Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Android ION Hazard - The Curse of Customizable Memory Management System

Association for Computing Machinery (ACM) via YouTube

Overview

Explore a conference talk from CCS 2016 that delves into the security vulnerabilities of Android's ION memory management system. Learn about the challenges posed by customizable memory management in mobile operating systems, focusing on denial-of-service attacks and information leaks. Discover the traditional and new design approaches for meeting everyday and special memory requirements in Android. Examine case studies of security flaws, including CVE-2015-8950, which allowed live memory dumps. Gain insights into the discovery process for these vulnerabilities and potential defense strategies. Understand the root causes of uninitialized memory issues stemming from customization and complexity. Conclude with industry feedback on the presented findings and their implications for mobile device security.

Syllabus

Intro
Everyday Memory Requirements
Special Memory Requirements
How to meet them: Traditional Design
How to meet them: New Design
Advantages of the new design
Architecture: ION
Rest of the talk...
Dos: Case Study
DoS: Discovery
DoS: Defense
Information Leak: Root Cause
Why uninitialized: customization
Why uninitialized: complexity
Information Leak: Discovery
Information Leak: Case Study
CVE-2015-8950: Live memory dump
Information Leak: Defense
Conclusion
Industry Feedback

Taught by

ACM CCS

Reviews

Start your review of Android ION Hazard - The Curse of Customizable Memory Management System

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.