系統安全筆記

Secure Computing

seccomp is a Linux feature that makes unused system calls inaccessible to apps. This means that apps cannot make these system calls and therefore protects the OS from being exploited by potentially harmful apps.

seccomp (short for secure computing mode) is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write() to already-open file descriptors. Should it attempt any other system calls, the kernel will terminate the process with SIGKILL or SIGSYS.[1][2] In this sense, it does not virtualize the system's resources but isolates the process from them entirely.

ASLR & KASKR

Address Space Layout Randomization (ASLR) randomizes the memory addresses that apps and services use every time they run. The SELinux Kernel also uses Address Space Layout Randomization (KASLR) and works by randomizing the location where the kernel code is loaded on each boot. In a typical attack on an app vulnerability, the attacker needs to know the memory address of the vulnerable code to launch an exploit. ASLR loads the app in random memory addresses at every launch, so an attacker is prevented from knowing an exact memory address to attack.

Position-independent executables (PIE).


Android requires all dynamically linked executables to support Position-independent executables (PIE). This enhances Android’s implementation of ASLR by relocating a program every time it opens, thus making it difficult for an attacker to know even if the program is running.

Control flow integrity (CFI).

CFI is a security mechanism that prevents attackers from hijacking functions and pieces of code from apps and using those apps and their permissions to perform malicious actions. Many vulnerabilities are exploited by attackers changing the normal control flow of an application to perform arbitrary malicious activities with all the privileges of the exploited application, such as privileged permission escalation to gain access to data. CFI disallows changes to the original control flow of a program.

Lockdown mode


To turn on Lockdown mode:

• Go to the Settings app and tap Display.
• Scroll down to Advanced and tap Lock screen display.
• Then tap Lockdown mode.

The device can then be locked by pressing and holding the power button and tapping Lockdown on the side panel that appears.

When a phone is in lockdown mode, the key for work data is deleted so it cannot be accessed by unauthorized users.

Google Play Protect.

Google Play Protect (GPP) is the most widely deployed mobile threat protection service in the world. Here are some stats on Google Play Protect:

• 2.5 billion devices protected.

• Google Play Protect scans and verifies more than 50 billion applications daily.
• More than 300 million Potentially Harmful Apps (PHAs) installs are blocked annually from offline scanning.

• Integrates with cloud-based components that push updates which constantly improve the functionality.

• Scans are done before installation.

• Protects from PHAs being installed from unknown sources, because GPP scans any app that is installed, not just those from Google Play.

• Device scans are done automatically daily and harmful PHAs are automatically removed or disabled.

• Users can perform manual scans.

• Works offline.