Ali YunOS chief architect: the safety problem is ROM can’t do

this paper cloud network readers, ali YunOS a chief architect pan aimin contribute

the security of the mobile operating system has attracted much attention over the past two years, people generally concerned about the security of application layer can be perceived, such as spam, malicious deduction, harassing phone calls, and so on. Take a mobile phone system for example, how to view the safety of it? User perceived security is just one aspect, even is only part of the system safety.

this paper explain the mobile operating system, system security and YunOS do important work in terms of system security. Finally also explains simply the application layer security is not enough.

a, the security of the mobile operating system

strictly speaking, the system security must be an all-round protection scheme, from the underlying system, through the middle layer, and then to the application layer, all need to have the corresponding protective measures and provide the necessary security capabilities. In the underlying system, the kernel space is very important for the safety, such as mobile system based on Linux, must ensure the normal work of the Linux kernel, and at the same time in the Linux kernel provides the necessary security mechanism, such as monitoring on the critical path of abnormal situation, security logs, etc. In the middle layer, on the other hand, there are a lot of code to run under the account system privilege, on this code to all kinds of safety testing, in order to prevent the loopholes in the code is malicious use; The middle layer, on the other hand, the need to provide important security functions, such as key management, certificate management, application validation, network intrusion detection, digital copyright protection, and so on. If the middle layer has a sandbox or virtual machine running environment, has to guarantee the safety of the sandbox or virtual machine itself. In the application layer, the main function of the safety of the user perceived including the aforementioned spam messages and harassing phone calls, etc.

these security protection or safety features are not isolated. Generally speaking, a layer of security is often based on the next layer of security mechanism, such as the middle tier code integrity testing needs the support of the kernel layer, application layer security functions often need the support of the middle layer security mechanism, such as user privacy protection needs to the middle tier or the ability of the underlying to provide safe storage.

for mobile operating system, the location service is also one of the most important aspects of the system safety. On the one hand, location services involving multiple software level, even the hardware layer, can be implanted in the back door; On the other hand, it is directly related to the user’s personal privacy, personal data may leak out through the associated network positioning service.

in addition, in order to protect the whole basis of the operating system or the kernel module, even need to provide the necessary hardware layer protection means. Otherwise, may be rewrite the entire operating system (mobile phone can be flash), all security means no longer trusted.

2, YunOS safety

YunOS is not an isolated terminal operating system, it has a built-in cloud services, thus to extend the function of the operating system to the cloud. YunOS from the underlying system, layer upon layer reinforcement, from end to cloud to form a closed loop safety. In terms of the operating system kernel security strengthen, YunOS for intrusion detection and active defense, can effectively prevent the illegal prison break, for domestic and foreign markets all mainstream ROOT tool against Linux operating system, can effective defense. At the same time YunOS within the kernel to mandatory access control of the kernel resources, greatly improves security.

YunOS in application framework layer can intercept and real-time control application access to sensitive user data, sensitive API calls, can effectively protect the user’s contacts, the phone records, access control, for the application to prevent application to steal run traffic. YunOS provides the function of the privacy, the user can store in privacy space pictures, video, and file. YunOS provides a secure payment, safety input method, can effectively to ensure the safety of users of online payment security and money. When a user password input force system of safety input, at this time can’t screenshots or videos, input channel can be intercepted, so as to ensure the user input will not be stolen. In addition, any third party applications cannot access, steal the user’s messages and contacts, so as to effectively prevent the financial fraud based on SMS.

YunOS combined with the ability to “end” and “cloud”, to realize the application of unknown virus killing or the back door, and the recognition of spam messages, to provide users with a quiet mobile world.

YunOS cloud space, to provide users with infinite capacity will backup data to the cloud, will never be lost. On top of other YunOS mobile phone can realize synchronous restore a key. YunOS also provides the phone lost function, the user can in after the mobile phone is lost through the cloud space remote positioning, remote erase data.

three, only the limitations of the application layer security protection

on the market at present mobile phone users in large part relies on some application layer security protection to their mobile phone system software, in fact, the application layer security software not only is restricted in protection, even destroy the normal operation of the system.

for application layer security software, its protective ability can be divided into two levels:

1. The use of standard programming interface of the operating system, on the application layer to provide some basic security functions, such as access storage space junk files scanning, request to access message for spam filtering, and so on. Due to a release of the operating system usually restrictions on the ability of applications to access data, the application layer security software can provide safety function is very limited;

2. Most of the application layer security software are hoping to break a little mention of function limit, to provide users with a stronger, more attractive security functions, such as to modify the system configuration, management and application permissions or to accelerate system, etc. Often they consciously to attacks on the system, in order to access privileges and injected code, thus providing these advanced features. The attack behavior on the system itself is a damage, almost inevitably affect system performance, stability and consistency.

mobile security on the other hand also depends on the mobile phone manufacturer to the importance of security and resource input, they will usually focus on mobile phone stability and ease of use, such as phone calls, send and receive text messages, browse the web, etc., but security is mostly a lack of long-term investment, for example, when the system security flaws exposed, may not publish updates in a timely manner. This naturally caused users rely on third-party security software to make up for the lack of security features, but in fact their system may have been carried out the attack.

in the mobile terminal industry chain, the most driving force to solve the security problem is the operating system vendors. However, in the domestic market, the vast majority of android phones and failed to get the support of Google, the security of android phones still depends on the degree of attention to the security terminal manufacturers, and users could install a third-party application layer security software. In this case, the real safety such as the above analysis.

You may also like...