Embedded Android Security

COURSE COMING SOON:

Please note: This course is not yet available so this page is subject to change.

Please contact Doulos to discuss your requirement for this training.

Standard Level - Live Instructor-Led Training

3 days (In-Person) 8 hours per day or
4 sessions (Live Online) 6 hours per session

Modern Embedded systems are required to be secured. The Android Open Source Project (AOSP) provides many pre-defined security features. This course covers details about these AOSP security frameworks; how they fit in the overall Android security model and how some security mechanisms can be customized.

This course is based on a Cuttlefish device variant using components readily available in AOSP.

The course will give delegates a detailed background about the Android security model and the challenges of developing systems involving multiple participants – this includes software components provided by the Google Android team, SoC and device specific components from vendor partners, internal product components and, where appropriate, components from app developers from the Android community.

Half of the course includes hands-on lab sessions during which you will apply the theory to explore some vulnerabilities and try out options to secure an Android device.

We use a virtual classroom based on cloud instances and a browser UI, using the Cuttlefish emulator as the target.

If you have specific requirements, please contact Doulos to discuss your options.

Who should attend?

Embedded Android Security is aimed at systems architects, engineers and project leaders who want to learn the details of the security features offered by AOSP and AAOS and how to take advantage of them.

What will you learn?

The security requirements for Android systems
How to build Android from source and how to run it on the target system
Android security frameworks – System security, Hardware security, App security, Authentication architecture, Android permissions, Access Control (SELinux) , Filesystem integrity and encryption.

Pre-requisites

Working knowledge of the topics covered in the Doulos Embedded Android for Automotive or Embedded Android courses.
Good knowledge of embedded Linux concepts (such as toolchain, bootloader, kernel, root filesystem) as covered in the Doulos Developing with Embedded Linux course
Good knowledge of Linux command-line tools such as make, grep, and find as covered in the Doulos Linux Fundamentals course
Good knowledge of C/C++ and Java

Please contact Doulos directly to discuss and assess your specific experience against the pre-requisites.

Training materials

Doulos course materials are renowned for being the most comprehensive and user friendly available. Their unique style, content and coverage has made them sought after resources in their own right. The materials include:

Electronic copies of presentations and lab notes
Worked solutions to the problems
Sample code

Structure and Content

Introduction to Android Security
Android architecture: the big picture • The Android Open Source Project (AOSP) • Google Releases • Security Reviews

The Android Security Model
Android Ecosystem • Security Principles • Multi-party Authorization • Android Threat Model • Security Implementation in CDD

Hardware Security inc. TEE with Trusty
Root of Trust • Trusted Execution Environments (OP-TEE/Trusty) • Android Virtualization Framework (Microdroid)

Secure Boot (AVB)
Android Partitions • Shared System Image • Android Verified Boot (dm-verity) • Fastboot

App sandbox including seccomp
Memory Isolation • File Isolation • Application & User IDs • Seccomp Filter (enforcing/permissive modes)

Permissions
Permission Definitions • Risk Levels • Privileged Permissions • Enforcement from Services • Managing & Querying Permissions (Package Manager service)

Authentication
Enrollement • Gatekeeper Architecture • Biometrics • KeyStore (system service) • KeyMint (HAL service)

File Based Encryption
Dependencies • Fscrypt Policies • Direct Boot • Metadata Encryption • Hardware-Wrapped Keys

SELinux
Access Control • Writing SELinux Policies • System Property Labels • Building and Debugging SELinux Policies

App signing
Signing Schemes • Keys in AOSP • APEX Singing • AOSP Apps

Security Practices
Security Development • System Security • App Security • Network Security • Hardware Security • Privacy

Looking for team-based training, or other locations?

Complete an enquiry form and a Doulos representative will get back to you.

Contact Enquiry Form