Android uses the Binder IPC mechanism for communication between processes. Binder allows for asynchronous remote procedure calls through a client-server model. It works by passing flat binder objects between processes using the binder driver in the kernel. Key aspects of Android IPC include Intents for asynchronous messaging, AIDL for synchronous RPCs across processes, and system services that are registered with the service manager.
Android is a Linux-based architecture. In addition to the original Linux driver, Android need other additional device driver, like Android Logger, Binder, Low Memory killer, Power Management for android(wakelock), ASHMEM, etc out of which ashmem ,logger and binder are all character device drivers.
This presentation covers the working model about Process, Thread, system call, Memory operations, Binder IPC, and interactions with Android frameworks.
Binder is what differentiates Android from Linux, it is most important internal building block of Android, it is a subject every Android programmer should be familiar with
binder-for-linux is an experimental project to evaluate the feasibility of porting Android Binder IPC subsystem to Ubuntu Linux.
GitHub: https://github.com/hungys/binder-for-linux
Android is a Linux-based architecture. In addition to the original Linux driver, Android need other additional device driver, like Android Logger, Binder, Low Memory killer, Power Management for android(wakelock), ASHMEM, etc out of which ashmem ,logger and binder are all character device drivers.
This presentation covers the working model about Process, Thread, system call, Memory operations, Binder IPC, and interactions with Android frameworks.
Binder is what differentiates Android from Linux, it is most important internal building block of Android, it is a subject every Android programmer should be familiar with
binder-for-linux is an experimental project to evaluate the feasibility of porting Android Binder IPC subsystem to Ubuntu Linux.
GitHub: https://github.com/hungys/binder-for-linux
For new age touch-based embedded devices, Android is becoming a popular OS going beyond mobile phones. With its roots from Embedded Linux, Android framework offers benefits in terms of rich libraries, open-source and multi-device support. Emertxe’s hands-on Embedded Android Training Course is designed to customize, build and deploy custom Embedded OS on ARM target. Rich set of projects will make your learning complete.
There are many books, articles and paper publications about Android and related applications but only a few are related to how Android operating system works internally.In this talk we will see how android boots up , an overview of zygote , how system server and package manager works. This talk will be extremely helpful to foster understanding among android developers about Android Internals as well as everybody else who desires a general understanding of the internal working of Android powered devices.
Android Audio HAL – Audio Architecture – Audio HAL interface – Audio Policy – Audio HAL compilation & verification – Overview of Tinyalsa
Android Video HAL – Camera Architecture – Overview of camera HAL interface – Overview of V4L2 – Enabling V4l2 in kernel – Camera HAL compilation and verification
For new age touch-based embedded devices, Android is becoming a popular OS going beyond mobile phones. With its roots from Embedded Linux, Android framework offers benefits in terms of rich libraries, open-source and multi-device support. Emertxe’s hands-on Embedded Android Training Course is designed to customize, build and deploy custom Embedded OS on ARM target. Rich set of projects will make your learning complete.
There are many books, articles and paper publications about Android and related applications but only a few are related to how Android operating system works internally.In this talk we will see how android boots up , an overview of zygote , how system server and package manager works. This talk will be extremely helpful to foster understanding among android developers about Android Internals as well as everybody else who desires a general understanding of the internal working of Android powered devices.
Android Audio HAL – Audio Architecture – Audio HAL interface – Audio Policy – Audio HAL compilation & verification – Overview of Tinyalsa
Android Video HAL – Camera Architecture – Overview of camera HAL interface – Overview of V4L2 – Enabling V4l2 in kernel – Camera HAL compilation and verification
Embedded Android system development workshop is focused on integrating new device with Android framework. Our hands-on approach makes Emertxe as the best institute to learn android system development training. This workshop deep dives into Android porting, Android Hardware Abstraction Layer (HAL), Android Services and Linux device driver ecosystem. This workshop based training program will enable you to efficiently integrate new hardware with Android HAL / Framework.
There is a surge in number of sensors / devices that are getting connected under the umbrella of Internet-Of-Things (IoT). These devices need to be integrated into the Android system and accessed via applications, which is covered in the course. Our Android system development course curriculum over weekends with practicals ensures you learn all critical components to get started.
In order to understand HAL layers of Android Framework, having Linux device driver knowledge is important. Hence Day-2 of the workshop focuses on the same.
LCU13: An Introduction to ARM Trusted FirmwareLinaro
Resource: LCU13
Name: An Introduction to ARM Trusted Firmware
Date: 28-10-2013
Speaker: Andrew Thoelke
Video: http://www.youtube.com/watch?v=q32BEMMxmfw
COMMON COMPETENCY REQUIREMENT IN EVERY TESDA COURSE TO SHARE TAG ADD LINK AND LIKE - Will make hundreds of thousands TESDA feeds streaming the social network daily, a massive activity that practically shoots cumulative viral reach over the internet generating unlimited time-stamped data and information. Behind the Facebook walls this dynamic profile connection is building a gigantic database in a virtual network of Tesda Fans Club at www.facebook.com/TesdaFansClub
UtrechtJUG_Exploring statefulmicroservices in a cloud-native world.pptxGrace Jansen
How does one choose to architect a system that has a Microservice / REST API endpoints? There are many solutions out there. Some are better than others. Should state be held in a server side component, or externally? Generally we are told this is not a good practice for a Cloud Native system, when the 12-factor guidelines seem to be all about stateless containers, but is it? It’s unclear and this confusion may lead to poor technology stack choices that are impossible or extremely hard to change later on as your system evolves in terms of demand and performance.
While stateless systems are easier to work with, the reality is that we live in a stateful world, so we have to handle the state of data accordingly to ensure data integrity beyond securing it.
We will examine and demonstrate the fundamentals of a Cloud Native system with Stateful Microservices that’s built with Open Liberty and MicroProfile.
How does one choose to architect a system that has a Microservice / REST API endpoints? There are many solutions out there. Some are better than others. Should state be held in a server side component, or externally? Generally we are told this is not a good practice for a Cloud Native system, when the 12-factor guidelines seem to be all about stateless containers, but is it? It’s unclear and this confusion may lead to poor technology stack choices that are impossible or extremely hard to change later on as your system evolves in terms of demand and performance.
While stateless systems are easier to work with, the reality is that we live in a stateful world, so we have to handle the state of data accordingly to ensure data integrity beyond securing it.
We will examine and demonstrate the fundamentals of a Cloud Native system with Stateful Microservices that’s built with Open Liberty and MicroProfile.
Configuration Management Tools on NX-OSCisco DevNet
A session in the DevNet Zone at Cisco Live, Berlin. On Cisco Nexus devices, configuration is performed using command-line interfaces (CLIs) that run only on the device. Configuration Management Tools allow you to automate the network devices configuration in the same way sysadmin have automated the server configuration. These tools include Puppet, Chef and Ansible. We will be introducing the concept of each of them, agent vs agent-less and demoing some use cases.
We will also describe some of the technology enablers like NX-API REST that allows you to enable configurations that would require issuing many CLI commands by combining configuration actions in relatively few HTTP/HTTPS operations."
The twelve-factor app is designed for continuous deployment by keeping the gap between development and production small. For example, make the time gap small, make the personnel gap small & make the tools gap small. Learn more about how a Cloud vendor must provide a platform for 12-factor / Cloud Native development and deployment with identified anti-patterns.
This deck was presented at Lendingkart meetup in Bangalore covering our experiences with creating CI/CD Pipeline with Kubernetes. Here is the video link of the meetup.
https://youtu.be/YraPL_NGmcs
Pluggable Infrastructure with CI/CD and DockerBob Killen
The docker cluster ecosystem is still young, and highly modular. This presentation covers some of the challenges we faced deciding on what infrastructure to deploy, and a few tips and tricks in making both applications and infrastructure easily adaptable.
The Evolution of Distributed Systems on KubernetesBilgin Ibryam
Cloud native applications of the future will consist of hybrid workloads: stateful applications, batch jobs, stateless microservices, functions, (and maybe something else too) wrapped as Linux containers and deployed via Kubernetes on any cloud. Functions and the so-called serverless computing model is the latest evolution of what started as SOA years ago. But is it the last step of the application architecture evolution and is it here to stay? During this talk, we will take you on a journey exploring distributed application needs and how they evolved with Kubernetes, Istio, Knative, Dapr, and other projects. By the end of the session, you will know what is coming after microservices.
Securing Your Apps & APIs in the CloudOlivia LaMar
Hybrid and multi-cloud architectures are becoming the expected standard for architecture teams to buildout and for operations teams to maintain and deploy. Ever faster DevOps workflows are now an expectation for any digital enterprise, not a goal. And the code DevOps teams are pushing out is typically now packaged in containers, creating an increasingly distributed application landscape.
So how can organizations still practice effective application security policy without impacting or crippling their modernization initiatives? NGINX can help with that.
These slides will cover:
NGINX Plus as an integrated, cloud-native Load Balancer and API Gateway in NGINX Plus
NGINX App Protect as the new cloud-native WAF extension for NGINX Plus
Demo of both working in tandem to set:
Edge routing policy
Edge Security Policy
And Extending down to Granular, Per-App Security Policy
Microservices @ Work - A Practice Report of Developing MicroservicesQAware GmbH
Cloud Native Night October 2016, Mainz: Talk by Simon Bäumler (Technical Chief Designer at QAware).
Join our Meetup: www.meetup.com/cloud-native-night
Abstract: This talk takes a practice oriented approach to examine microservice oriented architecture. It will show two real systems, one build from scratch in a microservice architecture, the other migrated from a monolithic system to a microservice architecture.
With the example of these two systems the pittfalls, advantages and lessons learned using microservice oriented architectures will be discussed.
While both systems use the java stack, including spring boot and spring cloud many topics will be kept general and will be of interest for all developers.
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxlior mazor
Stay safe, grab a drink and join us virtually for our upcoming "The Hacking Game - A Road to Post Exploitation" meetup
to learn how hackers can compromise the software supply chain, advanced data protection methods on WebLogic Server and
how to use AI in order to protect your software.
Agenda:
17:00 - 17:10 - 'Opening words' - by Gidi Farkash (CISO at Pipl Security)
17:10 - 17:40 - 'Tracking Attackers in Open Source Supply Chain - Lessons Learned' - by Jossef Harush Kadouri (Head of Software Supply Chain Security at Checkmarx)
17:40 - 18:20 - 'WebLogic - The Road to Post Exploitation' - by Amit German (Cyber Security Researcher at Pentera)
18:20 - 19:00 - 'AI In The Hands of Application Security' - by Brit Glazer (Head of Information Security at Unit)
Securing MongoDB to Serve an AWS-Based, Multi-Tenant, Security-Fanatic SaaS A...MongoDB
MongoDB introduces new capabilities that change the way micro-services interact with the database, capabilities that are either absent or exist only partially in high-end commercial databases such as Oracle. In this session I will share from my experiences building a cloud-based, multi-tenant SaaS application with extreme security requirements. We will cover topics including considerations for storing multi-tenant data in the database, best practices for authentication and authorization, and performance considerations specific to security in MongoDB.
Rob Davies presentation during Red Hat's "Microservices Journey with Apache Camel" that took place in Atlanta on 10/04/16 and in Minneapolis on 10/06/16.
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE
How to Debug IoT Agents Webinar - 17th April 2019
Corresponding webinar recording: https://youtu.be/FRqJsywi9e8
Chapter: IoT Agents
Difficulty: 3
Audience: Any Technical
Presenter: Jason Fox (Senior Technical Evangelist, FIWARE Foundation)
How to debug IoT Agents - investigating what goes wrong and how to fix it.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
26. MESSENGER & HANDLER
App A App B
Activity
ServiceMessenger
Handler
call back
start
pass by
reference
call back
reference / call
26
27. MESSENGER & HANDLER
• 和 Intent 很像
• 但提供了雙向溝通!
• Android Developer 網站說明:
Reference to a Handler, which others can use to send
messages to it. This allows for the implementation of
message-based communication across processes, by
creating a Messenger pointing to a Handler in one
process, and handing that Messenger to another
process.
27
34. BINDER !
• 超重要的!
In the Android platform, the binder is used for
nearly everything that happens across processes
in the core platform. - Dianne Hackborn!
[https://lkml.org/lkml/2009/6/25/3]
34
44. BINDER_WRITE_READ
• read_buffer 和 write_buffer 是⼀一
個指標(指向 user space 的
buffer)
• BC_TRANSACTION
• 解析將要被處理的資料
• BC_REPLY
• 回傳結果資料
struct binder_write_read {
signed long write_size;
signed long write_consumed;
unsigned long write_buffer;
signed long read_size;
signed long read_consumed;
unsigned long read_buffer;
}
44
59. BINDER COMMUNICATION
Binder Service
Kernel Process B
Service
Manager
Proxy
Client
Process A
Manager Proxy Context Manager
Framework
register CM
await reqs
get CM register
service
registered
service
register svc tx
get CM
get svc tx
init manager
get service
got service
59
74. THREAT !
App A App B Malicious App
Activity
Service
Broadcast
Receiver
Activity
Service
Broadcast
Receiver
Activity
Service
Broadcast
Receiver
Intent Intent Intent
Intent
System Intent
System Intent
74
76. QUESTIONS?
• How well does an Android component behave in the
presence of a semi-valid or random Intent?
• How robust are Android’s ICC primitives?
• How can we refine the implementation of Intents so that inpt
validation can be improved?
76
79. SEMI-MANUAL ...
• finishActivity() did not work in two situations
• System alert was generated (crash or exception)
• Activity was started as a new task
Calling startActivity() from outside of an Activity context
requires the FLAG_ACTIVITY_NEW_TASK flag.
79
80. GENERATING INTENTS
• { Action / Data / Component / Extras }
• Data URI := scheme/path?query
80
82. IMPLICIT INTENT
• A.Valid Intent, unrestricted fields null:
• Match only the restricted attributes of the Intent-filter
• B. Semi-valid Intent:
• Fuzz at least one fileds
82
85. EXPLICIT INTENT
• FIC A. Semi-valid Action and Data
• FIC B. Blank Action or Data
• FIC C. Random Action or Data
• FIC D. Random Extras
* FIC : fuzz injection campaigns
robustness of callee
potential adversary
85
86. SEMI-VALID ACTION AND
DATA
• Total Intents: |Action|x|Data| for each component
!
{ act=ACTION_EDIT
data=http://www.google.com
comp=com.android.someCompon
ent }
Meaningless
86
87. BLANK DATA OR ACTION
• Total Intents: |Action|+|Data| for each component
!
{ data=http://www.google.com
comp=com.android.someCompon
ent }
No Action
87
88. RANDOM ACTION OR DATA
{ act=ACTION_EDIT
data=a1b2c3d4
comp=com.android.someCompon
ent }
Random
88
96. RESULTS FOR EXPLICIT
INTENTS
• 2148 crashes in Android 2.2
• 641 crashes in Android 4.0
• 152 crashes for Apps from Market
96
97. FAILED COMPONENTS
!
• Many Android components do not perform null checks
• 3 of the apps (from Market) had at least one component
failed one or more experiments
97
100. SYSTEM CRASH
• 3 Activities in built-in apps caused system_server to restart
• Did not catch NullPointerExceptions
• Need no extra permissions
100
102. RESULTS FORVALID INTENTS
• In HTC Evo 3D ...
• 1910 Intent-filters startActivity()
• Some of them is registered by Services
• ActivityNotFoundException
• Crashed 5 components
• 12 unexpected exceptions
1. NullPointerException
2. IOException
3. Resource
$NotFoundException
102