SlideShare uma empresa Scribd logo

Mr201305 tizen security_eng

FFRI, Inc.
FFRI, Inc.
Tecnologia
1 de 22
Baixar para ler offline
Fourteenforty Research Institute, Inc. 1 Tizen Security Fourteenforty Research Institute, Inc. http://www.fourteenforty.jp Senior Research Engineer Shuichiro Suzuki
Fourteenforty Research Institute, Inc. • As alternative OS for smartphones and tablets Tizen and Firefox OS are becoming remarkable OS • A vendor in Japan may release a device with Tizen OS in this or next year • In Android security has been concerned after its release • How about the security in new OS? • Research on the security of Tizen • Research in this slides are done by using an emulator in Tizen SDK 2.1 Background 2
Fourteenforty Research Institute, Inc. • Overview – Open source OS for mobile devices – One project in Linux Foundation – Development is mainly lead by Samsung and Intel • Features – Linux based OS – It supports both web and native application development from Tizen 2.0 About Tizen 3
Fourteenforty Research Institute, Inc. Tizen Architecture 4 From http://upload.wikimedia.org/wikipedia/commons/c/c3/What_is_tizen_architecture.png Supports web and native applications
Fourteenforty Research Institute, Inc. • There are 2 application package format – Tizen Package (.tpk) : Native Applications – Tizen Web Package (.wgt) : Web Applications Tizen Package 5
Fourteenforty Research Institute, Inc. • Installed into /opt/apps/(AppId) • AppId is 10 byte length string • Under /opt/apps/(AppId) directory there are – bin/ – data/ – res/ Common Feature of Tizen Web/Native application 6
Fourteenforty Research Institute, Inc. Tizen Web package 7 From https://developer.tizen.org/documentation/articles/tizen-application-packaging-overview • Zip archive with .wgt extension • .wgt file constitutes the structure show below • bin directory has a file which is a symbolic link to Web Runtime (WRT) • A web apllication is hosted by this Web Runtime
Fourteenforty Research Institute, Inc. • Zip archive with .tpk extension • .tpk file constitutes the whole structure under (AppId) dirctory • bin directory has an application binary Tizen Native package 8 https://developer.tizen.org/documentation/articles/tizen-application-packaging-overviewより引用
Fourteenforty Research Institute, Inc. Security 9 • Research on following security features – OS level Security • Access Control • Vulnerability Protection • Content Security Framework – Application Rights Isolation • Privileges • Feature
Fourteenforty Research Institute, Inc. Overview of Access Control 10 • All the processes run with one of 2 UIDs which corresponds following accounts – root – app • Both web and native application run with UID ‘app’ • It has mandatory access control by SMACK – All the applications are labeled by SMACK
Fourteenforty Research Institute, Inc. Using 2 UIDs 11 Kernel Web App1 Web Runtime (UID: app) Web App2 Native App (UID: app) Service (UID: root) Run with UID ‘app’ Processes require high rights run with UID ‘root’
Fourteenforty Research Institute, Inc. Application Isolation 12 All the applications run with UID ‘app’ ↓ Can they access their private file each other?? Access control by SMACK (They cannot access their private file each other by default)
Fourteenforty Research Institute, Inc. • One of the implementations of LSM(Linux Security Modules) • Labeling to Subject (≓ process) and Object (≓ file) and controlled by access rules between them • Example of a rule: SMACK 13 Subject labeled “TopSecret” TopSecret Secret rx To object labeled “Secret” Can read and execute
Fourteenforty Research Institute, Inc. Utilize SMACK Label 14 Kernel Web App1 Web Runtime (UID: app) Web App2 Native App1 (UID: app) Service1 (UID: root) WebApp1 SMACK Label WebApp2 NativeApp1 File1 WebApp1 File2 WebApp2 Cannot access to a file labeled WebApp2 Service1 Run with UID ‘app’ Processes require high rights run with UID ‘root’
Fourteenforty Research Institute, Inc. Vulnerability Protection 15 • Supports native(C/C++) application development from Tizen 2.0 • There may be a typical buffer overflow vulnerability • Main possible protections are ASLR and DEP
Fourteenforty Research Institute, Inc. DEP 16 • Tested following code as a Tizen Native Application int func(){ int a = 10; int b = 20; return a+b; } _EXPORT_ int OspMain(int argc, char *pArgv[]) { AppLog("Application started."); char buf[1024]; int (*f)(); memcpy( buf, (char*)func, 1024); f = (int (*)())buf; int b = f(); ArrayList args(SingleObjectDeleter); args.Construct(); ….. Prepare buffer on the stack Copy func() into the buffer Run the cond on the stack This is executed without any errors DEP is not enabled (on Tizen SDK 2.1 x86 Emulator)
Fourteenforty Research Institute, Inc. ASLR 17 • The value of /proc/sys/kernel/randomize_va_space is 2 – Which means ASLR is enabled • But actually… (Tizen Native App on emulator) – Run a same program 2 times. Main modules, heap and stack addresses in /proc/[pid]/maps are the same -> Not Randomized (On Tizen SDK 2.1 x86 Emulator) • The value of /proc/self/personality is 00040000 (ADDR_NO_RANDOMIZE) – ASLR is disabled by this setting 09e0e000-09e70000 rw-p 00000000 00:00 0 [heap] 09e70000-09f80000 rw-p 00000000 00:00 0 [heap] b36e7000-b36ec000 r-xp 00000000 fe:00 73077 /opt/usr/apps/hNLQmS2Kl0/bin/MySample7.exe b36ec000-b36ed000 rw-p 00004000 fe:00 73077 /opt/usr/apps/hNLQmS2Kl0/bin/MySample7.exe b36ed000-b36f0000 r-xp 00000000 fe:00 73094 /opt/usr/apps/hNLQmS2Kl0/bin/MySample7 b36f0000-b36f1000 rw-p 00002000 fe:00 73094 /opt/usr/apps/hNLQmS2Kl0/bin/MySample7 bfdcf000-bfdf0000 rw-p 00000000 00:00 0 [stack]
Fourteenforty Research Institute, Inc. Applications Content Security Framework(CSF) 18 • This framework makes it easier to provide security check feature into Tizen • CSF defines API and Plug-in interface • Security check feature is provided as a Plugin(libengine.so) • A Plug-in provides features to check file, URL, Web site(HTML, JavaScript) • Applications provides the Plug-in (Security Application Package) must have trusted signature System Libraries Browser Call CSF APIs libengine.so Content Security Framework Installer Security Application Package libengine.so Install CSF Plugin
Fourteenforty Research Institute, Inc. • Privilege – Tizen divides APIs into 3 categories according to its right • Public - All the developers can use • Partner - Partner developers who registered Tizen appliction store can use • Platform - For managing Tizen platform(Limited developers can use) – Application without proper privilege can not use API – Application manifest file has the description of privileges • Feature – This is like a permission on Android platform – Write features to use (Access contacts, camera and so on) in manifest file – Web Runtime has Access Control Engine (ACE) – It controls an access to each features Application Rights Isolation 19
Fourteenforty Research Institute, Inc. Web Application Sandbox 20 Kernel Web Runtime Web Application JavaScript API System Call 2 stage access control via Web Runtime and SMACK SMACK(LSM) Check SMACK Rule WRT Access Control Engine Check Features Rule Even if there is a vulnerability in Web Runtime it can prevent to access to device file to which the process does not have an permission (Have not confirmed that all the access control level is the same between WRT and SMACK rules)
Fourteenforty Research Institute, Inc. • SMACK is the core part of access control in Tizen • It has 2 stage access control with WRT and SMACK for web based application • It can flexibly provides security check feature by Content Security Framework • There may be a classical vulnerability like buffer overflow since it allows to develop an application by native(C/C++) code. • There are some spaces to improve in memory protection such as ASLR or DEP Summary 21
Fourteenforty Research Institute, Inc. • http://download.tizen.org/misc/media/conference2012/tuesday/ballroom -c/2012-05-08-1600-1640-tizen_security_framework_overview.pdf • http://download.tizen.org/misc/media/conference2012/wednesday/seacl iff/2012-05-09-0945-1025- understanding_the_permission_and_access_control_model_for_tizen_applicati on_sandboxing.pdf • http://www.youtube.com/watch?v=GtiAQOo4beg Reference 22

Recomendados

Captain Hook: Pirating AVs to Bypass Exploit Mitigations
Captain Hook: Pirating AVs to Bypass Exploit MitigationsCaptain Hook: Pirating AVs to Bypass Exploit Mitigations
Captain Hook: Pirating AVs to Bypass Exploit MitigationsenSilo
 
How security broken? - Android internals and malware infection possibilities
How security broken? - Android internals and malware infection possibilitiesHow security broken? - Android internals and malware infection possibilities
How security broken? - Android internals and malware infection possibilitiesFFRI, Inc.
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration TestingOWASP
 
Farewell, Stagefright bugs!
Farewell, Stagefright bugs!Farewell, Stagefright bugs!
Farewell, Stagefright bugs!Tsukasa Oi
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCanSecWest
 
Dll injection
Dll injectionDll injection
Dll injectionKarlFrank99
 
openioc_scan - IOC scanner for memory forensics
openioc_scan - IOC scanner for memory forensicsopenioc_scan - IOC scanner for memory forensics
openioc_scan - IOC scanner for memory forensicsTakahiro Haruyama
 
Lifnaaaaaa e
Lifnaaaaaa eLifnaaaaaa e
Lifnaaaaaa ehenelpj
 

Recomendados

Captain Hook: Pirating AVs to Bypass Exploit Mitigations
Captain Hook: Pirating AVs to Bypass Exploit MitigationsCaptain Hook: Pirating AVs to Bypass Exploit Mitigations
Captain Hook: Pirating AVs to Bypass Exploit MitigationsenSilo
 
How security broken? - Android internals and malware infection possibilities
How security broken? - Android internals and malware infection possibilitiesHow security broken? - Android internals and malware infection possibilities
How security broken? - Android internals and malware infection possibilitiesFFRI, Inc.
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration TestingOWASP
 
Farewell, Stagefright bugs!
Farewell, Stagefright bugs!Farewell, Stagefright bugs!
Farewell, Stagefright bugs!Tsukasa Oi
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCanSecWest
 
Dll injection
Dll injectionDll injection
Dll injectionKarlFrank99
 
openioc_scan - IOC scanner for memory forensics
openioc_scan - IOC scanner for memory forensicsopenioc_scan - IOC scanner for memory forensics
openioc_scan - IOC scanner for memory forensicsTakahiro Haruyama
 
Lifnaaaaaa e
Lifnaaaaaa eLifnaaaaaa e
Lifnaaaaaa ehenelpj
 
Csw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelistingCsw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelistingCanSecWest
 
Malicious File for Exploiting Forensic Software
Malicious File for Exploiting Forensic SoftwareMalicious File for Exploiting Forensic Software
Malicious File for Exploiting Forensic SoftwareTakahiro Haruyama
 
Volatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident ResponseVolatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident ResponseTakahiro Haruyama
 
Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator
Windows Offender: Reverse Engineering Windows Defender's Antivirus EmulatorWindows Offender: Reverse Engineering Windows Defender's Antivirus Emulator
Windows Offender: Reverse Engineering Windows Defender's Antivirus EmulatorPriyanka Aash
 
One-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisOne-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisTakahiro Haruyama
 
Fast and Generic Malware Triage Using openioc_scan Volatility Plugin
Fast and Generic Malware Triage Using openioc_scan Volatility PluginFast and Generic Malware Triage Using openioc_scan Volatility Plugin
Fast and Generic Malware Triage Using openioc_scan Volatility PluginTakahiro Haruyama
 
Secure Coding in Perl
Secure Coding in PerlSecure Coding in Perl
Secure Coding in PerlIan Kluft
 
Securing a Raspberry Pi and other DIY IoT devices
Securing a Raspberry Pi and other DIY IoT devicesSecuring a Raspberry Pi and other DIY IoT devices
Securing a Raspberry Pi and other DIY IoT devicesIan Kluft
 
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyA Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyFFRI, Inc.
 
Fuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidFuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidE Hacking
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
CNIT 128 7. Attacking Android Applications (Part 1)
CNIT 128 7. Attacking Android Applications (Part 1)CNIT 128 7. Attacking Android Applications (Part 1)
CNIT 128 7. Attacking Android Applications (Part 1)Sam Bowne
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted ComputingOWASP
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentestingn|u - The Open Security Community
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsSam Bowne
 
Investigating Hackers' Tools
Investigating Hackers' ToolsInvestigating Hackers' Tools
Investigating Hackers' ToolsIsrael Umana
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaCODE BLUE
 
Fighting Malware Without Antivirus
Fighting Malware Without AntivirusFighting Malware Without Antivirus
Fighting Malware Without AntivirusEnergySec
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)Sam Bowne
 
Pharo IoT: Using Pharo to playing with GPIOs and sensors on IoT devices remotely
Pharo IoT: Using Pharo to playing with GPIOs and sensors on IoT devices remotelyPharo IoT: Using Pharo to playing with GPIOs and sensors on IoT devices remotely
Pharo IoT: Using Pharo to playing with GPIOs and sensors on IoT devices remotelyESUG
 
Yet Another Android Rootkit
Yet Another Android RootkitYet Another Android Rootkit
Yet Another Android RootkitFFRI, Inc.
 
Developing Tizen OS Based Solutions (IDF13) - Chris Norman
Developing Tizen OS Based Solutions (IDF13) - Chris NormanDeveloping Tizen OS Based Solutions (IDF13) - Chris Norman
Developing Tizen OS Based Solutions (IDF13) - Chris NormanRyo Jin
 

Mais conteúdo relacionado

Mais procurados

Csw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelistingCsw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelistingCanSecWest
 
Malicious File for Exploiting Forensic Software
Malicious File for Exploiting Forensic SoftwareMalicious File for Exploiting Forensic Software
Malicious File for Exploiting Forensic SoftwareTakahiro Haruyama
 
Volatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident ResponseVolatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident ResponseTakahiro Haruyama
 
Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator
Windows Offender: Reverse Engineering Windows Defender's Antivirus EmulatorWindows Offender: Reverse Engineering Windows Defender's Antivirus Emulator
Windows Offender: Reverse Engineering Windows Defender's Antivirus EmulatorPriyanka Aash
 
One-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisOne-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisTakahiro Haruyama
 
Fast and Generic Malware Triage Using openioc_scan Volatility Plugin
Fast and Generic Malware Triage Using openioc_scan Volatility PluginFast and Generic Malware Triage Using openioc_scan Volatility Plugin
Fast and Generic Malware Triage Using openioc_scan Volatility PluginTakahiro Haruyama
 
Secure Coding in Perl
Secure Coding in PerlSecure Coding in Perl
Secure Coding in PerlIan Kluft
 
Securing a Raspberry Pi and other DIY IoT devices
Securing a Raspberry Pi and other DIY IoT devicesSecuring a Raspberry Pi and other DIY IoT devices
Securing a Raspberry Pi and other DIY IoT devicesIan Kluft
 
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyA Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyFFRI, Inc.
 
Fuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidFuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidE Hacking
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
CNIT 128 7. Attacking Android Applications (Part 1)
CNIT 128 7. Attacking Android Applications (Part 1)CNIT 128 7. Attacking Android Applications (Part 1)
CNIT 128 7. Attacking Android Applications (Part 1)Sam Bowne
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted ComputingOWASP
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsSam Bowne
 
Investigating Hackers' Tools
Investigating Hackers' ToolsInvestigating Hackers' Tools
Investigating Hackers' ToolsIsrael Umana
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaCODE BLUE
 
Fighting Malware Without Antivirus
Fighting Malware Without AntivirusFighting Malware Without Antivirus
Fighting Malware Without AntivirusEnergySec
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)Sam Bowne
 
Pharo IoT: Using Pharo to playing with GPIOs and sensors on IoT devices remotely
Pharo IoT: Using Pharo to playing with GPIOs and sensors on IoT devices remotelyPharo IoT: Using Pharo to playing with GPIOs and sensors on IoT devices remotely
Pharo IoT: Using Pharo to playing with GPIOs and sensors on IoT devices remotelyESUG
 

Mais procurados (20)

Csw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelistingCsw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelisting
 
Malicious File for Exploiting Forensic Software
Malicious File for Exploiting Forensic SoftwareMalicious File for Exploiting Forensic Software
Malicious File for Exploiting Forensic Software
 
Volatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident ResponseVolatile IOCs for Fast Incident Response
Volatile IOCs for Fast Incident Response
 
Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator
Windows Offender: Reverse Engineering Windows Defender's Antivirus EmulatorWindows Offender: Reverse Engineering Windows Defender's Antivirus Emulator
Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator
 
One-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic AnalysisOne-Byte Modification for Breaking Memory Forensic Analysis
One-Byte Modification for Breaking Memory Forensic Analysis
 
Fast and Generic Malware Triage Using openioc_scan Volatility Plugin
Fast and Generic Malware Triage Using openioc_scan Volatility PluginFast and Generic Malware Triage Using openioc_scan Volatility Plugin
Fast and Generic Malware Triage Using openioc_scan Volatility Plugin
 
Secure Coding in Perl
Secure Coding in PerlSecure Coding in Perl
Secure Coding in Perl
 
Securing a Raspberry Pi and other DIY IoT devices
Securing a Raspberry Pi and other DIY IoT devicesSecuring a Raspberry Pi and other DIY IoT devices
Securing a Raspberry Pi and other DIY IoT devices
 
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyA Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
 
Fuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidFuzzing the Media Framework in Android
Fuzzing the Media Framework in Android
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
CNIT 128 7. Attacking Android Applications (Part 1)
CNIT 128 7. Attacking Android Applications (Part 1)CNIT 128 7. Attacking Android Applications (Part 1)
CNIT 128 7. Attacking Android Applications (Part 1)
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android Applications
 
Investigating Hackers' Tools
Investigating Hackers' ToolsInvestigating Hackers' Tools
Investigating Hackers' Tools
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
 
Fighting Malware Without Antivirus
Fighting Malware Without AntivirusFighting Malware Without Antivirus
Fighting Malware Without Antivirus
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 2)
 
Pharo IoT: Using Pharo to playing with GPIOs and sensors on IoT devices remotely
Pharo IoT: Using Pharo to playing with GPIOs and sensors on IoT devices remotelyPharo IoT: Using Pharo to playing with GPIOs and sensors on IoT devices remotely
Pharo IoT: Using Pharo to playing with GPIOs and sensors on IoT devices remotely
 

Semelhante a Mr201305 tizen security_eng

Yet Another Android Rootkit
Yet Another Android RootkitYet Another Android Rootkit
Yet Another Android RootkitFFRI, Inc.
 
Developing Tizen OS Based Solutions (IDF13) - Chris Norman
Developing Tizen OS Based Solutions (IDF13) - Chris NormanDeveloping Tizen OS Based Solutions (IDF13) - Chris Norman
Developing Tizen OS Based Solutions (IDF13) - Chris NormanRyo Jin
 
Hacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperHacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperAjin Abraham
 
Attack surface analysis of Tizen devices
Attack surface analysis of Tizen devicesAttack surface analysis of Tizen devices
Attack surface analysis of Tizen devicesRyo Jin
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidSam Bowne
 
SLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure PlatformSLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure PlatformYoshitake Kobayashi
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Subhransu Behera
 
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...FFRI, Inc.
 
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...Priyanka Aash
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application SecurityEgor Tolstoy
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applicationseightbit
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and SecurityKelwin Yang
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2Mohammed Adam
 
Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Liran Tal
 
Introduction to android sessions new
Introduction to android sessions newIntroduction to android sessions new
Introduction to android sessions newJoe Jacob
 
Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Jerod Brennen
 
Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...
Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...
Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...EmbeddedFest
 

Semelhante a Mr201305 tizen security_eng (20)

Yet Another Android Rootkit
Yet Another Android RootkitYet Another Android Rootkit
Yet Another Android Rootkit
 
Developing Tizen OS Based Solutions (IDF13) - Chris Norman
Developing Tizen OS Based Solutions (IDF13) - Chris NormanDeveloping Tizen OS Based Solutions (IDF13) - Chris Norman
Developing Tizen OS Based Solutions (IDF13) - Chris Norman
 
Hacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperHacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - Whitepaper
 
Attack surface analysis of Tizen devices
Attack surface analysis of Tizen devicesAttack surface analysis of Tizen devices
Attack surface analysis of Tizen devices
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: Android
 
128-ch4.pptx
128-ch4.pptx128-ch4.pptx
128-ch4.pptx
 
SLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure PlatformSLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure Platform
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1
 
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...
 
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
 
App armor structure
App armor structureApp armor structure
App armor structure
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application Security
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applications
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
 
Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022Snyk Intro - Developer Security Essentials 2022
Snyk Intro - Developer Security Essentials 2022
 
Introduction to android sessions new
Introduction to android sessions newIntroduction to android sessions new
Introduction to android sessions new
 
Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!
 
Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...
Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...
Embedded Fest 2019. Володимир Шанойло. High FIVE: Samsung integrity protectio...
 
iOS Application Exploitation
iOS Application ExploitationiOS Application Exploitation
iOS Application Exploitation
 

Mais de FFRI, Inc.

Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMAppearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMFFRI, Inc.
 
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMAppearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMFFRI, Inc.
 
TrustZone use case and trend (FFRI Monthly Research Mar 2017)
TrustZone use case and trend (FFRI Monthly Research Mar 2017) TrustZone use case and trend (FFRI Monthly Research Mar 2017)
TrustZone use case and trend (FFRI Monthly Research Mar 2017) FFRI, Inc.
 
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017)
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017) An Overview of the Android Things Security (FFRI Monthly Research Jan 2017)
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017) FFRI, Inc.
 
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016) Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016) FFRI, Inc.
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)FFRI, Inc.
 
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...FFRI, Inc.
 
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)FFRI, Inc.
 
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)FFRI, Inc.
 
About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7)
About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7) About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7)
About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7) FFRI, Inc.
 
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)FFRI, Inc.
 
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)FFRI, Inc.
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...FFRI, Inc.
 
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)FFRI, Inc.
 
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...FFRI, Inc.
 
Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)
Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)
Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)FFRI, Inc.
 
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)FFRI, Inc.
 
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)FFRI, Inc.
 
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...FFRI, Inc.
 
Malwarem armed with PowerShell
Malwarem armed with PowerShellMalwarem armed with PowerShell
Malwarem armed with PowerShellFFRI, Inc.
 

Mais de FFRI, Inc. (20)

Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMAppearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
 
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMAppearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
 
TrustZone use case and trend (FFRI Monthly Research Mar 2017)
TrustZone use case and trend (FFRI Monthly Research Mar 2017) TrustZone use case and trend (FFRI Monthly Research Mar 2017)
TrustZone use case and trend (FFRI Monthly Research Mar 2017)
 
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017)
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017) An Overview of the Android Things Security (FFRI Monthly Research Jan 2017)
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017)
 
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016) Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
 
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
 
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
 
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)
 
About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7)
About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7) About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7)
About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7)
 
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
 
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
 
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)
 
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
 
Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)
Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)
Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)
 
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
 
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
 
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
 
Malwarem armed with PowerShell
Malwarem armed with PowerShellMalwarem armed with PowerShell
Malwarem armed with PowerShell
 

Último

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 

Último (20)

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 

Mr201305 tizen security_eng

  • 1. Fourteenforty Research Institute, Inc. 1 Tizen Security Fourteenforty Research Institute, Inc. http://www.fourteenforty.jp Senior Research Engineer Shuichiro Suzuki
  • 2. Fourteenforty Research Institute, Inc. • As alternative OS for smartphones and tablets Tizen and Firefox OS are becoming remarkable OS • A vendor in Japan may release a device with Tizen OS in this or next year • In Android security has been concerned after its release • How about the security in new OS? • Research on the security of Tizen • Research in this slides are done by using an emulator in Tizen SDK 2.1 Background 2
  • 3. Fourteenforty Research Institute, Inc. • Overview – Open source OS for mobile devices – One project in Linux Foundation – Development is mainly lead by Samsung and Intel • Features – Linux based OS – It supports both web and native application development from Tizen 2.0 About Tizen 3
  • 4. Fourteenforty Research Institute, Inc. Tizen Architecture 4 From http://upload.wikimedia.org/wikipedia/commons/c/c3/What_is_tizen_architecture.png Supports web and native applications
  • 5. Fourteenforty Research Institute, Inc. • There are 2 application package format – Tizen Package (.tpk) : Native Applications – Tizen Web Package (.wgt) : Web Applications Tizen Package 5
  • 6. Fourteenforty Research Institute, Inc. • Installed into /opt/apps/(AppId) • AppId is 10 byte length string • Under /opt/apps/(AppId) directory there are – bin/ – data/ – res/ Common Feature of Tizen Web/Native application 6
  • 7. Fourteenforty Research Institute, Inc. Tizen Web package 7 From https://developer.tizen.org/documentation/articles/tizen-application-packaging-overview • Zip archive with .wgt extension • .wgt file constitutes the structure show below • bin directory has a file which is a symbolic link to Web Runtime (WRT) • A web apllication is hosted by this Web Runtime
  • 8. Fourteenforty Research Institute, Inc. • Zip archive with .tpk extension • .tpk file constitutes the whole structure under (AppId) dirctory • bin directory has an application binary Tizen Native package 8 https://developer.tizen.org/documentation/articles/tizen-application-packaging-overviewより引用
  • 9. Fourteenforty Research Institute, Inc. Security 9 • Research on following security features – OS level Security • Access Control • Vulnerability Protection • Content Security Framework – Application Rights Isolation • Privileges • Feature
  • 10. Fourteenforty Research Institute, Inc. Overview of Access Control 10 • All the processes run with one of 2 UIDs which corresponds following accounts – root – app • Both web and native application run with UID ‘app’ • It has mandatory access control by SMACK – All the applications are labeled by SMACK
  • 11. Fourteenforty Research Institute, Inc. Using 2 UIDs 11 Kernel Web App1 Web Runtime (UID: app) Web App2 Native App (UID: app) Service (UID: root) Run with UID ‘app’ Processes require high rights run with UID ‘root’
  • 12. Fourteenforty Research Institute, Inc. Application Isolation 12 All the applications run with UID ‘app’ ↓ Can they access their private file each other?? Access control by SMACK (They cannot access their private file each other by default)
  • 13. Fourteenforty Research Institute, Inc. • One of the implementations of LSM(Linux Security Modules) • Labeling to Subject (≓ process) and Object (≓ file) and controlled by access rules between them • Example of a rule: SMACK 13 Subject labeled “TopSecret” TopSecret Secret rx To object labeled “Secret” Can read and execute
  • 14. Fourteenforty Research Institute, Inc. Utilize SMACK Label 14 Kernel Web App1 Web Runtime (UID: app) Web App2 Native App1 (UID: app) Service1 (UID: root) WebApp1 SMACK Label WebApp2 NativeApp1 File1 WebApp1 File2 WebApp2 Cannot access to a file labeled WebApp2 Service1 Run with UID ‘app’ Processes require high rights run with UID ‘root’
  • 15. Fourteenforty Research Institute, Inc. Vulnerability Protection 15 • Supports native(C/C++) application development from Tizen 2.0 • There may be a typical buffer overflow vulnerability • Main possible protections are ASLR and DEP
  • 16. Fourteenforty Research Institute, Inc. DEP 16 • Tested following code as a Tizen Native Application int func(){ int a = 10; int b = 20; return a+b; } _EXPORT_ int OspMain(int argc, char *pArgv[]) { AppLog("Application started."); char buf[1024]; int (*f)(); memcpy( buf, (char*)func, 1024); f = (int (*)())buf; int b = f(); ArrayList args(SingleObjectDeleter); args.Construct(); ….. Prepare buffer on the stack Copy func() into the buffer Run the cond on the stack This is executed without any errors DEP is not enabled (on Tizen SDK 2.1 x86 Emulator)
  • 17. Fourteenforty Research Institute, Inc. ASLR 17 • The value of /proc/sys/kernel/randomize_va_space is 2 – Which means ASLR is enabled • But actually… (Tizen Native App on emulator) – Run a same program 2 times. Main modules, heap and stack addresses in /proc/[pid]/maps are the same -> Not Randomized (On Tizen SDK 2.1 x86 Emulator) • The value of /proc/self/personality is 00040000 (ADDR_NO_RANDOMIZE) – ASLR is disabled by this setting 09e0e000-09e70000 rw-p 00000000 00:00 0 [heap] 09e70000-09f80000 rw-p 00000000 00:00 0 [heap] b36e7000-b36ec000 r-xp 00000000 fe:00 73077 /opt/usr/apps/hNLQmS2Kl0/bin/MySample7.exe b36ec000-b36ed000 rw-p 00004000 fe:00 73077 /opt/usr/apps/hNLQmS2Kl0/bin/MySample7.exe b36ed000-b36f0000 r-xp 00000000 fe:00 73094 /opt/usr/apps/hNLQmS2Kl0/bin/MySample7 b36f0000-b36f1000 rw-p 00002000 fe:00 73094 /opt/usr/apps/hNLQmS2Kl0/bin/MySample7 bfdcf000-bfdf0000 rw-p 00000000 00:00 0 [stack]
  • 18. Fourteenforty Research Institute, Inc. Applications Content Security Framework(CSF) 18 • This framework makes it easier to provide security check feature into Tizen • CSF defines API and Plug-in interface • Security check feature is provided as a Plugin(libengine.so) • A Plug-in provides features to check file, URL, Web site(HTML, JavaScript) • Applications provides the Plug-in (Security Application Package) must have trusted signature System Libraries Browser Call CSF APIs libengine.so Content Security Framework Installer Security Application Package libengine.so Install CSF Plugin
  • 19. Fourteenforty Research Institute, Inc. • Privilege – Tizen divides APIs into 3 categories according to its right • Public - All the developers can use • Partner - Partner developers who registered Tizen appliction store can use • Platform - For managing Tizen platform(Limited developers can use) – Application without proper privilege can not use API – Application manifest file has the description of privileges • Feature – This is like a permission on Android platform – Write features to use (Access contacts, camera and so on) in manifest file – Web Runtime has Access Control Engine (ACE) – It controls an access to each features Application Rights Isolation 19
  • 20. Fourteenforty Research Institute, Inc. Web Application Sandbox 20 Kernel Web Runtime Web Application JavaScript API System Call 2 stage access control via Web Runtime and SMACK SMACK(LSM) Check SMACK Rule WRT Access Control Engine Check Features Rule Even if there is a vulnerability in Web Runtime it can prevent to access to device file to which the process does not have an permission (Have not confirmed that all the access control level is the same between WRT and SMACK rules)
  • 21. Fourteenforty Research Institute, Inc. • SMACK is the core part of access control in Tizen • It has 2 stage access control with WRT and SMACK for web based application • It can flexibly provides security check feature by Content Security Framework • There may be a classical vulnerability like buffer overflow since it allows to develop an application by native(C/C++) code. • There are some spaces to improve in memory protection such as ASLR or DEP Summary 21
  • 22. Fourteenforty Research Institute, Inc. • http://download.tizen.org/misc/media/conference2012/tuesday/ballroom -c/2012-05-08-1600-1640-tizen_security_framework_overview.pdf • http://download.tizen.org/misc/media/conference2012/wednesday/seacl iff/2012-05-09-0945-1025- understanding_the_permission_and_access_control_model_for_tizen_applicati on_sandboxing.pdf • http://www.youtube.com/watch?v=GtiAQOo4beg Reference 22