Android ION Hazard - The Curse of Customizable Memory Management System
Offered By: Association for Computing Machinery (ACM) via YouTube
Course Description
Overview
Explore a conference talk from CCS 2016 that delves into the security vulnerabilities of Android's ION memory management system. Learn about the challenges posed by customizable memory management in mobile operating systems, focusing on denial-of-service attacks and information leaks. Discover the traditional and new design approaches for meeting everyday and special memory requirements in Android. Examine case studies of security flaws, including CVE-2015-8950, which allowed live memory dumps. Gain insights into the discovery process for these vulnerabilities and potential defense strategies. Understand the root causes of uninitialized memory issues stemming from customization and complexity. Conclude with industry feedback on the presented findings and their implications for mobile device security.
Syllabus
Intro
Everyday Memory Requirements
Special Memory Requirements
How to meet them: Traditional Design
How to meet them: New Design
Advantages of the new design
Architecture: ION
Rest of the talk...
Dos: Case Study
DoS: Discovery
DoS: Defense
Information Leak: Root Cause
Why uninitialized: customization
Why uninitialized: complexity
Information Leak: Discovery
Information Leak: Case Study
CVE-2015-8950: Live memory dump
Information Leak: Defense
Conclusion
Industry Feedback
Taught by
ACM CCS
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network