Overview
Syllabus
Introduction
Agenda
Layers of Defense
Moving Parts
Key Principles
History
Windows Vista
Android
Modern Android Security
Attack Surface Management
We dodged a bullet
Preventing other bugs
Pwned Ubuntu
Required Capnet
Security Policy
What is Project Trouble
What happened in Project Trouble
Media Server Hardening
Stage Fright
Extracter Service
SetComp
Other Changes
DM Verity
Security Hardening Results
Stage Fright Bugs
Project Treble
Webview
KitKat
Linux Kernel
Kernel Vulnerability Research
IOctals
IOctals Filtering
Effects on Android
Mitigation
Case Study
Impact on Security
Other Attack Surface Reduction
Security Community Recognition
John Sawyer
Security Research Communities
Vulnerability Purchase Community
Jailbreak Prices
Price Parity
Project Zero Prize
WikiLeaks
The Future
Better Separation of Vendor Code
Summary
Taught by
Black Hat