvulnerableresults.Pointsolutionsto specificproblemsriskleavingothersimilarproblemsinthedistributedsecurityarchitecture unsolved.Far-reachinggeneral-purposeapproachesmayfurthercomplicateanalreadycomplex system,andforceend-userstoenduresignificantperformanceandusabilitydegradations regardlessoftheirspecificsecurityandprivacyneeds.Inthecaseofvendorcustomization, uninformedchangescanintroduceaccesscontrolinconsistenciesandnewvulnerabilities.Hence, thelackofmethodologiesandresourcesavailableforgaininginsightaboutAndroidsecurityis hinderingthedevelopmentofpracticalsecuritysolutions,soundvendorcustomizations,and end-userawarenessoftheproprietarydevicestheyareusing. Addressingthisdeficiencyisthesubjectofthisdissertation.Newapproachesforanalyzing, evaluatingandunderstandingAndroidaccesscontrolsareintroducedandusedtocreatean interactivedatabaseforusebysecurityresearchersaswellassystemdesignersandend-user productevaluators.Casestudiesusingthenewtechniquesaredescribed,withresultsuncovering problemsinAndroid’smultiuserframeworkandvendor-customizedSystemServices.Finally,the newinsightsareusedtodevelopandimplementanovelvirtualization-basedsecurity architecturethatprotectssensitiveresourceswhilepreservingAndroid’sopenarchitectureand expectedlevelsofperformanceandusability. UNDERSTANDING AND IMPROVING SECURITY OF THE ANDROID OPERATING SYSTEM by Edward Paul Ratazzi B.S.,RensselaerPolytechnicInstitute,1987 M.S.,SyracuseUniversity,1992 M.S.,RensselaerPolytechnicInstitute,2006 DISSERTATION Submittedinpartialfulfillmentoftherequirementsforthedegreeof DoctorofPhilosophyinElectrical&ComputerEngineering SyracuseUniversity December2016 ThisisaworkoftheU.S.GovernmentandisnotsubjecttocopyrightprotectionintheUnited States.Foreigncopyrightsmayapply. DISCLAIMER Theviewsexpressedinthisdissertationarethoseoftheauthoranddonotreflecttheofficial policyorpositionoftheUnitedStatesAirForce,DepartmentofDefense,ortheU.S.Government. v Dedicatoamiononno,EdwardRatazzi,Sr. — Dedicatedtomygrandpop,HenryPaul,Jr. vi Acknowledgments Mydeepestgratitudegoestothosearoundmewhomadecompletingthisdissertationpossible. First,tomyadvisor,Prof.WenliangDu.EventhoughImetyouwithacareer’sworthofexperience alreadybehindme,yourinsightsaboutconductingresearch,distillingproblemsandcritical thinkinghavechangedmyprofessionallife.IwillconsidermyselfagreatsuccessifIcanpassalong toothersevenafractionofwhatIlearnedfromyou.Iamespeciallythankfulforyourpatience, approachability,friendlystyle,andunderstandingofmyoutsidecommitmentstoworkandfamily. Tomydefensecommittee,Prof.JoonPark,Prof.Shiu-KaiChin,Prof.JianTang,Prof.YuzheTang, andProf.HengYin,fortakingtimeoutofyourbusyschedulestoreadthisdissertation,provide valuablefeedbackandserveonmycommittee. TotheInformationDirectorateoftheAirForceResearchLaboratoryforitscommitmentto career-longlearningandprofessionaldevelopment.Tomypastandpresentcolleaguesthere, includingDr.WarrenDebany,Jr.,Dr.KamalJabbour,Dr.DavyBelk,JoeCamera,Lt.Col.David Bibighaus,Dr.DanPease,andDr.LokYan.Yousupportedandguidedmyreturntograduate school,andprovidedmuch-neededencouragementalongtheway.Iamparticularlyindebtedto mysupervisorandfriend,JimPerretta.Forthelastfouryearsyouhaveshelteredmefrommany day-to-daydistractionssothatIcouldfocusonconductinganddocumentingmyin-house research.NowthatIamdone,Ihopetorisetothenewchallengesandopportunitiesyour leadershipbringstome. TothecurrentandformerstudentsoftheComputerSecurityResearchGroupatSyracuse, vii especiallyAmitAhlawat,FrancisAkowuah,AshokBommisetti,NianJi,Dr.YousraAafer,Dr.Xiao Zhang,JiamingLiu,KailiangYing,YifeiWang,HaoHao,HaichaoZhang,andLushaWang.Iamin aweofyourtechnicalskillsandgratefulforthecountlesshoursofdiscussionswe’vehad,bothin groupmeetingsandone-on-one.Iwishyouallthebestandhopewecancollaborateagaininthe future. ToeveryoneattheGriffissInstitute,especiallyBillWolf,ReganJohnson,TracyDiMeo,Dr.Josh White,andJimHanna.Youprovidedacomfortable,quietandwell-connectedenvironmentin whichtostudy,research,collaborate,andwrite.Withoutyoursupport,completingthis dissertationwouldhavebeentremendouslymoredifficultandlengthy. Tomyparents,RandaandEdRatazzi.Byexample,youtaughtmethevalueofeducation,theneed forperseverance,andtheimportanceofoptimism,allingredientsIfoundtobeessentialfor completingmystudies. Finallyandmostimportantly,tomywifeShirleyandchildrenEmilyandNicholas.Youencouraged mewhenthingsweretough,cheeredmysuccesses,andmadecountlesssacrificesalongtheway. Yourloveandconfidencearethecornerstoneofthisandallotheraccomplishmentsofmine. Syracuse,NewYork December2016 viii Contents Abstract i ListofFigures xiv ListofTables xvi 1 Introduction 1 1.1 Securityenhancementsproposedbythescientificliterature . . . . . . . . . . . . . . 3 1.2 Securityenhancementsavailabletoend-users . . . . . . . . . . . . . . . . . . . . . 4 1.3 ThesisandContributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.4 Dissertationorganization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2 Background 10 2.1 UniquenessofMobileDevices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.2 TutorialonAndroidSecurity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.2.1 Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.2.2 Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.2.3 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.2.4 Run-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.2.5 Removal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3 AndroidAccessControlEvaluationMethodology 20 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.1.1 ThreatModel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 ix

Description:
Test Results. I MotoX- . Test Results. J Linux Namespaces Analysis. J. Background . /proc/sys/net/ipv6/neigh/bridge0/retrans_time_ms. I/Netd.
ebook img

Understanding and Improving Security of the Android Operating System PDF

290 Pages·2017·7.88 MB·English
by  
Download
Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Download Understanding and Improving Security of the Android Operating System PDF Free - Full Version

by Unknow| 2017| 290 pages| 7.88| English

Download Understanding and Improving Security of the Android Operating System by in PDF format completely FREE. No registration required, no payment needed. Get instant access to this valuable resource on PDFdrive.to!

Free Download PDF

About Understanding and Improving Security of the Android Operating System

Test Results. I MotoX- . Test Results. J Linux Namespaces Analysis. J. Background . /proc/sys/net/ipv6/neigh/bridge0/retrans_time_ms. I/Netd.

Detailed Information

Author:Unknown
Publication Year:2017
Pages:290
Language:English
File Size:7.88
Format:PDF
Price:FREE
Download Free PDF

Safe & Secure Download - No registration required

Why Choose PDFdrive for Your Free Understanding and Improving Security of the Android Operating System Download?

  • 100% Free: No hidden fees or subscriptions required for one book every day.
  • No Registration: Immediate access is available without creating accounts for one book every day.
  • Safe and Secure: Clean downloads without malware or viruses
  • Multiple Formats: PDF, MOBI, Mpub,... optimized for all devices
  • Educational Resource: Supporting knowledge sharing and learning

Free Books Similar to Understanding and Improving Security of the Android Operating System

Frequently Asked Questions

Is it really free to download Understanding and Improving Security of the Android Operating System PDF?

Yes, on https://PDFdrive.to you can download Understanding and Improving Security of the Android Operating System by completely free. We don't require any payment, subscription, or registration to access this PDF file. For 3 books every day.

How can I read Understanding and Improving Security of the Android Operating System on my mobile device?

After downloading Understanding and Improving Security of the Android Operating System PDF, you can open it with any PDF reader app on your phone or tablet. We recommend using Adobe Acrobat Reader, Apple Books, or Google Play Books for the best reading experience.

Is this the full version of Understanding and Improving Security of the Android Operating System?

Yes, this is the complete PDF version of Understanding and Improving Security of the Android Operating System by Unknow. You will be able to read the entire content as in the printed version without missing any pages.

Is it legal to download Understanding and Improving Security of the Android Operating System PDF for free?

https://PDFdrive.to provides links to free educational resources available online. We do not store any files on our servers. Please be aware of copyright laws in your country before downloading.

The materials shared are intended for research, educational, and personal use in accordance with fair use principles.

Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.
We use cookies

We use cookies to ensure you get the best browsing experience on our website. By clicking "Accept Cookies", you agree that we can store cookies on your device in accordance with our Terms and Privacy.

DMCA & Copyright: Dear all, most of the website is community built, users are uploading hundred of books everyday, which makes really hard for us to identify copyrighted material, please contact us if you want any material removed.
Copyright @ PDFdrive.to, 2022 | We love our users