Android Security Internals

Home Training Android Security Internals
Android includes a vast array of ever-increasingly complex security layers. Sorting through these layers and understanding how they all fit in the “bigger picture” can be very challenging, especially as the official documentation tends to be hardware agnostic while still the hardware-specific details are hard to come by.
This 3-days hands-on class covers the internals of Android’s security mechanisms, from its hardware foundations, through Android’s various layers while covering the platform’s interactions with the cloud and networking services. Topics covered include:
This class is given by :

Karim J. Yaghmour

 Karim J. Yaghmour, author of O’Reilly’s Embedded Android and Building Embedded Linux Systems. In addition to having taught engineering teams from several brand-name companies and organizations, Karim has made a number of key open source contributions such as the Linux Trace Toolkit, relayfs and the Adeos ipipe.  // SEE FULL BIO

REFERENCES
Overview
Outline
Audience
Courseware
Logistics
Overview
You will learn:
  • Navigating Android’s security architecture
  • TrustZone and Trusted Execution Environments (TEEs)
  • How some of Android’s key security mechanisms rely on TEEs
  • Understanding/Writing SEAndroid/SELinux policies
  • How Full-Disk Encryption (FDE) and File-Based Encryption (FBE) work
  • Securing ADB
  • Understanding Android attack vectors
  • Creating signed AOSP builds and OTA images
  • Understanding the Linux kernel security mechanisms used in Android
Outline
Android Security Internals:
  • Introduction
  • Crypto Fundamentals
  • SoC Internals
  • General System Architecture
  • Secure Booting
  • TrustZone & Trust Execution Environments
  • HLOS / Linux
  • SELinux / SEAndroid
  • AOSP User-Space
  • Cloud & Network
In addition to the sections above, content from our other classes can be added and/or substituted in the case of custom classes to better suite your needs:
Embedded Android
AOSP Debugging and Performance Analysis
Android App Development
Linux Device Drivers
Audience
This class is intended for experienced Android platform developers who want to master Android security internals. Namely, developers wanting to:
  • Debug SELinux/SEAndroid policy issues
  • Create new SELinux/SEAndroid policies
  • Implement secure boot
  • Understand the AOSP’s build-time security configurations
Requirements:
  • C/C++
  • Java
  • Linux command line experience
  • Linux kernel or device driver experience
  • Android internals experience

WARNING : 

We really mean it when we say that this class is for experienced Android platform developers. If you’ve never worked within the AOSP nor in Android’s internals, we very highly suggest you take our Embedded Android class first. Even if you feel you have the requisite knowledge, we recommend you take a look at that class’ material (click on “Courseware” to download it from that class’ page) and make sure you are comfortable with that material.

We do NOT have the time to cover the basics in this Android security internals class. You are fully responsible for making sure you are able to attend and follow this class. We will not issue refunds if you aren’t able to follow.

Courseware
All our courseware is available under a CC-BY-SA 3.0 license. Why?

First, we believe that the value of a class is derived from providing instructors recognised as leading experts in their field, not the courseware. Our instructors are not only recognised for their technical achievements, but they are active public speakers at international conferences and forums with an exceptional ability and passion for sharing their knowledge. Our instructors’ value is especially prized during our class’ hands-on sessions, which occupy more than half of class time, since they are able to pull on their vast experience in assisting attendees in isolating the source of issues they encounter and explaining the underlying theory and wider context pertaining to that topic.

Second, we think it’s great for past students to continue having access to the latest version of the courseware they used. Whether it be for keeping up-to-date or explore new material, future versions of our class material will always be available to you.

Third, our company was built on and lives in the open source ecosystem. Sharing is fundamental to what we do every day.

We, of course, welcome any comments or updates you may have on our courseware. Please send feedback!

Logistics
LOGISTICS

PRICING: $1,995/student. Contact us for a private group session quote. All prices in USD.

ATTENDANCE: 24 students max.
Although we do sometimes accept to train larger groups in private settings, we believe that a 24 student cap ensures an optimal instructor/attendee ratio in the context of a public session.

LOCATION: No public sessions are presently scheduled

EQUIPMENT: 

  • Attendees must use a powerful PC for the class. You must make sure it is at the very top range of what the manufacturer provides in terms of speed and performance (2020+ or newer Octa-core i7, i9 or better). The AOSP is a very demanding piece of software in terms of build requirements and you will NOT be able to follow if you laptop is not up to spec. Make sure you have at least 32GB of RAM, 500GB of free space on an SSD, are running 64-bit Ubuntu natively (i.e. not in a virtual machine) and have full root/sudo access.
  • In order to connect to the live online session, you’ll need to have webcam, a headset with microphone and a very solid network connection. We teach to body-language, so if you don’t have a properly-functioning webcam, we reserve the right to refuse you entry into the session.
  • During the hands-on sessions, we use Google’s Android Cuttlefish target (emulator).

COURSEWARE: All our courseware is available under CC-BY-SA 3.0; just click on the above “Courseware” thumbnail to download it.

SCHEDULE: Classes run from 9 to 5, with breaks in the morning, at lunch and in the afternoon.

PAYMENT: Opersys accepts all major credit cards, wire transfers and corporate checks drawn on US banks in US funds.

CONFIRMATION: Classes will be confirmed to run by email no later than two weeks prior to start date, subject to minimum attendance numbers. It’s probably best to wait for our confirmation email prior to booking travel arrangements.

POLICIES: Students must register and pay all tuition fees prior to class start. Registrations cannot be canceled, though we will do our best to accommodate your situation. Class cancellations are uncommon, but, were they to occur, you would be notified as soon as possible and your tuition fees would be refunded in full.

OTHER COURSES AVAILABLE