android安全到底如何入手呢?看看一个培训机构的课程介绍,也许给我们一些启发。
里面的每个小节都值得去分析一下。
Overview
- Overview of Android (optional)
- Overview of Android Building Blocks (optional)
- Overview of Android OS
Android Stack from the Security Perspective
- Android Linux Kernel Layer android和linux内核到底啥区别?要想深入研究android安全,看看android源代码,了解linux是必要的的!
- Overview
- Binder
- Ashmem
- Pmem
- Wakelock
- Early Suspend
- Alarm
- Low Memory Killer
- Logger
- Alarm
- Paranoid Network Security 这个比较特殊,对linux网络进行了改造,导致一些网络的权限通过Group ID来映射!实现了DAC。
- Other Kernel Changes
- Android User-Space Native Layer 研究native ,大部分的系统漏洞都是从这儿爆发的,这儿也有不少程序是root iD。了解尤其是native Daemons结合android系统启动,帮助我们了解android的系统机制。
- Overview
- Bionic (libc)
- User-space Hardware Abstraction Layer (HAL)
- Native Daemons: ueventd, servicemanager, vold, netd, rild, mediaserver, keystore, racoon, zygote, system_server, adbd, surfaceflinger, etc.
- Function libraries: libwebcore (Web Kit), V8, SQLite, libssl (OpenSSL), etc.
- Android Runtime / Dalvik Virtual Machine
- Android Application Framework Layer 框架层也需要深入了解,比如包管理器负责软件安装,AMS负责组件交互认证。总之很多内容啊!
- Overview
- Managers and Services
- Activity Manager Service
- Package Manager Service
- Power and Alarm Manager Services
- Notification Manager Service
- Keyguard Manager Service
- Location Manager Service
- Sensor Manager Service
- Search Manager Service
- Vibrator Manager Service
- Connectivity, Telephony, and Wifi Manager Services
- Input Method and UI Mode Manager Services
- Download and Storage Manager Services
- Audio Manager Service
- Window Manager Service
- Additional Manager Services
- Android Applications Layer
- Overview
- Android Built-in Applications
- Android Built-in Content Providers
- Android Built-in Input Methods
- Android Built-in Wallpapers
Android Startup from the Security Perspective
- Bootloading the Kernel
- Android’s init Startup
- Startup of daemons
- Zygote Startup
- System Server Startup
- Startup of system services
- Startup of applications
Android Security
建议看看这个文献https://source.android.com/tech/security/,后续有机会翻译一下,是最基础的安全介绍。
- Android Security Architecture
- Application Signing 代码签名,很傻很天真!主要就是用于shareuid和程序升级。
- User IDs
- File Access 一个漏洞监测点,程序猿容易设置全局读。
- Using Permissions android权限机制核心
- Not-using permissions: using Intents instead 这才是王道,不开放直接发短信的接口,你调用系统的task即可,浓重推介!
- Permission Enforcement IPC交互中的权限认证,系统支持,程序猿也可以自定义。
- Declaring Custom Permissions 自己定义权限,除了系统的权限列表。
- Custom Permissions by Example
- Lab: Custom Permissions
- ContentProvider URI Permissions 精细化的权限管理
- Public vs. Private Components 灰常重要,如果public了,就等于想被别人***了。虽然可以设置权限控制,推介sign level的权限控制,而不是dangerous的
- Intent Broadcast Permissions 定义谁可以接受广播。
- Pending Intents (Optional)
- Data protection and Encryption
- SSL and HTTPS ssl之个大问题,有很多的MITM
- JCE with BouncyCastle 扩展开源库。怎么没看到keystore,非常关键啊。
- Whole Disk Encryption 全盘加密,目前主要是/data.内核级存储加密
- Dangers
- Lab: Encryption (Optional)
- Rooting
- How to get root: exploits root。。。。
- Keeping root
- Dangers
- Security of Memory 一直在努力!
- ASLR
- NX
- ProPolice
- Valginrd
- Other protections
- Tap-Jacking on Android 这只是其中最简单的一种,还有很多。
- Android Device Administration MDM的终端实现
- Overview
- Policies
- Device Administration by Example
- Lab: Device Administration
- Malware 如何杀毒?
- The state of malware on Android
- Prevention
- Detection
- Removal
- Lab: Anti-malware
- SE Android / SE-Linux on Android MAC有价值吗?
- Discretionary Access Control (DAC) vs. Mandatory Access Control (MAC)
- Goals of SE Android
- What SE Android can/cannot do
- Challenges
- Other Security Concerns