Honey I Shrunk the Attack Surface – Adventures in Android Security Hardening

Black Hat USA 2017

Presented by: Nick Kralevich
Date: Thursday July 27, 2017
Time: 12:10 - 13:00
Location: Lagoon DEFJKL

Information security is ever evolving, and Android's security posture is no different. Users and application developers have high expectations that their data will be kept safe, private, and secure, and it's the responsibility of the Android Security Team to enable this. To do this, Android has focused on four critical principles of information security: exploit mitigation, exploit containment, attack surface reduction, and safe-by-default features.

In this talk, we will discuss Android's attack surface reduction history, and how that fits into the broader Android security story. We will go into detail on the specific technical strategies used to achieve the attack surface reduction, and explore specific bugs which were made unreachable as a result of the hardening over the last several years. And we will examine the overall result of the hardening, and areas for improvement.

Nick Kralevich

Nick Kralevich is head of Android platform security at Google and one of the original members of the Android security team. In his eight years in Android, he led the development of Android's key security features and has been on the forefront of modern operating system security. Nick's expertise is in defensive security technologies with a focus on native code hardening, application containment, and exploit mitigation.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats