This course covers the Android ION memory management system and its vulnerabilities discussed at the CCS 2016 conference. The learning outcomes include understanding traditional and new memory design approaches, the advantages of the new design, ION architecture, DoS attacks, information leaks, and defense mechanisms. The course teaches skills in identifying memory vulnerabilities, analyzing case studies, and implementing defense strategies. The teaching method involves a presentation format with case studies and industry feedback. The intended audience includes cybersecurity professionals, software developers, and individuals interested in Android security and memory management systems.
Android ION Hazard - The Curse of Customizable Memory Management System
Association for Computing Machinery (ACM) via YouTube
Overview
Syllabus
Intro
Everyday Memory Requirements
Special Memory Requirements
How to meet them: Traditional Design
How to meet them: New Design
Advantages of the new design
Architecture: ION
Rest of the talk...
Dos: Case Study
DoS: Discovery
DoS: Defense
Information Leak: Root Cause
Why uninitialized: customization
Why uninitialized: complexity
Information Leak: Discovery
Information Leak: Case Study
CVE-2015-8950: Live memory dump
Information Leak: Defense
Conclusion
Industry Feedback
Taught by
ACM CCS
