2015-08-12 ../../ | NoSlides

Android Security: Hardening Linux Kernel + Android Framework

Table of Contents

1 Hardening

  1. Exploit Mitigation: Keep the software footprint minimal
  2. Keep the kernel trimmed
  3. Replace Framework components with better ones

2 LKM (Linux Kernel Modules)

  1. Object code file, .ko extension; see lib/module
  2. Operations: insmod, rmmod Load and Unload into the kernel address space
  3. Can add system calls
  4. Can modify system call table
  5. Windows, OSX also have kernel modules.
  6. Advice: Reduce the number and usage of LKMs

3 Dynamic Freezing of SysCalls

  1. Linux has some 370+ system calls; Do we need them all?
  2. The production of a new system call is complicated
    1. Not intellectually
    2. In terms of Makefiles, what should be added where, …
    3. Details do change with kernel versions

3.1 Example: mount/umount

  1. mount: Do we need this through out the life of the OS?
    1. Only during certain "run-levels", e.g., "boot"
  2. umount: Need it during "shutdown"

3.2 system-call-table[]

  1. an array of ptrs to methods
  2. Initialized during kernel start
  3. Then onwards, in a read-only page
  4. There is a system-call-unimplemented() method
  5. All syscalls return a result/error code
  6. http://man7.org/linux/man-pages/man2/syscall.2.html

3.3 Freezing How To

  1. Using an LKM
  2. Change the system-call-table[] to read-and-write
  3. system-call-table[x] = system-call-unimplemented;
  4. Change the system-call-table[] back to read-only
  5. Unload the LKM

3.4 Issues

  1. Can this be used in an attack?
  2. Are LKMs dangerous?

4 Kernel Hardening with ASLR + ROP Prevention

5 Hardening the Android Framework

  1. Zygote to Morula to Enhanced Morula
    1. https://copperhead.co/2015/05/11/aslr-android-zygote
    2. https://copperhead.co/2015/06/11/android-pax
  2. Binder IPC improvements
    1. Man-in-the-Binder attack
  3. Fine grained Permissions
    1. Xposed Framework and XPrivacy

6 References

  1. Sunil Gadi, Security Hardened Kernels for Linux Servers, Wright State University, MS Thesis, Advisor: Prabhaker Mateti. 2004. Slides | Thesis
  2. Prabhaker Mateti, Proper Config, Fortification, Hardening, Lecture Notes 2014
  3. Priyanka Shetti, Enhanced Binder, Amrita U, MTech Thesis, 2015
  4. Asish K Sahadevan, "Security Improvements to the Android Kernel," Amrita U, MTech Thesis, 2015

7 End

Copyright © 2019 www.wright.edu/~pmateti 2015-08-12