Embedded Android Security

Standard Level - Live Instructor-Led Training

3 days (In-Person) 8 hours per day or
4 sessions (Live Online) 6 hours per session

Modern Embedded systems are required to be secured. The Android Open Source Project (AOSP) and Android Automotive OS (AAOS) provide many pre-defined security features. This course covers details about these AOSP and AAOS security frameworks; how they fit in the overall Android security model and how some security mechanisms can be customized.

This course is based on a Cuttlefish device variant using components readily available in AOSP.

The course will give attendees a detailed background about the Android security model and the challenges of developing systems involving multiple participants – this includes software components provided by the Google Android team, SoC and device specific components from vendor partners, internal product components and, where appropriate, components from app developers from the Android community.

Half of the course includes hands-on lab sessions during which you will apply the theory to create an Android Automotive device.

We use a virtual classroom based on cloud instances and a browser UI, using the Cuttlefish emulator as the target.

If you have specific requirements, please contact Doulos to discuss your options.

Who should attend?

Embedded Android Security is aimed at systems architects, engineers and project leaders who want to learn the details of the security features offered by AOSP and AAOS and how to take advantage of them.

What will you learn?

The security requirements for Android systems
How to build Android from source and how to run it on the target system
Android security frameworks – System security, Hardware security, App security, Authentication architecture, Android permissions, Access Control (SELinux) , Filesystem integrity and encryption

Pre-requisites

Working knowledge of the topics covered in the Doulos Embedded Android for Automotive or Embedded Android courses.
Good knowledge of embedded Linux concepts (such as toolchain, bootloader, kernel, root filesystem) as covered in the Doulos Developing with Embedded Linux course
Good knowledge of Linux command-line tools such as make, grep, and find as covered in the Doulos Linux Fundamentals course
Good knowledge of C/C++ and Java

Please contact Doulos directly to discuss and assess your specific experience against the pre-requisites.

Training materials

Doulos course materials are renowned for being the most comprehensive and user friendly available. Their unique style, content and coverage has made them sought after resources in their own right. The materials include:

Electronic copies of presentations and lab notes
Worked solutions to the problems
Sample code

Structure and Content

Introduction to Android Security
Android architecture: the big picture • The Android Open Source Project (AOSP) • Google Releases • Security Reviews
Lab: Configure and build AOSP for a Cuttlefish based target. While the build runs, investigate a recent Android security bulletin and check whether some of the fixes for known vulnerabilities have been implemented in the version of AOSP being used.

The Android Security Model
Android Ecosystem • Security Principles • Multi-party Authorization • Android Threat Model • Security Implementation in CDD

Hardware Security inc. TEE with Trusty
Root of Trust • Trusted Execution Environments (OP-TEE/Trusty) • Android Virtualization Framework (Microdroid)
Lab: In a standalone environment using QEMU experiment with the Trusty TEE. See how applets are compiled into the Trusty kernel, modifying an applet and testing it from the command line.

Secure Boot (AVB)
Android Partitions • Shared System Image • Android Verified Boot (dm-verity) • Fastboot
Lab: Force a verity exception and see what happens when the device reboots. Rebuild images with custom keys and check that verity checking succeeds. See how verity checking can be disabled during development.

App sandbox including seccomp
Memory Isolation • File Isolation • Application & User IDs • Seccomp Filter (enforcing/permissive modes)
Lab: Use a simple app to test file isolation. Then trigger seccomp syscall filtering to block a rogue call using Android debug tools.

Permissions
Permission Definitions • Risk Levels • Privileged Permissions • Enforcement from Services • Managing & Querying Permissions (Package Manager service)
Lab: Add a simple service to the system and then protect the service functionality with a ‘dangerous’ permission. Modify a test app to query the user whether to grant the permission.

Authentication
Enrolment • Gatekeeper Architecture • Biometrics • KeyStore (system service) • KeyMint (HAL service)
Lab: Using a keypair generated by the Android Keystore service, the lab explores how the certificate keychain can be attested and whether or not the private key is stored in hardware. The exercise further links the signing operation to a biometric prompt to illustrate how operations requiring the private key can be gated by an authentication mechanism such as a device level PIN.

File Based Encryption
Dependencies • Fscrypt Policies • Direct Boot • Metadata Encryption • Hardware-Wrapped Keys
Lab: Experiment with encrypting a directory with file based encryption. See how to create an encrypted directory on boot with init and how to configure it to use a different key each boot.

SELinux
Access Control • Writing SELinux Policies • System Property Labels • Building and Debugging SELinux Policies
Lab: Add a user space daemon to the system and then add the required policy files to grant the necessary access rights. Then add policy to allow the simple service to operate in enforcing mode.

App signing
Signing Schemes • Keys in AOSP • APEX Singing • AOSP Apps
Lab: Generate a new set of keys and use these to create signed release images. Create a new vendor apex module, sign it and show how signing protects the module from unauthorized updates.

Security Practices
Security Development • System Security • App Security • Network Security • Hardware Security • Privacy