Android Lollipop introduced several new security features for enterprise mobile device management including enhanced SELinux policies, Smart Lock, Device Protection, the Device Administration API, and Managed Profiles. It also improved data encryption with faster encryption of only used blocks and support for encryption without password. These features help provide a more secure environment for enterprise mobility.
The Art of defence: How vulnerabilites help shape security features and mitig...Priyanka Aash
Information security is ever evolving, and Android's security posture is no different. Android users faces threats from a variety of sources, from the mundane to the extraordinary. Lost and stolen devices, malware attacks, rooting vulnerabilities, malicious websites, and nation state attackers are all within the Android threat model, and something the Android Security Team deals with daily. In this talk, we will cover the threats facing Android users, using both specific examples from previous Black Hat conferences and published research, as well as previously unpublished threats. For the threats, we will go into the specific technical controls which contain the vulnerability, as well as newly added Android N security features which defend against future unknown vulnerabilities. Finally, we'll discuss where we could go from here to make Android, and the entire computer industry, safer.
(Source: Black Hat USA 2016, Las Vegas)
Monthly DFIR Training in collaboration with DFIR Austin. This month's training covered the process of getting remote access during incident response investigations, delving into rapid agent deployment options such as GPOs and RMM tools as well as agentless triage channels such as WMI, Powershell Remoting, SSH, etc.
The Art of defence: How vulnerabilites help shape security features and mitig...Priyanka Aash
Information security is ever evolving, and Android's security posture is no different. Android users faces threats from a variety of sources, from the mundane to the extraordinary. Lost and stolen devices, malware attacks, rooting vulnerabilities, malicious websites, and nation state attackers are all within the Android threat model, and something the Android Security Team deals with daily. In this talk, we will cover the threats facing Android users, using both specific examples from previous Black Hat conferences and published research, as well as previously unpublished threats. For the threats, we will go into the specific technical controls which contain the vulnerability, as well as newly added Android N security features which defend against future unknown vulnerabilities. Finally, we'll discuss where we could go from here to make Android, and the entire computer industry, safer.
(Source: Black Hat USA 2016, Las Vegas)
Monthly DFIR Training in collaboration with DFIR Austin. This month's training covered the process of getting remote access during incident response investigations, delving into rapid agent deployment options such as GPOs and RMM tools as well as agentless triage channels such as WMI, Powershell Remoting, SSH, etc.
Matt Oh, Microsoft
We are seeing new technique used everyday by malware. But, it is very hard to find any impressive techniques used in the wild. Recently there was huge buzz about Detrahere malware which used internally known issues with certificate signing in Windows 10 kernel driver. Even though the certificate check bypass technique itself is very interesting, also I found that the tactics used by the malware is more impressive. Even though the malware is mainly focused on Ad-hijacking functionality through Netfilter driver installation, but it also has rootkit ability through file system driver hooking. This feels like old days coming back with various new arsenals. The rootkit detects kernel debugging settings and will destroy the system when it finds one. The unpacking process can be very challenging job, too as it uses kernel driver image hollowing technique (something similar to process hollowing) to deobfuscate itself and run unpacked code. Our patchguard doesn't seem like triggering on this action, because all the sections are pre-allocated with execute permission already.
Through this talk, I want to present various techniques used by this malware focusing on the kernel level obfuscation and anti-analysis tactics. This will give us new insights on how new Windows rootkit malware might look like in the future and how detecting them from security systems and detonation systems can be a challenge.
In this presentation I have explained about difference between regular malware attack and fileless attack. Also added ways to capture it using EventTracker.
Matt Nelson, SpecterOps
A persistent "enlightened" attacker will invest the required resources to bypass any and all security features that might stand between them and their objective, regardless if these features are guaranteed to be serviced as security boundaries or not. This includes researching and developing attacks against Windows security features that may impose a hurdle in their attack chain. This talk will outline recent research into features such as User Account Control (UAC), the Antimalware Scan Interface (AMSI) and Device Guard and how these bypasses are useful to attackers in an operational context.
Some examples include:
UAC: If an attacker compromises a user that is running as a split-token administrator, bypassing UAC is required in order to perform any administrative actions; such as dumping credentials from memory.
AMSI: With in-memory attacks becoming more prevalent via scripting languages, AMSI is the next logical step to facilitate detection. An attacker will need to bypass AMSI in order to safely operate in memory when using PowerShell, VBScript, or JScript.
Device Guard: As organizations begin to consider whitelisting solutions, an attacker is required to adapt and develop a bypass to these technologies. One such solution is Device Guard, which can be used to heavily restrict what is allowed to execute on the system. In order to accomplish their objective, an attacker would need to bypass User Mode Code Integrity (UMCI). Such research can find novel ways to execute code in ways that are not likely to be detected.
I will also cover some of the fixes that have been implemented in newer versions of the Windows Operating System. Fixing these bypasses will not only make Windows safer, but it will begin to disrupt attackers by raising the cost associated with successfully executing an attack.
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksMauricio Velazco
After obtaining an initial foothold, adversaries will most likely target or abuse Active Directory across the attack lifecycle to achieve operational success. It is essential for Blue Teams to design and deploy proper visibility & detection strategies for AD-based attacks and executing Adversary Simulation/Purple Team exercises can help. This talk will introduce the Active Directory Purple Team Playbook, a library of documented playbooks that describe how to simulate different adversary techniques targeting Active Directory. The playbooks can help blue teams measure detection coverage and identify enhancement opportunities. After this talk, attendees will be able to run purple team exercises against development or production Active Directory environments using open source tools.
2009-08-24 The Linux Audit Subsystem Deep DiveShawn Wells
Presented at SHARE Denver 2009. Why is Linux auditing needed? What can it do for me? How does it work? What events get audited? How do I make sense of all the data?
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
Updated slides on Master Serial Killer from Adam Crain and Chris Sistrunk's research on ICS Protocol Vulnerabilities called Project Robus, the Aegis Fuzzer, and mitigations of these vulnerabilities.
Matt Oh, Microsoft
We are seeing new technique used everyday by malware. But, it is very hard to find any impressive techniques used in the wild. Recently there was huge buzz about Detrahere malware which used internally known issues with certificate signing in Windows 10 kernel driver. Even though the certificate check bypass technique itself is very interesting, also I found that the tactics used by the malware is more impressive. Even though the malware is mainly focused on Ad-hijacking functionality through Netfilter driver installation, but it also has rootkit ability through file system driver hooking. This feels like old days coming back with various new arsenals. The rootkit detects kernel debugging settings and will destroy the system when it finds one. The unpacking process can be very challenging job, too as it uses kernel driver image hollowing technique (something similar to process hollowing) to deobfuscate itself and run unpacked code. Our patchguard doesn't seem like triggering on this action, because all the sections are pre-allocated with execute permission already.
Through this talk, I want to present various techniques used by this malware focusing on the kernel level obfuscation and anti-analysis tactics. This will give us new insights on how new Windows rootkit malware might look like in the future and how detecting them from security systems and detonation systems can be a challenge.
In this presentation I have explained about difference between regular malware attack and fileless attack. Also added ways to capture it using EventTracker.
Matt Nelson, SpecterOps
A persistent "enlightened" attacker will invest the required resources to bypass any and all security features that might stand between them and their objective, regardless if these features are guaranteed to be serviced as security boundaries or not. This includes researching and developing attacks against Windows security features that may impose a hurdle in their attack chain. This talk will outline recent research into features such as User Account Control (UAC), the Antimalware Scan Interface (AMSI) and Device Guard and how these bypasses are useful to attackers in an operational context.
Some examples include:
UAC: If an attacker compromises a user that is running as a split-token administrator, bypassing UAC is required in order to perform any administrative actions; such as dumping credentials from memory.
AMSI: With in-memory attacks becoming more prevalent via scripting languages, AMSI is the next logical step to facilitate detection. An attacker will need to bypass AMSI in order to safely operate in memory when using PowerShell, VBScript, or JScript.
Device Guard: As organizations begin to consider whitelisting solutions, an attacker is required to adapt and develop a bypass to these technologies. One such solution is Device Guard, which can be used to heavily restrict what is allowed to execute on the system. In order to accomplish their objective, an attacker would need to bypass User Mode Code Integrity (UMCI). Such research can find novel ways to execute code in ways that are not likely to be detected.
I will also cover some of the fixes that have been implemented in newer versions of the Windows Operating System. Fixing these bypasses will not only make Windows safer, but it will begin to disrupt attackers by raising the cost associated with successfully executing an attack.
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksMauricio Velazco
After obtaining an initial foothold, adversaries will most likely target or abuse Active Directory across the attack lifecycle to achieve operational success. It is essential for Blue Teams to design and deploy proper visibility & detection strategies for AD-based attacks and executing Adversary Simulation/Purple Team exercises can help. This talk will introduce the Active Directory Purple Team Playbook, a library of documented playbooks that describe how to simulate different adversary techniques targeting Active Directory. The playbooks can help blue teams measure detection coverage and identify enhancement opportunities. After this talk, attendees will be able to run purple team exercises against development or production Active Directory environments using open source tools.
2009-08-24 The Linux Audit Subsystem Deep DiveShawn Wells
Presented at SHARE Denver 2009. Why is Linux auditing needed? What can it do for me? How does it work? What events get audited? How do I make sense of all the data?
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
Updated slides on Master Serial Killer from Adam Crain and Chris Sistrunk's research on ICS Protocol Vulnerabilities called Project Robus, the Aegis Fuzzer, and mitigations of these vulnerabilities.
It covers the following topics
- Developing CSR policy
- Program formulation / project design
- Operational structure
- Implementation strategy
- Performance Management
- Communicating the impact to internal and external stakeholders
Intent-Aware Temporal Query Modeling for Keyword SuggestionFindwise
This paper presents a data-driven approach for capturing the temporal variations in user search behaviour by modeling the dynamic query relationships using query-log data. The dependence between different queries (in terms of the query words and latent user intent) is represented using hypergraphs which allows us to explore more complex relationships compared to graph-based approaches. This time-varying dependence is modeled using the framework of probabilistic graphical models. The inferred interactions are used for query keyword suggestion - a key task in web information retrieval. Preliminary experiments using query logs collected from internal search engine of a large health care organization yield promising results. In particular, our model is able to capture temporal variations between queries relationships that reflect known trends in disease occurrence. Further, hypergraph-based modeling captures relationships significantly better compared to graph-based approaches.
A Method for Detecting Behavior-Based User Profiles in Collaborative Ontology...Sven Van Laere
Ontology engineering is far from trivial and most collaborative methods and tools start from a predefined set of rules, stakeholders can have in the ontology engineering process. We, however, believe that the different types of user behavior are not known a priori and depend on the ontology engineering project. The detection of such user profiles based on unsupervised learning allows finding roles and responsibilities along peers in a collaborative setting. In this paper, we present a method for automatic detection of user profiles in a collaborative ontology engineering environment by means of the K-means clustering algorithm only by looking at the type of interactions a user makes. In this paper we use the GOSPL ontology engineering tool and method to demonstrate this method. The data used to demonstrate the method stems from two ontology engineering projects involving respectively 42 and 36 users.
Predicting Current User Intent with Contextual Markov ModelsJulia Kiseleva
Abstract—In many web information systems like e-shops and information portals predictive modeling is used to understand user intentions based on their browsing behavior. User behavior is inherently sensitive to various contexts. Identifying such relevant contexts can help to improve the prediction performance. In this work, we propose a formal approach in which the context
discovery process is defined as an optimization problem. For simplicity we assume a concrete yet generic scenario in which context is considered to be a secondary label of an instance that is either known from the available contextual attribute (e.g. user location) or can be induced from the training data (e.g. novice vs. expert user). In an ideal case, the objective function of the optimization problem has an analytical form enabling us
to design a context discovery algorithm solving the optimization problem directly. An example with Markov models, a typical approach for modeling user browsing behavior, shows that the derived analytical form of the optimization problem provides us with useful mathematical insights of the problem. Experiments with a real-world use-case show that we can discover useful contexts allowing us to significantly improve the prediction of
user intentions with contextual Markov models.
Presentation on Advanced Keyword Modeling from SES Chicago 2011. Focused on mining searcher intent, audience and authority from search and social media data.
Dynamic Search Using Semantics & StatisticsPaul Hofmann
This presentation shows 3 applications of successfully combining semantics and statistics for text mining and interactive search.
1) We predict the Lehman bankruptcy using statistical topic modeling, SAP Business Objects entity extraction and associative memories (powered by Saffron Technologies).
2) We semi-automatically handle service requests at Cisco using knowledge extraction and knowledge reuse.
3) We discover user intent for interactive retrieval. User intent is defined as a latent state. The observations of this latent state are the reformulated query sequence, and the retrieved documents, together with the positive or negative feedback provided by the user. Demo shows recognizing user’s intent for health care search.
Beyond the Scan: The Value Proposition of Vulnerability AssessmentDamon Small
Vulnerability Assessment is, by some, regarded as one of the least “sexy” capabilities in information security. However, it is the presenter’s view that it is also a key component of any successful infosec program, and one that is often overlooked. Doing so serves an injustice to the organization and results in many missed opportunities to help ensure success in protecting critical information assets. The presenter will explore how Vulnerability Assessment can be leveraged “Beyond the Scan” and provide tangible value to not only the security team, but the entire business that it supports.
Network Intent Composition in OpenDaylightOpenDaylight
There is a flurry of activity on policy and intent in Software-defined Networks. The NIC project in OpenDaylight focuses on enabling the controller to manage and direct network services and network resources based on app-described “Intents”. The Intent based NBI allows for a descriptive way to get what is desired from the infrastructure, unlike the current SDN interfaces which are based on describing how to provide different services. The Network Intent Composition function will use existing OpenDaylight Network Service Functions and Southbound Plugins to control both virtual and physical network devices.
Summit 16: Applying Machine Learning to Intent-based Networking and Nfv Scali...OPNFV
The talk will highlight how Machine Learning techniques can be used to address different aspects of the operation and control of NFV and propose future OPNFV activities in this area. First, Diego will introduce how Machine Learning is being applied by the CogNet project to address intent-based networking, and discuss the architecture defined there as a potential framework for future ML integration. Glen will demonstrate a policy-based system for automating VNF scaling using performance data collection and analytics with machine learning (ML), based on OPNFV Brahmaputra and the underlying OpenStack telemetry system (Ceilometer), as well as the open-source Apache Kafka, Apache Zookeeper and Apache Spark streaming and MLlib libraries. Available as open-source, it combines predictive and reactive inputs to make the VNF scaling decision and trigger action in the MANO stack. The presentation will provide an overview of the system, demonstrate the VNF auto-scaling use case and discuss how this system will fit into a future OPNFV release.
Video at http://mrkn.co/andsec
With Android activations reaching a million devices per day, it is no surprise that security threats against our favorite mobile platform have been on the rise.
In this session, you will learn all about Android's security model, including application isolation (sandboxing) and provenance (signing), its permission system and enforcement, data protection features and encryption, as well as enterprise device administration.
Together, we will dig into Android's own internals to see how its security model is applied through the entire Android stack - from the Linux kernel, to the native layers, to the Application Framework services, and to the applications themselves.
Finally, you’ll learn about some of the weaknesses in the Android's model (including rooting, tap-jacking, malware, social-engineering) as well as what can be done to mitigate those threats, such as SE-Linux, memory protection, anti-malware, firewall, and developer best practices.
By the end of this session you will have a better understanding of what it takes to make Android a more trusted component of our personal and professional lives.
Object-oriented design patterns in UML [Software Modeling] [Computer Science...Ivano Malavolta
This presentation is about a lecture I gave within the "Software Modeling" course of the Computer Science bachelor program, of the Vrije Universiteit Amsterdam.
http://www.ivanomalavolta.com
Lisa Höjlund, UX-designer på Wipcore berättar om UX och design för e-handel. Bilder från Wipcores e-handelsfrukost den 1/6 2016. Se föredraget på video på https://www.youtube.com/watch?v=CQOEEsec9Ns
Performance-Based Funding – A New Era in Accountability?Ludmila Adamovica
Data visualization of “Performance Based Funding – A new era in accountability?” Many states are now reconsidering the funding by enrollment model for state appropriations.
Humans & Machines Ethics Canvas’s main goal is to be a guide for critical thinking throughout the ethical decision-making process. It acts as a value system and an ethics framework for humans and machines interaction to assess the influence of machine learning and software development while developing a system for individuals, teams, and organisations.
Read More....
[[ http://adataanalyst.com/business/humans-machines-ethics-canvas/ ]]
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
The Android platform has been plagued by malware for the past several years. Despite all attempts to detect and mitigate malicious applications on Android, malware is still flying under our radar and getting on our devices and causing millions of users financial and data loss every year. Additionally, the malware analysis community is at a large disagreement on how Android malware should be classified. In this talk, we’ll dive into the tactics, tools and procedures used by Android malware today, including several case studies of exceptional malware samples. By analyzing real code used by malware in the wild, we’ll be able to show the advancements in Android malware from a design perspective.
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Codemotion
Ron Munitz - Codemotion Rome 2015
In this session I will present the essential security measures for Application Developers, show how to reverse engineer purely protected apps, and discuss what common security guidelines will and will not work against untrusted, rooted devices. The session will include the confessions of an evil, yet good attacker, and will unleash some serious security flaws you have probably never considered in your app development.
Voxxed Days Villnius 2015 - Burning MarshmallowsRon Munitz
My talk from Voxxed Days Vilnius. In this talk we talked about the Android security model, how it has been affected by some publicly disclosed weaknesses in 2015, and what the Android Marshmallow future holds
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)Ron Munitz
My Android Security session in Code Motion , December 2014, Tel-Aviv, Israel.
In this session I will present the essential security measures for Application Developers, show how to reverse engineer purely protected apps, and discuss what common security guidelines will and will not work against untrusted, rooted devices. The session will include the confessions of an evil, yet good attacker, and will unleash some serious security flaws you have probably never considered in your app development.
For Training/Consulting requests: info@thepscg.com
The PSCG's Ron Munitz's talk on MobSecCon, September 3rd, 2015.
A PDF is available in: http://thepscg.com/events/MobSecCon
Israel's first Android (and mobile) Internals conference coming up this November!
http://www.thepscg.com/events/MobModCon
Android is an open source Platform or a software stack for mobile. It is a Google product. but still as it is a open source so anyone can develop its application It run on dalvik VM and its applications are written in java. Android is a terrifically growing mobile platform and also a user loveable OS for mobile phone. We can see that its new versions are coming with a small or can say with in a minimum interval . Recently we have android 5.0 and on its release google had announced for android 5.0.1 also.
The Android OS project was started in 2001. Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance.
1-HISTORY OF ANDROID:-
In 2005 Google buys android Incorporation and started dalvik. At that time it is not possible for Google to go out and buy the companies to work on android, so Google in 2007 announced Android as an Open Handset Alliance so it a point to be noted that know android is not owned by only by Google or Google is the owner of android but OHA is the owner of android. 2008 to 2010 the android become a biggest used platform for mobile, it was world wide accepted mobile platform domain. In 2011 the chairman of Google Mr. Eric had decided to more to other device also like gaming, tablets, Tv watches, Car GPRS systems, etc.
YEAR TASK
2005 Google buys ANDROID Inc.
2007 Open Handset Alliance. Announced FIRST SDK.
2008 Android become the domain of mobile platform
2011 Games, tablets, watches,etc
Why Dalvik VM not Java VM (JVM) ?
Android runs java app so why don’t we use java vm ?
because of two good reasons
1- business.
2- Technical.
Business is Java is owned by Oracle. So We have to buy license for java VM. Due to which Android will no longer be free, and there is no reason that why Google will give profit to Oracle. And it is not easy for Google to buy license from oracle for each VM After all it is the reason for its pride. There are main two technical reasons
1-battery consumption of java vm. As java is optimized and is designed to run on Intel chips easily and Intel chips need more and more power to run and in mobiles the battery in main consistent so intel chips are replaced by armed chips, so it is not possible to run java vm on it.
2- Memory consumption in java vm to run any app first we have to load it class for memory to Hard disk or RAM, so to run first we have to wait for vm to search and load class in HD or RAM. And in mobile we don’t have such a large memory that we load classes every before running any app. So it better to replace JVM with dalvik vm which use classes but there is no need to load it in RAM it run it directly.
Difference b\w Delvik and ART
0 In dalvik runtime, the JIT in bounded to CPU but ART frees the CPU from translating DEX to machine code during app’s execution thus reduce energy consumption.
o ART is faster as it directly convert. DEX byte-code to NAT
Big Data, Open Data e Open Information:
-Individuarli, Analizzarli e Gestirli: Benefici e Vantaggi;
-Open Data e Open Information: Definizioni e Quadro Normativo;
-Come avviare il processo di apertura dei dati;
La data science è una branca dell’informatica, basata sui dati, che si fonda su conoscenze relative all’integrazione dei dati (Big Data), allo sviluppo di algoritmi matematici (Analisi Predittiva/Machine Learning) e alle capacità tecnologiche: di fatto si concentra e pone il suo massimo vantaggio sulla risoluzione analitica di problemi complessi.
E se vi chiedessi:
Cosa lega le ultime tendenze del cloud alla programmazione degli anni 80?
Quali sono le cose realmente importanti da tenere a mente quando si realizza un'applicazione?
Qual'è la strategia migliore per "inseguire professionalmente" le novità e non diventare rapidamente "obsoleto"?
Cosa si intende per "Pensiero Analogico e Azione Digitale"?
Questo e altro nel nuovo seminario di Pasquale Camastra (che si terrà presso la nostra sede il 14/09/2017 alle ore 17:30), che, questa volta nelle vesti di Evolutionary Architect, racconterà come affrontare le nuovissime tendenze delle Architetture Applicative in Cloud con lo spirito pionieristico di chi ha conosciuto l'informatica grazie al Commodor 64
Secure Development of Android App sometimes requires the use of third party libraries and external frameworks, often expensive or hard to quickly update if vulnerable.The Android SDK and Google Play Services provide security features and services, that allows a developer to take advantage of security enhancements in order to increase the security level of an application.The talk, starting from real common threats, will show how some of these features can be used into the different versions of Android, until the newest Nougat, to mitigate security risks that could afflict a mobile application.
A brief Consulthink S.p.A. Overview:
An ICT consulting company specialized in design and implementation of complex application systems and complete solutions in security and networking environments
Founded in 2004
Has always enjoyed steady growth in terms of revenue and employees
Markets ranging from Government to Public Utilities, as well as TLC operators.
Scenari introduzione Application Service Governance in AziendaConsulthinkspa
La visione Consulthink per la selezione di un'infrastruttura abilitante per l'IT di un'Azienda per la realizzazione della "Application Service Governance",
attraverso un'analisi di mercato e la realizzazione di PoC personalizzate .
Descrizione delle principali tecnologie abilitanti alla gestione dei Big Data, con particolare attenzione all’ecosistema che gravita intorno al framework Hadoop di Apache.
Breve seminario tenuto da Pasquale Camastra Responsabile Consulthink della
BU Sviluppo Software e Qualità
(it.linkedin.com/in/pasqualecamastra) su un metodo da adottare per lo sviluppo di Software di Qualità da applicare ad approcci, tecniche e contesti diversi.
Nella presentazione vengono introdotte le tematiche inerenti alla conservazione sicura e protetta del materiale crittografico utilizzato da un’applicazione (per il salvataggio cifrato dei dati, autenticazione con il backend, ecc).
Si prosegue poi con la descrizione di alcune delle tecniche e delle metodologie di Key Management disponibili nelle varie versioni di Android.
Il CodeLab al GDG DevFest si è svolto alternando sessioni teoriche a sessioni pratiche di coding.
Prevenzione degli attacchi informatici che coinvolgono dati sensibili aziendaliConsulthinkspa
I recenti fatti di cronaca ci ricordano la necessità di proteggere in maniera adeguata gli asset più importanti per la sopravvivenza stessa di un'organizzazione: i dati e le piattaforme applicative che ne consentono la fruizione. La capacità di salvaguardare tali valori, di garantirne la massima utilizzabilità e di implementare adeguate misure di monitoraggio ed audit sono sempre più i fattori che contraddistinguono un'organizzazione di successo, e che ambisce a rimanere tale, dai sui competitor: prepararsi adeguatamente per mettere al sicuro i propri dati da eventi imprevisti e per garantire i livelli di compliance previsti dalle leggi e dalle regolamentazioni di settore è diventata oggi un’attività vitale per qualunque organizzazione.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
4. Enterprise Mobile Management
DroidCon IT 2015 - Android Lollipop For Enterprise 4
Enterprise Mobile Trends
Gartner Market Statistics Forecast:
PCs, Ultramobiles and Mobile Phones Worldwide, 2011-2018, 4Q14 Update
5. Enterprise Mobile Management
● Secure Environment
○ SELinux
● Device Protection
○ Smart Lock
○ "Kill Switch"
● Device Management
○ Device Administration API
○ Device Owner
● Security Container
○ Managed Profile
○ App Restrictions
● Data Encryption
DroidCon IT 2015 - Android Lollipop For Enterprise 5
Lollipop for Enteprise
7. ● Introduced in Android 4.3 to enforce the existing Discretionary
Access Control (DAC) for application sandboxing (UID,GID)
● Provides Mandatory Access Control (MAC) over all processes at kernel
level
● Allows to define fine-grained security policies
● Main security features:
○ Better system service restriction and protection
○ Improved access control to application data and system logs
○ Reduce effects of malicious software
○ User protection from potential flaws in mobile application
SELinux
DroidCon IT 2015 - Android Lollipop For Enterprise 7
Security-Enhanced Linux in Android
"This new layer provides additional protection against potential security vulnerabilities
by reducing exposure of system functionality to applications"
Google Report Android Security 2014 Year in Review
8. SELinux
● Three core elements:
○ Subject: Agent that perform actions on objects (processes or groups of processes
referred as domains)
○ Action: The operation to perform
○ Object: OS-level resources managed by the kernel (file, socket)
● Processes, Sockets and Files have a label or security context:
○ username:role:type:mls_level
■ username is always u
■ role is r for domains, object_r for objects
■ type refers to the domain or to the object logic type
■ mls_level is always s0
DroidCon IT 2015 - Android Lollipop For Enterprise 8
Concepts
9. SELinux
username:role:type:mls_level
○ username is always u
○ role is r for domains, object_r for objects
○ type refers to the domain or to the object logical type
○ mls_level is always s0
DroidCon IT 2015 - Android Lollipop For Enterprise 9
Concepts
SUBJECT
OBJECT
10. Lollipop Enhancements
SELinux
● SELinux mode:
○ Permissive: permission denials are logged but not enforced
○ Enforcing: permission denials are both logged and enforced
DroidCon IT 2015 - Android Lollipop For Enterprise 10
Android 4.3
Permissive
Android 4.4
Partial
Enforcing
Android 5.x
Full
Enforcing
... limited set of crucial domains
(installd, netd, vold and zygote)...
...to everything (more than
60 domains)...
12. Smart Lock
● Disable device lockscreen in "trusted condition"
● Based on Trust Agent:
○ "A service that notifies the system about whether it
believes the environment of the device to be trusted"
○ Requires signatureOrSystem permission
○ Can be disabled by Device Administrator
[KEYGUARD_DISABLE_TRUST_AGENTS]
DroidCon IT 2015 - Android Lollipop For Enterprise 12
Trust Agent
http://nelenkov.
blogspot.
it/2014/12/dissecting
-lollipops-smart-
lock.html
lollipop/frameworks/base/core/res/AndroidManifest.xml
13. Smart Lock
● Trust Agent provided by Google Play Services
● Device Unlocked methods:
○ Trusted bluetooth connected devices
○ Trusted places
○ Trusted face
○ On Body Detection
● Temporary unlock is disabled:
○ After 4 hours of inactivity
○ Device Reboot/Shutdown
DroidCon IT 2015 - Android Lollipop For Enterprise 13
Some Details
14. Android Lollipop for Enterprise
Device Protection
Corso Poste
Sicurezza Android 14
15. Device Protection
● "You can set up your device to prevent other
people from using it if it's been reset to factory
settings without your permission"
● Introduced in Android 5.1
● Actually works only on Nexus 6 and Nexus 9
● Requires:
○ Screen Lock enabled
○ Default Google account
○ "OEM Unlocking" disabled in Settings ->
Developer Options
● Needs to wait 72 hours after changing
password to reset the device
DroidCon IT 2015 - Android Lollipop For Enterprise 15
"Kill Switch" Factory Reset
16. Device Protection
● PersistentDataBlockService write on the partition defined by ro.frp.pst:
○ The OEM Unlocking setting (bit)
○ Write Block Checksum (SHA-256)
DroidCon IT 2015 - Android Lollipop For Enterprise 16
OEM Unlocking
PersistentDataBlockService
18. Device Administration API
● Introduced in Android 2.2 Froyo (API 8)
● Allows to enforce security policy on
device
● Enterprise Oriented
● Vendor Customization
○ Samsung KNOX
○ LG Gate
● Used by Device Admin Application
DroidCon IT 2015 - Android Lollipop For Enterprise 18
Intro
19. Device Administration API
● Must be explicitly enabled in
the device security settings
● Cannot be uninstalled if
active
● Could be controlled by a
remote server (agent)
● Several device admin
applications can be enabled
on a device (strictest policy
among all applications is
active)
DroidCon IT 2015 - Android Lollipop For Enterprise 19
Device Admin Application
20. Device Administration API
DroidCon IT 2015 - Android Lollipop For Enterprise 20
Main Features
API 8 API 9 API 11 API 14 API 17 API 21 API 22
Enforce Password Policy
Watch User Login
Reset Password
Lock and Wipe Device
Set Max Failed Password For Wipe
Set Max Time To Lock Device
Wipe SDCard
Force Device
Encryption
Disable
Camera
Disable
Keyguard
Managed Profile
Global Settings
NFC Provisioning
Wipe Factory
Protection
22. Device Administration API
● Main Admin Application component
DroidCon IT 2015 - Android Lollipop For Enterprise 22
DeviceAdminReceiver
Required to ensure that only the system can interact with the receiver
Primary ACTION that the receiver must handle
Policy
Declaration
25. Device Administration API
● Public Interface for managing policies on device
● Requires Device Administration rights enabled
● Main methods:
○ isAdminActive(ComponentName who)
○ setPasswordQuality(ComponentName admin, int quality)
○ resetPassword(String password, int flags)
○ lockNow()
○ wipeData(int flags)
○ setCameraDisabled(ComponentName admin, boolean disabled)
○ setStorageEncryption(ComponentName admin, boolean encrypt)
DroidCon IT 2015 - Android Lollipop For Enterprise 25
DevicePolicyManager
26. Device Administration API
DroidCon IT 2015 - Android Lollipop For Enterprise 26
Device Admin Activation
Implicit Intent for
the system Settings
27. Device Administration API
● "Specialized type of device administrator" with
the additional ability to:
○ Add/Remove User
○ Modify Global settings
○ Set Application Restrictions
○ Wipe Factory Protection
● Typically used for company device
● Introduced in Android Lollipop (API 21)
● Only one device owner can be active at a time
● Cannot be disabled or removed
● Requires Device Encryption
● Deployed and activated via NFC
DroidCon IT 2015 - Android Lollipop For Enterprise 27
Device Owner
28. Device Administration API
● Via NFC NDEF Record with MIME Type
MIME_TYPE_PROVISIONING_NFC and with properties:
DroidCon IT 2015 - Android Lollipop For Enterprise 28
Device Owner Deploy
REQUIRED
CHECKSUM
A String extra holding the SHA-1 checksum of the
file at download location specified in
EXTRA_PROVISIONING_DEVICE_ADMIN_PA
CKAGE_DOWNLOAD_LOCATION. If this
doesn't match the file at the download location an
error will be shown to the user and the user will
be asked to factory reset the device.
cat app-debug.apk | openssl dgst -binary -sha1 | openssl base64 | tr '+/' '-_' | tr -d '='
29. Device Administration API
● Device should not be provisioned
Settings.Global.DEVICE_PROVISIONED = 0
● Encrypted phone required
● "If provisioning fails, the device is factory
reset"
DroidCon IT 2015 - Android Lollipop For Enterprise 29
Device Owner Activation
31. Managed Profile
● New security feature for enterprise “managed profile”
● Available since Android Lollipop (API 21)
● Using managed profile the enterprise could define a controlled domain
on the user's device to run controlled application
● The application inside the new managed profile can be configured with
policy to interact or not with other apps on device
● Samsung KNOX functionality has been integrated into Android
DroidCon IT 2015 - Android Lollipop For Enterprise 31
Introduction
32. Managed Profile
● A Technology platform for:
○ Business protection, and
○ Personal Privacy
● Google and Samsung has
designed the new Enterprise API
around three major concepts:
○ Device and data security
○ Support for IT policies and
restrictions
○ Mobile application management
● It has been introduced into
Android Lollipop
DroidCon IT 2015 - Android Lollipop For Enterprise 32
KNOX Framework
33. Managed Profile
● A device administration component
○ A broadcast receiver that extends “DeviceAdminReceiver”
● AndroidManifest with a receiver:
○ The BIND_DEVICE_ADMIN permission
○ Respond, by intent-filetr, to the ACTION_DEVICE_ADMIN_ENABLED intent
○ A declaration of security policies used in metadata
● An intent to start the managed profile provisioning process:
○ ACTION_PROVISION_MANAGED_PROFILE action
○ An extra with the application package
● Override onProfileProvisioningComplete callback method to verify all is
OK
● Enable the new managed profile
DroidCon IT 2015 - Android Lollipop For Enterprise 33
Have to use...
34. Managed Profile
● BasicDeviceAdminReceiver component
DroidCon IT 2015 - Android Lollipop For Enterprise 34
Broadcast Receiver
BroadcastReceiver of our
provisioner application
Callback method will be
called when the system
send
ACTION_DEVICE_ADMI
N_ENABLED. The new
profile is installed but not
yet enabled
35. Managed Profile
● AndroidManifest.xml declaration
DroidCon IT 2015 - Android Lollipop For Enterprise 35
AndroidManifest
To avoid abuse by other
applications
Intercepted when the
Managed Profile has
successfully installed
Policy declaration
36. Managed Profile
DroidCon IT 2015 - Android Lollipop For Enterprise 36
Activation
Intent to start the setup
(Defined in the
DevicePolicyManager.java)
● Start the Managed Profile provisioning
The Application package
name as additional
information
Verify there is an activity that
resolves intent
(ManagedProvisonActivity)
Start activity by intent
37. ● The new Managed profile has to be enabled
Managed Profile
DroidCon IT 2015 - Android Lollipop For Enterprise 37
Enable the new profile
Enable the managed
profile
Set name for new
profile
38. Managed Profile
DroidCon IT 2015 - Android Lollipop For Enterprise 38
Managed profile activated
● New Accounts associated to the new
managed profile (Settings->Accounts)
● The admin profile (Work) for the new
Managed Profile (Settings->Security-
>Device administrators)
● The applications into new Managed Profile
are badged
40. Managed Profile
DroidCon IT 2015 - Android Lollipop For Enterprise 40
Enable Application
● Add new application into Managed Profile
Add the application by
package name via
DevicePolicyManager
Get info
about app
Get reference at
packageManager and
DevicePolicyManager
41. Managed Profile
DroidCon IT 2015 - Android Lollipop For Enterprise 41
Hide Application
● During the life of Managed Profile the application could be hidden
specyfing the app package name
○ Only if the application is already installed
we can hide
application
true to hide and false to un-hide
42. Managed Profile
● Enable and disable Intent forwarding between private account and
managed profile
DroidCon IT 2015 - Android Lollipop For Enterprise 42
Cross Intent
Enable with and
disable intent
between profiles
Share some
content
44. Managed Profile
DroidCon IT 2015 - Android Lollipop For Enterprise 44
App restrictions
Configure some
bookmarks
Disable anonymous
navigation
Block www.example.
com
Configure search
engine
45. Managed Profile
● Application has to define a file restriction and declare it into Manifest file
DroidCon IT 2015 - Android Lollipop For Enterprise 45
Define App Restrictions
● Defines the restriction item into app_restriction.xml file
Declare external
resource for
restrictions
restriction
element with key
and type of value
46. Managed Profile
● Check current application’s restrictions
DroidCon IT 2015 - Android Lollipop For Enterprise 46
Check app restrictions
get current
restrictions
get reference to
RestrictionManager
search restriction
by key to take the
appropriate action
47. Managed Profile
● Set application restriction via DevicePolicyManager
DroidCon IT 2015 - Android Lollipop For Enterprise 47
Set app restrictions
Builds a bundle
with value for
restriction
Apply application restriction with
method setApplicationRestrictions
49. Data Encryption
● Encryption is the process of encoding user data on an Android device
using an encrypted key
● New feature on Android 5.0:
○ Fast encryption (only used blocks are encrypted on data partition)
○ forceencrypt flag to encrypt on first boot (Mandatory encryption at first boot)
○ Support for encryption without password
○ Hardware-backed storage of encryption key using Trusted Execution Environment
● Android introduced Disk encryption in Android version 3.0 and it has
been available in all subsequent versions
● New key derivation function scrypt
DroidCon IT 2015 - Android Lollipop For Enterprise 49
Some info
50. Data Encryption
● Android disk encryption is based on dm-crypt (also
used in Linux)
● Use a randomly 128-bit key with AES in CBC mode
○ CBC requires an inizialization vector IV
○ Android uses the encrypted salt-sector initialization vector
(ESSIV) method with the SHA-256 hash algorithm (ESSIV:
SHA256)
○ SHA256 is used to derive a key s from disk encryption key
K called salt
○ Use the salt as encryption key to encrypt sector number
SN of each sector to produce a per-sector IV
○ IV(SN)=AES-s(SN) where s=SHA256(K)
DroidCon IT 2015 - Android Lollipop For Enterprise 50
How works
51. Data Encryption
● The master key is encrypted with 128-bit AES
● In Android 5.0 release, four encryption states:
○ default,PIN,Password,Pattern
● Upon first boot the device creates a randomly generated
128-bit master key and then hashes it with a default
password and stored salt (default_password)
● The hash is signed through a TEE, that uses hash to
encrypt the master key
● When the user sets the PIN/pass or password on the
device, only the 128-bit key is re-encrypted and stored
DroidCon IT 2015 - Android Lollipop For Enterprise 51
How works
52. Data Encryption
DroidCon IT 2015 - Android Lollipop For Enterprise 52
Securing disk encryption key
When user set
PIN/PASSWORD/P
ATTERN another
key K1 is choosen to
encrypt disk
encryption key K