دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
ویرایش:
نویسندگان: Nikolay Elenkov
سری:
ISBN (شابک) : 1593275811
ناشر: No Starch Press
سال نشر: 2015
تعداد صفحات: 434
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 10 مگابایت
در صورت تبدیل فایل کتاب Android Security Internals: An In-Depth Guide to Android’s Security Architecture به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب امنیت داخلی اندروید: راهنمای عمیق برای معماری امنیتی اندروید نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
امروزه بیش از یک میلیارد دستگاه اندرویدی در حال استفاده است که
هر کدام یک هدف بالقوه است. متأسفانه، بسیاری از ویژگیهای اساسی
امنیتی اندروید تا به حال چیزی بیش از یک جعبه سیاه برای همه به
جز زبدهترین متخصصان امنیتی بوده است.
Elenkov معماری امنیتی اندروید را از پایین به بالا توصیف میکند
و در پیادهسازی اجزای اصلی مرتبط با امنیت کار میکند. و
زیرسیستمها، مانند Binder IPC، مجوزها، ارائهدهندگان رمزنگاری و
مدیریت دستگاه.
با سطح بیسابقهای از عمق و جزئیات، Android Security Internals
برای هر توسعهدهنده Android دارای تفکر امنیتی ضروری است.
There are more than one billion Android devices in use today,
each one a potential target. Unfortunately, many fundamental
Android security features have been little more than a black
box to all but the most elite security professionals—until
now.
Elenkov describes Android security architecture from the bottom
up, delving into the implementation of major security-related
components and subsystems, like Binder IPC, permissions,
cryptographic providers, and device administration.
With its unprecedented level of depth and detail, Android
Security Internals is a must-have for any security-minded
Android developer.
Android Security Internals: An In-Depth Guide to Android’s Security Architecture About the Author About the Technical Reviewer Foreword Acknowledgments Introduction Who This Book Is For Prerequisites Android Versions How Is This Book Organized? Conventions 1. Android’s Security Model Android’s Architecture Linux Kernel Native Userspace Dalvik VM Java Runtime Libraries System Services Inter-Process Communication Binder Binder Implementation Binder Security Binder Identity Capability-Based Security Binder Tokens Accessing Binder Objects Other Binder Features Android Framework Libraries Applications System Apps User-Installed Apps Android App Components Android’s Security Model Application Sandboxing Permissions IPC Code Signing and Platform Keys Multi-User Support SELinux System Updates Verified Boot Summary 2. Permissions The Nature of Permissions Requesting Permissions Permission Management Permission Protection Levels normal dangerous signature signatureOrSystem Permission Assignment Permissions and Process Attributes Process Attribute Assignment Permission Enforcement Kernel-Level Enforcement Native Daemon-Level Enforcement Framework-Level Enforcement Dynamic Enforcement Static Enforcement Activity and Service Permission Enforcement Content Provider Permission Enforcement Broadcast Permission Enforcement Protected and Sticky Broadcasts System Permissions Signature Permissions Development Permissions Shared User ID Custom Permissions Public and Private Components Activity and Service Permissions Broadcast Permissions Content Provider Permissions Static Provider Permissions Dynamic Provider Permissions Pending Intents Summary 3. Package Management Android Application Package Format Code signing Java Code Signing Implementation JAR File Signing JAR File Verification Viewing or Extracting Signer Information Android Code Signing Android Code Signing Tools OTA File Code Signing APK Install Process Location of Application Packages and Data Active Components PackageInstaller System Application pm command PackageManagerService Installer class installd Daemon MountService vold daemon MediaContainerService AppDirObserver Installing a Local Package Parsing and Verifying the Package Accepting Permissions and Starting the Install Process Copying to the Application Directory The Package Scan Creating Data Directories Generating Optimized DEX File and Directory Structure Adding the New Package to packages.xml Package Attributes Updating Components and Permissions Updating a Package Signature Verification Updating Non-System Apps Updating System Apps Installing Encrypted APKs Creating and Installing an Encrypted APK Implementation and Encryption Parameters Installing an Encrypted APK with Integrity Check Forward Locking Android 4.1 Forward Locking Implementation Encrypted App Containers Installing Forward-Locked APKs Encrypted Apps and Google Play Package Verification Android Support for Package Verification Google Play Implementation Summary 4. User Management Multi-User Support Overview Types of Users The Primary User Secondary Users Restricted Profiles User Restrictions Applying Restrictions Access to Online Accounts Guest User User Management Command-Line Tools User States and Related Broadcasts User Metadata The User List File User Metadata Files User System Directory Per-User Application Management Application Data Directories Application Sharing External Storage External Storage Implementations Multi-User External Storage Advanced Linux Mount Features Android Implementation External Storage Permissions Other Multi-User Features Summary 5. Cryptographic Providers JCA Provider Architecture Cryptographic Service Providers Provider Implementation Static Provider Registration Dynamic Provider Registration JCA Engine Classes Obtaining an Engine Class Instance Algorithm Names SecureRandom MessageDigest Signature Cipher Block Cipher Modes of Operation Obtaining a Cipher Instance Using a Cipher Mac Key SecretKey and PBEKey PublicKey, PrivateKey, and KeyPair KeySpec KeyFactory SecretKeyFactory KeyPairGenerator KeyGenerator KeyAgreement KeyStore KeyStore Types PKCS#12 File-Backed KeyStores CertificateFactory and CertPath CertPathValidator and CertPathBuilder Android JCA Providers Harmony’s Crypto Provider Android’s Bouncy Castle Provider AndroidOpenSSL Provider OpenSSL Using a Custom Provider Spongy Castle Summary 6. Network Security and PKI PKI and SSL Overview Public Key Certificates Direct Trust and Private CAs Public Key Infrastructure Certificate Revocation JSSE Introduction Secure Sockets Peer Authentication Hostname Verification Android JSSE Implementation Certificate Management and Validation System Trust Stores Android 4.x System Trust Store Using the System Trust Store System Trust Store APIs Certificate Blacklisting Handling CA Key Compromises Handling End Entity Key Compromises Android Certificate Blacklisting Reexamining the PKI Trust Model Trust Problems in Today’s PKI Radical Solutions Convergence and Trust Agility Certificate Pinning Certificate Pinning in Android Summary 7. Credential Storage VPN and Wi-Fi EAP Credentials Authentication Keys and Certificates The System Credential Store Credential Storage Implementation The keystore Service Key Blob Versions and Types Access Restrictions keymaster Module and keystore Service Implementation Nexus 4 Hardware-Backed Implementation Framework Integration Public APIs The KeyChain API The KeyChain Class Installing a PKCS#12 File Using a Private Key Installing a CA Certificate Deleting Keys and User Certificates Getting Information about Supported Algorithms KeyChain API Implementation Controlling Access to the Keystore KeyChainBroadcastReceiver Credential and Trust Store Summary Android Keystore Provider Summary 8. Online Account Management Android Account Management Overview Account Management Implementation AccountManagerService and AccountManager Authenticator Modules The Authenticator Module Cache AccountManagerService Operations and Permissions Listing and Authenticating Accounts Managing Accounts Using Account Credentials Requesting Authentication Token Access The Accounts Database Table Schema Table Access Password Security Multi-User Support Per-User Account Databases Shared Accounts Adding an Authenticator Module Google Accounts Support The Google Login Service Google Services Authentication and Authorization ClientLogin OAuth 2.0 Google Play Services Summary 9. Enterprise Security Device Administration Implementation Privilege Management Policy Persistence Policy Enforcement Adding a Device Administrator Implementing a Device Administrator Setting the Device Owner Managed Devices Enterprise Account Integration Microsoft Exchange ActiveSync Google Apps VPN Support PPTP L2TP/IPSec IPSec Xauth SSL-Based VPNs Legacy VPN Implementation Profile and Credential Storage Accessing Credentials Always-On VPN Application-Based VPNs Declaring a VPN Preparing the VPN Establishing a VPN Connection Notifying the User About the VPN Connection Multi-User Support Linux Advanced Routing Multi-User VPN Implementation Wi-Fi EAP EAP Authentication Methods Android Wi-Fi Architecture EAP Credentials Management Adding an EAP Network with WifiManager Summary 10. Device Security Controlling OS Boot-Up and Installation Bootloader Recovery Verified Boot dm-verity Overview Android Implementation Enabling Verified Boot Disk Encryption Cipher Mode Key Derivation Disk Encryption Password Changing the Disk Encryption Password Enabling Encryption Controlling Device Encryption Using System Properties Unmounting /data Triggering the Encryption Process Updating the Crypto Footer and Encrypting Data Booting an Encrypted Device Obtaining the Disk Encryption Password Decrypting and Mounting /data Starting All System Services Screen Security Lockscreen Implementation Keyguard Unlock Methods Face Unlock Pattern Unlock PIN and Password Unlock PIN and PUK Unlock Brute-Force Attack Protection Secure USB Debugging ADB Overview The Need for Secure ADB Securing ADB Secure ADB Implementation ADB Authentication Keys Verifying the Host Key Fingerprint Android Backup Android Backup Overview Cloud Backup Local Backup Backup File Format Backup Encryption Controlling Backup Scope Summary 11. NFC and Secure Elements NFC Overview Android NFC Support Reader/Writer Mode Registering for Tag Dispatch Tag Technologies Reading a Tag Using Reader Mode Peer-to-Peer Mode Card Emulation Mode Secure Elements SE Form Factors in Mobile Devices UICC microSD-Based SE Embedded SE Accessing the Embedded SE Granting Access to the eSE Using the NfcExecutionEnvironment API eSE-Related Broadcasts Android SE Execution Environment SE Communication Protocols Querying the eSE Execution Environment UICC as a Secure Element SIM Cards and UICCs UICC Applications UICC Application Implementation and Installation Accessing the UICC Using the OpenMobile API Software Card Emulation Android 4.4 HCE Architecture APDU Routing Specifying Routing for HCE Services Specifying Routing for SE Applets Writing an HCE Service Security of HCE Applications Summary 12. Selinux SELinux Introduction SELinux Architecture Mandatory Access Control SELinux Modes Security Contexts Security Context Assignment and Persistence Security Policy Policy Statements Type and Attribute Statements User and Role Statements Object Class and Permission Statements Type Transition Rules Domain Transition Rules Access Vector Rules allow Rules auditallow Rules dontaudit Rules neverallow Rules Android Implementation Kernel Changes Userspace Changes Libraries and Tools System Initialization Labeling Files Labeling System Properties Labeling Application Processes Middleware MAC Device Policy Files Policy Event Logging Android 4.4 SELinux Policy Policy Overview Enforcing Domains Unconfined Domains App Domains Summary 13. System Updates and Root Access Bootloader Unlocking the Bootloader Fastboot Mode Android Partition Layout The Fastboot Protocol Fastboot Commands Recovery Stock Recovery Controlling the Recovery Sideloading an OTA Package OTA Signature Verification Starting the System Update Process Applying the Update Copying and Patching Files Setting File Ownership, Permissions, and Security Labels Finishing the Update Updating the Recovery Custom Recoveries Root Access Root Access on Engineering Builds Starting ADB as Root Using the su Command Root Access on Production Builds Rooting by Changing the boot or system Image Rooting by Flashing an OTA Package SuperSU How SuperSU Is Initialized Root Access on Custom ROMs Rooting via Exploits Summary Index Copyright