Android Security

Prabhaker Mateti

Wright State University

www.cs.wright.edu/~pmateti

Refresher on OS, FileSys, Networking

Prabhaker Mateti

Wright State University

www.cs.wright.edu/~pmateti

Table of Contents

1 Operating Systems

  1. Everything you see here is required background for our discussion of Android Internals and Security.

1.1 What is a program?

  1. Do NOT use "program" and "process" interchangeably.
  2. Precise def will be based on OS.
  3. A program is a file
    1. Executable permissions
    2. Structure of content rigidly defined by an executable format
      1. Linux: ELF, a.out, coff
      2. Windows: com, exe
      3. Java: .class files
      4. Android: .dex
  4. Program v Object code files
    1. generated by a linker
    2. On Linux, /usr/bin/ld (historically misnamed)
  5. The compiler/IDE tool chain invokes the linker
  6. Android APK file includes
    1. the .dex file
    2. many (20+?) other files describing resources.
    3. "App" is an alternate term for a program

1.2 What is a process?

  1. Process is a run-time volatile entity created by the OS system call exec
  2. Processes have a virtual memory foot print.
    1. Code (machine instructions; historically misnamed as "text")
    2. Run time stack content
    3. Run time heap content
    4. Run time global variables
    5. Subject to paging and swapping
  3. Android details are more complex cf. Linux

1.3 Properties of a Process

  1. A program "does not run" – it justs sits somewhere on the disk.
  2. A process has a life cycle: is born, lives/runs for a while, dies.
  3. Every process has one parent.
    1. Obvious Exception: the very first process. Named: init
    2. Parent is expected to out-live the child.
  4. Every process has a unique process-ID (pid) assigned to it by the OS. Typically, 1 + pid of the last process born
  5. Every process is owned by a user. Typically the user who invoked the correspnding program. But, see suid.

1.4 Processes v Threads

  1. Processes are disjoint from each other. Their address speaces are disjoint. They are unaware of each other. OS schedules their execution.
  2. A thread is part of a process. Typically, several threads share a process. Address space is overlapping. The language (eg., Java) runtime schedules the execution.

1.5 Inter Process Communication (IPC)

  1. All the following is via Operating System Calls (syscalls)
  2. Read: http://man7.org/conf/lca2013/IPC_Overview-LCA-2013-printable.pdf
  3. Read: http://www.tldp.org/LDP/tlk/ipc/ipc.html from The Linux Documentation Project

1.6 IPC: Message Passing

  1. P:: send(Q, e), value of expression e is sent to process Q
  2. Q:: receive(P, v), from P receive a msg, and store it in v
  3. asynchronous – non-blocking, sender sends and is off to his own work
  4. synchronous – blocking, sender waits for "got-it" ACK from receiver
  5. #include <sys/ipc.h>
  6. #include <sys/msg.h>
  7. http://man7.org/linux/man-pages/man2/recv.2.html is for sockets, not IPC

1.7 IPC: Shared Memory

  1. An area of memory A of process P is shared with Q
  2. Their addresses in P and Q may or may not be equal.
  3. Any writes of P are seen (read) by Q; and vice-versa
  4. Need to be careful: When does Q read? Before or after P has made changes?
  5. http://man7.org/linux/man-pages/man7/shm_overview.7.html

1.8 IPC: Synchronization

  1. All the following "loosely" (not rigorously) stated.
  2. Linux Semaphores (versus text book versions)
  3. Locks
  4. iNotify (tell me when a file or dir has changed)

1.9 IPC: Mutual Exclusion

  1. A sequence S1 of code lines of P1 shoud not be in execution while S2 of P2 is, and vice versa
  2. Progress in computation: 4 requirements
  3. Difference between mutual-exclusion and synchronization

1.10 Silbershatz and Galvin book Linux Slides

  1. ./LinuxOS-SGOSbookCh20.ppt Linux chapter from Silbershatz and Galvin book.

2 File Systems

  1. file-volume = content of a (hard-disk) partition organized into
    1. Directories and Files
    2. List of free blocks
    3. Parameters describing the volume
  2. file system = file volume + code
  3. A HDD or flash storage based file volumes are persistent.
  4. A RAM-"disk" based file volumes are not persistent, but commonly used.

2.1 Operations

  1. mkfs – one a given partition, make an initial file volume. Only the root and lost+found directories are created. List of free blocks etc initialized. Different mkfs for different fs-designs: mkfs.ext4, mkfs.vfat
  2. fsck – check the integrity of a file volume.
  3. mount – take an off-line file-volume and mount it on an existing directory, called mount-point. Depending on the options, the previous contents of the mount-point becomes invisible. The file-volume appears instead.
  4. umount (sic) – unmount, reverse of above.

2.2 ext4

  1. ext4 is a particular design of a Linux native file system. Windows "drivers" exist but may not be reliable. You need to download and install.
  2. ext4 is a journaling file system.
  3. Android formats its internal eMMC storage as ext4.

2.3 vfat

  1. vfat is a particular design of a Windows native file system. Linux is wholly reliable with it. vfat is now a standard part of Linux.
  2. Android formats its internal flash eMMC storage as ext4, and removable uSD cards as (typically) vfat.

2.4 Swap Space

  1. A file volume designed for use in virtual memory (pages, segments).
  2. When swap space is exhausted, machine will "crawl"
  3. If machine has large amounts of physical memory (RAM), swap space is unused.

2.5 Loop Device

  1. Simulation of a file as a block device
  2. file ubuntu-trusty.iso downloaded iso image
  3. # mkdir -p /root/A create mount point
  4. # mount kubuntu-14.04-desktop-amd64.iso /root/A
  5. % df shows /dev/loop1 1041408 1041408 0 100% /root/A

3 Networking

  1. ./TCPIP-CEG4420.ppt TCP/IP Refresher from WSU CEG4420 by pmateti
  2. TCP/IP suite is a collection of protocols.
  3. Recall the 4 layer DoD Network Protocol Stack Model.
  4. IP is in Layer 2. That is, it is not concerned with hardware details.
  5. TCP and UDP are in Layer 3.
  6. Application protocols (Layer 4): http; ssh, …

3.1 Ethernet

  1. Layer 1 (lowest) of the 4 layer DoD Network Protocol Stack Model.
  2. Responsible for delivering data over the particular hardware media.
  3. Every Ethernet frame has two addresses: Receiver's MAC address, Sender's MAC address. 6 bytes + 6 bytes.
  4. Manufaturer sets the MAC address. Given a MAC address, we can discover the manufacturer.

3.2 WiFi

3.3 Bluetooth

3.4 NFC

3.5 IP

  1. IPv4 addresses are 4 bytes. Each byte value is written in decimal. Separated by a dot.
  2. Ex: 192.168.17.243; 127.0.0.1
  3. Every IPv4 datagram (packet) has two addresses: Receiver's IP address, Sender's IP address. 4 bytes + 4bytes.
  4. IPv6 addresses are 16 bytes. Each byte value is written in decimal.
  5. IP addresses are set at boot time by the OS.
  6. IP addresses are assigned by https://www.iana.org/.
  7. There are private ranges of IP addresses that we can choose without permission.
  8. Given a public IP address, we can discover its rough location.

3.6 DNS, Domain Name Service

  1. Translate a mnemonic name, e.g., www.google.com, to its IP address 173.194.46.81
  2. Fully Qualified Host Name
  3. Domain Name servers

3.7 Network Config Files (on Linux)

  1. /etc/resolv.conf DNS details
    1. nameserver 130.108.2.10
    2. nameserver 8.8.8.8
  2. /etc/hosts Table of IP addresses and their FQHNM (mnemonic host names)
  3. /etc/network/interfaces (Unless using wicd or network-manager)

3.8 Port Numbers

  1. OS produced 16-bit numbers
  2. TCP port# separate from UDP port#
  3. The port#s are part of the TCP packet
  4. Privileged: 0 .. 1024; Ordinary users should use: > 1024
  5. Lookm up /etc/services
  6. http://www.iana.org/assignments/port-numbers
  7. Sockets v Ports

3.9 ssh, Secure Shell Client+Server

  1. Networking Intro from CEG2350 by pmateti

3.10 VPN, Virtual Private Network

  1. Networking Intro from CEG2350 by pmateti

4 References

  1. http://cecs.wright.edu/~pmateti/Courses/2350/ CEG 2350: OS Concepts and Usage This course presents most of our prerequiste materials. Lecture and lab notes are fully on-line.

    CEG 2350 Catalog Description: Introduction to Linux and Windows systems. GUI and Windowing Systems. Files and Directories. Ownership and Sharing. Programs and Processes. System calls, Libraries. Loading. Dynamic linking. Command Line Shells. Scripting languages. Regular expressions. Clients and Servers. Web browser clients and servers. Secure shell, sftp. SSL/TSL. HTTPS. System Administration. 4 credit hours. 3 hours lectures, 2 hours labs. Prerequisites: CS 1180 or CS 2170 (older numbers CS 240 or CS 220) or equivalent.

Copyright © 2014 pmateti@wright.eduwww.wright.edu/~pmateti 2015-08-10