Explore a conference talk from CCS 2016 that delves into the security vulnerabilities of Android's ION memory management system. Learn about the challenges posed by customizable memory management in mobile operating systems, focusing on denial-of-service attacks and information leaks. Discover the traditional and new design approaches for meeting everyday and special memory requirements in Android. Examine case studies of security flaws, including CVE-2015-8950, which allowed live memory dumps. Gain insights into the discovery process for these vulnerabilities and potential defense strategies. Understand the root causes of uninitialized memory issues stemming from customization and complexity. Conclude with industry feedback on the presented findings and their implications for mobile device security.
Android ION Hazard - The Curse of Customizable Memory Management System
Association for Computing Machinery (ACM) via YouTube
Overview
Syllabus
Intro
Everyday Memory Requirements
Special Memory Requirements
How to meet them: Traditional Design
How to meet them: New Design
Advantages of the new design
Architecture: ION
Rest of the talk...
Dos: Case Study
DoS: Discovery
DoS: Defense
Information Leak: Root Cause
Why uninitialized: customization
Why uninitialized: complexity
Information Leak: Discovery
Information Leak: Case Study
CVE-2015-8950: Live memory dump
Information Leak: Defense
Conclusion
Industry Feedback
Taught by
ACM CCS
