Mobile OS Flashcards

Question

Briefly describe the function of the Android Activity Manager.

Answer 1

Responsible for starting and managing applications.

Answer 2

Installation of new applications and management of permissions and applications.

Answer 3

A security mechanism that isolates applications and restricts their access to system resources.

Answer 4

It mediates access requests to critical services based on permissions.

Answer 5

System code is signed by Google, and applications are signed by developers.

Answer 6

An attack where an application with fewer permissions gains unauthorized access to components of a more privileged application.

Answer 7

Buffer overflows, race conditions, denial of service (DoS), rootkit attacks, privilege escalation, memory over-reads, pointer manipulation, time manipulation, directory manipulation or deletion, etc.

Answer 8

To run Android applications using the Dalvik Virtual Machine and core libraries.

Answer 9

Process level (each app in a dedicated process with a UID) and filesystem level (each app has a private data directory).

Answer 10

To restrict access, so only the application itself can read and write to its own data.

Answer 11

By assigning each application a unique User ID (UID) and running them in separate processes.

Answer 12

C/C++ system libraries, exposed to developers via the Android application framework.

Answer 13

To manage and share data between applications, similar to an SQL-like database.

Answer 14

Each application is isolated in its own sandbox, and can only access its own resources.

Answer 15

Providing services and APIs that applications can use, including the Android Runtime and Native Libraries.

Answer 16

An application with fewer permissions can gain unauthorized access to components of a more privileged application.

Answer 17

1. The Android OS architecture is divided into several layers: (1) Kernel Layer: Based on the Linux kernel, this layer provides core OS functionalities like memory management, process management, and device drivers. It is crucial for security as it enforces sandboxing. (2) Middleware Layer: This layer provides services and APIs that applications can use. It includes the Android Runtime (with the Dalvik VM and Core Libraries) and Native Libraries. The Android Runtime is responsible for executing applications, and the Native Libraries provide C/C++ functionality. (3) Application Layer: This layer contains user applications, both default and third-party. Applications are executed within their own Dalvik VM instances. 2. This architecture contributes to security by: (1) Sandboxing: Isolating applications from each other and the system. (2) Permission Control: Managing access to sensitive resources through a permission framework. (3) Code Integrity: Ensuring the integrity of the OS and applications through signing.

Answer 18

Sandboxing is a security mechanism that isolates applications, restricting their access to system resources to prevent malicious actions. 1. Process Level: Each application is assigned a unique User ID (UID) and runs in a separate process. This prevents applications from directly interfering with each other's memory or processes. 2. Filesystem Level: Each application has its own private data directory, and only that application has permission to read and write to that directory. This prevents applications from accessing or modifying each other's data. 3. Security Benefits: (1) Isolation: Prevents malicious apps from accessing sensitive data or interfering with other apps. (2) Containment: Limits the damage a compromised app can cause, as its access is restricted to its sandbox. (3) Stability: Improves system stability by preventing one app from crashing others or the OS.

Answer 19

1. The Android security framework is designed to protect the OS and applications from various threats. Its key components include: (1) Application Isolation: Each application runs in its own sandbox, preventing it from accessing other applications' data or interfering with the system. (2) Permission Framework: This framework controls access to sensitive resources (e.g., camera, location, contacts) by requiring applications to declare permissions and users to grant or deny those permissions. (3) Discretionary Access Control (DAC): At the Linux kernel level, DAC controls access to files and directories, further enforcing application isolation. (4) Code Integrity: System code is signed by Google, and applications are signed by developers, ensuring that code has not been tampered with. 2. These components work together to provide a layered security approach: (1) Application isolation and DAC prevent applications from accessing unauthorized resources. (2) The permission framework allows users to control what resources applications can access. (3) Code signing ensures that the code is from a trusted source and has not been modified.

Answer 20

The Dalvik Virtual Machine (DVM) is a key component of the Android Runtime. It is responsible for executing Android applications. 1. Role: (1) DVM executes applications in a sandboxed environment, providing a layer of isolation between applications and the system. (2) It runs optimized ".dex" files, which are converted from Java ".class" files. 2. Contribution to Security: The DVM's sandboxing helps prevent malicious applications from gaining unauthorized access to system resources. 3. Contribution to Performance: The .dex format and DVM are optimized for mobile devices, improving application startup time and memory usage.

Answer 21

Application isolation is a fundamental security principle in Android, where each application is isolated in its own sandbox. 1. Importance: (1) It prevents applications from interfering with each other. (2) It limits the damage that a malicious application can cause. (3) It protects user data from unauthorized access. 2. Achievement: (1) Process Isolation: Each application runs in a separate process with a unique User ID (UID). The OS enforces process boundaries, preventing one process from accessing the memory space of another. (2) Filesystem Isolation: Each application has its own private data directory, and access to this directory is restricted to the application itself.

Answer 22

A permission escalation attack occurs when an application with fewer permissions gains unauthorized access to components or resources of a more privileged application. 1. How it can occur: (1) Vulnerabilities in system services or other applications can be exploited to bypass the permission framework. (2) Malicious applications may attempt to trick users into granting excessive permissions. 2. Security implications: (1) An attacker can gain access to sensitive data, such as contacts, SMS messages, or location information. (2) An attacker can perform actions that they are not authorized to do, such as sending SMS messages, making phone calls, or installing applications. (3) It can compromise the integrity of the entire system.

Answer 23

Android employs two levels of sandboxing to isolate applications: 1. Process-Level Sandboxing: (1) Each application is assigned a unique User ID (UID) and runs in a separate process. (2) The Linux kernel enforces process isolation, preventing applications from directly accessing each other's memory or resources. (3) This level of sandboxing prevents one application from crashing or corrupting another application's execution. 2. Filesystem-Level Sandboxing: (1) Each application has its own dedicated data directory. (2) Only the application itself has permission to read and write to this directory. (3) This level of sandboxing prevents applications from accessing or modifying each other's data files. Contribution to overall security: 1. Process-level sandboxing enhances system stability and prevents applications from interfering with each other's execution. 2. Filesystem-level sandboxing protects application data and prevents unauthorized access to sensitive information.

Answer 24

1. Operating systems typically divide memory and execution into two main spaces: (1) User Space: This is where user applications and most system programs run. Code in User Space has limited access to system resources and must use system calls to request services from the kernel. (2) Kernel Space: This is where the OS kernel runs. The kernel has direct access to all hardware and system resources. 2. Contribution to Android security: (1) Separating User Space and Kernel Space provides a fundamental security boundary. (2) If an application in User Space is compromised, the damage is limited because it cannot directly access kernel functions or hardware. (3) The kernel can enforce security policies and control access to resources, ensuring that applications cannot bypass security mechanisms.

Answer 25

The Middleware Layer in Android provides services and APIs that applications can use. It includes: 1. Android Runtime: (1) Contains the Dalvik Virtual Machine (DVM), which executes applications. (2) Provides Core Libraries, which offer Java APIs for applications. (3) Role: Executes applications in a sandboxed environment and provides essential Java functionalities. 2. Native Libraries: (1) Contains C/C++ system libraries (e.g., Libc, media libraries). (2) Role: Provides native functionalities that can be accessed by applications through the Android Application Framework. 3. Application Framework: (1) Provides APIs for basic functionalities and services (e.g., location, telephony). (2) Includes components like the Activity Manager (manages applications), Package Manager (installs and manages applications), and Reference Monitor (mediates access to sensitive services). (3) Role: Provides a high-level API for application developers and enforces security policies through the Reference Monitor. Role in functionality and security: The Middleware Layer provides essential services and APIs for applications while also enforcing security policies and isolating applications from the underlying system.

Answer 26

Android applications can use native code (C/C++) via the Java Native Interface (JNI). 1. Potential risks: (1) Memory corruption: Native code is more susceptible to memory corruption vulnerabilities (e.g., buffer overflows) than Java code. (2) Security vulnerabilities: Vulnerabilities in native libraries can be exploited by malicious applications. (3) Bypassing sandboxing: While native code is still subject to sandboxing, vulnerabilities can potentially be exploited to bypass security restrictions. (4) Increased complexity: Managing native code adds complexity to application development and increases the risk of security flaws. 2. Security measures: (1) Secure coding practices: Developers should follow secure coding practices to minimize vulnerabilities in native code. (2) Code reviews: Thorough code reviews should be conducted to identify potential security flaws. (3) Static and dynamic analysis: Use static and dynamic analysis tools to detect vulnerabilities in native code. (4) Regular updates: Keep native libraries up to date with the latest security patches. (5) Minimize native code: Use native code only when necessary and minimize its complexity.

Answer 27

The Android Runtime is a crucial part of the Middleware Layer, responsible for executing Android applications. 1. Dalvik Virtual Machine (DVM): (1) A virtual machine optimized for embedded environments like mobile devices. (2) Executes applications in the form of ".dex" files, which are optimized versions of Java bytecode. (3) Relies on the Linux kernel for threading and low-level memory management. 2. Core Libraries: (1) Provide most of the functionality available in the core libraries of Java. (2) Offer core APIs that applications can use. 3. Roles in executing applications: (1) The DVM provides the environment in which Android applications run, ensuring isolation and managing resources. (2) The Core Libraries provide the necessary APIs and functionalities that applications need to interact with the system.

Answer 28

1. Android applications consist of the following main components: (1) Activities: Represent user interfaces for interacting with the application. (2) Services: Run in the background to perform long-running operations or tasks without user interaction. (3) Broadcast Receivers: Respond to system-wide broadcast announcements (e.g., when the battery is low). (4) Content Providers: Manage and share data between applications (similar to a database). 2. Contribution to functionality: (1) Activities handle user interaction. (2) Services perform background tasks. (3) Broadcast receivers enable communication with the system. (4) Content providers facilitate data sharing.

Answer 29

1. Android manages application permissions through a permission framework in the Middleware Layer. 2. Applications must declare the permissions they need (e.g., access to location, camera, internet) in their manifest file. 3. The system then prompts the user to grant or deny these permissions. 4. Reference Monitor: (1) A component within the Application Framework that mediates access requests to critical services. (2) It checks whether an application has the necessary permissions before allowing it to access a protected resource or service. 5. Importance for security: (1) The permission framework and Reference Monitor enforce fine-grained access control, preventing applications from accessing sensitive resources without user authorization. (2) This helps to protect user privacy and prevent malicious applications from abusing system resources.

Answer 30

1. Android employs code signing to ensure code integrity: (1) System code is signed by Google. (2) Applications are signed by developers using a developer key. 2. Importance of code integrity: (1) Authentication: Code signing verifies the origin of the code, ensuring that it comes from a trusted source. (2) Tamper detection: It detects any unauthorized modifications to the code, ensuring that it has not been tampered with. (3) Trust establishment: Code signing helps establish trust in the system and applications, assuring users that the code they are running is safe.

Answer 31

1. In process-level sandboxing, Android assigns a unique User ID (UID) to each application during installation. 2. Each application runs in a separate process with its own UID. 3. The Linux kernel enforces process isolation, preventing processes from accessing each other's memory space and resources. 4. Contribution of UID to security: (1) Isolation: UIDs provide a strong form of isolation, ensuring that one application cannot directly interfere with or access the data of another application. (2) Least privilege: The kernel can use UIDs to enforce the principle of least privilege, granting each application only the necessary permissions. (3) Resource management: UIDs help the kernel manage resources effectively and prevent one application from consuming excessive resources.

Answer 32

1. In filesystem-level sandboxing, each Android application is assigned a dedicated private data directory. 2. By default, only the application itself has permission to read and write to this directory. 3. This directory is where the application stores its data, such as files, databases, and shared preferences. 4. Contribution to security: (1) Data isolation: It prevents applications from accessing or modifying each other's data, protecting sensitive user information and application-specific files. (2) Integrity protection: It helps maintain the integrity of application data, as other applications cannot tamper with it. (3) Reduced attack surface: It limits the potential damage if one application is compromised, as the attacker's access is restricted to that application's data directory.

Answer 33

1. A permission escalation attack occurs when an application with fewer permissions gains unauthorized access to components or resources of a more privileged application. 2. This means a malicious app could bypass the intended security restrictions and access sensitive data or perform privileged actions. 3. Vulnerabilities that can make Android systems susceptible: (1) Vulnerabilities in the Android OS itself (e.g., in the kernel or system services). (2) Vulnerabilities in other installed applications. (3) Improper handling of permissions or intents by applications.

Answer 34

Android allows applications to include native code (C/C++) for performance-critical tasks using the Java Native Interface (JNI). 1. Potential risks: (1) Memory management issues: Native code is more prone to memory management errors (e.g., buffer overflows, memory leaks), which can lead to vulnerabilities. (2) Direct access to resources: Native code can potentially bypass some of the security restrictions of the Android Runtime, if not handled carefully. (3) Increased complexity: Debugging and securing native code is generally more complex than Java code. 2. Best practices to mitigate risks: (1) Secure coding practices: Employ secure coding techniques to prevent memory corruption and other vulnerabilities. (2) Careful input validation: Validate all input from Java to native code to prevent attacks like buffer overflows. (3) Minimize JNI usage: Use native code only when necessary and keep the JNI interface as small as possible. (4) Regular security audits: Conduct security audits and code reviews of native code.

Answer 35

Android uses sandboxing to isolate applications from each other and the system. This means each application runs in a restricted environment with limited access to resources. 1. Protection mechanisms: (1) Process-level sandboxing: Each app runs in a separate process with a unique User ID (UID), preventing memory interference. (2) Filesystem-level sandboxing: Each app has a private data directory, restricting access to its data. (3) Permissions: Apps must declare and request permissions to access sensitive resources, and users grant or deny these permissions. 2. How it protects: (1) Isolation: Sandboxing prevents a malicious app from accessing other apps' data or interfering with their operation. (2) Resource control: It limits the amount of resources a faulty app can consume, preventing it from crashing the system. (3) Privilege limitation: It restricts the actions a malicious app can perform, even if it exploits a vulnerability.

Answer 36

Mobile OS security, particularly sandboxing, has evolved significantly to address the increasing sophistication of mobile threats. 1. Early stages: Early mobile OSes had limited or weak sandboxing, leading to vulnerabilities and greater risks from malicious apps. 2. Improvements in sandboxing: (1) Process isolation: Modern mobile OSes like Android and iOS enforce strong process isolation, where each app runs in its own protected memory space. (2) Filesystem sandboxing: Restricting app access to specific directories and files, preventing unauthorized data access. (3) Capabilities and permissions: Fine-grained control over what system resources an app can access, requiring explicit user consent. (4) Virtualization and containerization: More advanced techniques to further isolate apps and system components. 3. Addressing emerging threats: (1) Sandboxing has become more robust to counter threats like privilege escalation, malware injection, and data exfiltration. (2) Mobile OSes are continuously incorporating new security features to adapt to evolving attack vectors.

Mobile OS Flashcards

Let's face the new challenges in palms