The document discusses porting TOMOYO Linux, a MAC implementation for Linux, to the Android platform. It describes patching the Android kernel with the TOMOYO patch, adapting the TOMOYO policy tools for embedded use, and integrating a TOMOYO policy loader into the Android boot process. Key challenges addressed include splitting security domains given Android's "fork vs exec" app launching approach and using TOMOYO's conditional ACLs to work with Android's existing DAC permissions. A demo is provided of remote management of Android policies using the TOMOYO tools.
Demian Neidetcher's presentation to the Denver Open Source Users Group on the Android mobile phone platform. Full details and source code available at http://neidetcher.com/android.html
Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)Toshiharu Harada, Ph.D
TOMOYO Linux is a MAC (Mandatory Access Control) implementation which gives support to protect Linux systems as well as to learn, understand and analyze system behavior. Being lightweight, it results suitable for embedded systems too. This tutorial aims to show in a practical way how to make the best use of TOMOYO Linux potentials in order to study and protect embedded Linux systems, taking Android as a specific study case. Though Android is amazingly expanding its target to various kinds of devices, it was designed mainly for mobile phones. Then, unlike other embedded operating systems, it presents some peculiar characteristics which require a particular attention to apply MAC effectively. The session is directed to those who want to learn how to use TOMOYO Linux, to managers or developers interested in security concerning embedded Linux and Android, and even to anyone just wishing to take a closer glance at Android internals.
The document discusses the Dalvik virtual machine (VM) used in Android. It begins by explaining what a VM is and the basic parts that make up a VM. It then discusses the differences between stack-based and register-based VMs, noting that Dalvik uses a register-based architecture. The document explains that Dalvik was chosen for Android because it executes instructions more efficiently than Java VM and requires less memory. It also discusses just-in-time (JIT) compilation techniques used to improve performance of interpreted code. Specifically, Dalvik uses a trace JIT that compiles short sequences of instructions to optimize mobile performance.
Inside Android's Dalvik VM - NEJUG Nov 2011Doug Hawkins
In this presentation, Doug Hawkins will discuss how the Dalvik VM is different from traditional Java VMs and the motivations behind those differences. Along the way, you'll learn about Android's service architecture, Dalvik's byte code format, and the surprising details of how Android installs, launches, and executes applications.
This presentation covers the working model about Process, Thread, system call, Memory operations, Binder IPC, and interactions with Android frameworks.
Android is NOT just 'Java on Linux'.
Android uses Linux kernel. But only kernel. I show you how different Android is from normal Linux systems.
Visit this page.
http://kobablog.wordpress.com/2011/05/22/android-is-not-just-java-on-linux/
Demian Neidetcher's presentation to the Denver Open Source Users Group on the Android mobile phone platform. Full details and source code available at http://neidetcher.com/android.html
Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)Toshiharu Harada, Ph.D
TOMOYO Linux is a MAC (Mandatory Access Control) implementation which gives support to protect Linux systems as well as to learn, understand and analyze system behavior. Being lightweight, it results suitable for embedded systems too. This tutorial aims to show in a practical way how to make the best use of TOMOYO Linux potentials in order to study and protect embedded Linux systems, taking Android as a specific study case. Though Android is amazingly expanding its target to various kinds of devices, it was designed mainly for mobile phones. Then, unlike other embedded operating systems, it presents some peculiar characteristics which require a particular attention to apply MAC effectively. The session is directed to those who want to learn how to use TOMOYO Linux, to managers or developers interested in security concerning embedded Linux and Android, and even to anyone just wishing to take a closer glance at Android internals.
The document discusses the Dalvik virtual machine (VM) used in Android. It begins by explaining what a VM is and the basic parts that make up a VM. It then discusses the differences between stack-based and register-based VMs, noting that Dalvik uses a register-based architecture. The document explains that Dalvik was chosen for Android because it executes instructions more efficiently than Java VM and requires less memory. It also discusses just-in-time (JIT) compilation techniques used to improve performance of interpreted code. Specifically, Dalvik uses a trace JIT that compiles short sequences of instructions to optimize mobile performance.
Inside Android's Dalvik VM - NEJUG Nov 2011Doug Hawkins
In this presentation, Doug Hawkins will discuss how the Dalvik VM is different from traditional Java VMs and the motivations behind those differences. Along the way, you'll learn about Android's service architecture, Dalvik's byte code format, and the surprising details of how Android installs, launches, and executes applications.
This presentation covers the working model about Process, Thread, system call, Memory operations, Binder IPC, and interactions with Android frameworks.
Android is NOT just 'Java on Linux'.
Android uses Linux kernel. But only kernel. I show you how different Android is from normal Linux systems.
Visit this page.
http://kobablog.wordpress.com/2011/05/22/android-is-not-just-java-on-linux/
The document discusses LLVM and its use in building programming language compilers and runtimes. It provides an overview of LLVM, including its core components like its intermediate representation (IR), optimizations, and code generation capabilities. It also discusses how LLVM is used in various applications like Android, browsers, and graphics processing. Examples are given of using Clang and LLVM to compile and run a simple C program.
Android graphic system (SurfaceFlinger) : Design Pattern's perspectiveBin Chen
SurfaceFlinger is a vital system service in Android system, responsible for the composting all the application and system layer and displaying them. In this slide,we looked in detail how surfaceFlinger was designed from Design Pattern's perspective.
Presentation at Android Builders Summit 2012.
Based on the experience of working with ODM companies and SoC vendors, this session would discuss how to figure out the performance hotspot of certain Android devices and then improve in various areas including graphics and boot time. This session consists of the detailed components which seem to be independent from each other in traditional view. However, the situation changes a lot in Android system view since everything is coupled in a mass. Three frequently mentioned items in Android engineering are selected as the entry points: 2D/3D graphics, runtime, and boot time. Audience: Developers who work on Android system integration and platform enablement.
Linaro's mission is to make it easier and quicker for ARM partners to deploy the latest technology into optimized Linux based products. This presentation covers the basic work from Linaro Android platform team.
The document discusses operating system security and introduces TOMOYO Linux as an access control mechanism for Linux that can restrict administrator privileges and limit the damage caused by stolen devices or exploited vulnerabilities. It explains that TOMOYO Linux tracks process executions to generate security policies and allows administrators to view process histories to define access control rules. The presentation also provides an overview of SELinux and concludes with an announcement of a demonstration of TOMOYO Linux's policy learning mode capabilities.
The document discusses and compares Dalvik VM and Java VM. It states that Dalvik VM is used in Android and executes optimized .dex files and Dalvik bytecodes, while Java VM executes .class files. It also mentions that Dalvik VM uses register-based architecture while Java VM uses stack-based architecture. The document further discusses advantages of Dalvik VM like minimal memory footprint and how .class files are converted to .dex files. It provides comparisons between key aspects of both VMs.
Binder IPC allows processes to communicate by sharing common interface definitions. A client obtains a local proxy object and invokes methods which are translated to calls on a remote service object via the binder driver. Services register with the ServiceManager and clients obtain remote service objects by name. Calls involve parceling requests into ioctl calls between proxy helpers and remote helpers.
In this presentation, the unaware or indirect applications of essential computer science concepts are dicussed as showcase. Jim Huang presented in Department of Computer Science and Engineering, National Taiwan University.
Presentation at FreedomHEC 2012 Conference. 0xlab extends DMTCP (Distributed Multi-Threaded CheckPointing) to enable Android checkpointing, which leads to resume to stored state for faster Android boot time and make better product field trial experience.
This document discusses using GDB to relearn C programming. It provides background on using GDB to debug a simple embedded Ajax system called eServ. Key steps outlined include downloading and compiling eServ, using basic GDB commands like run, break, list, and next to observe the program's execution and set breakpoints. The goal is to analyze the system and gain skills in UNIX system programming development.
The document discusses developing a community-based Android distribution and upstreaming experience. It describes building an enhanced Android distribution called 0xdroid to address performance and usability issues encountered in the Android Open Source Project (AOSP). The goals are to contribute improvements back to AOSP and other community projects like CyanogenMod and Android-x86. Key aspects covered include hardware enablement, usability fixes, performance optimizations, new features, and strategies for submitting changes upstream.
Linux uses /proc/iomem as a "Rosetta Stone" to establish relationships between software and hardware. /proc/iomem maps physical memory addresses to devices, similar to how the Rosetta Stone helped map Egyptian hieroglyphs to Greek and decode ancient Egyptian texts. This virtual file allows the kernel to interface with devices by providing address translations between physical and virtual memory spaces.
The document discusses how Java code runs on the Android operating system without requiring a Java runtime environment. It explains that Android uses its own virtual machine called Dalvik, which was developed based on the Apache Harmony project. Dalvik converts Java bytecode into a .dex file format and then interprets the dex files instead of using a standard Java virtual machine. This allows Android to run Java code in its own customized way without infringing on Java's intellectual property.
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Jérôme Petazzoni
Containers, Docker, and Security: State of the Union
This document discusses the past, present, and future of container security with Docker. It summarizes that container isolation used to be a major concern but improvements have been made through finer-grained permissions and immutable containers. Image provenance is now a bigger issue but techniques like Docker Content Trust (Notary) help address it. Defense in depth with both containers and VMs is recommended. The security of containers continues to improve through practices like better upgrades, security benchmarks, and policies.
(1) Pick up one Android phone and discover its internals
(2) Learn how to select the "weapons" to fight with
Android system facilities
(3) Skipping Java parts, we focus on the native area:
dynamic linking, processes, debugger, memory
layout, IPC, and interactions with frameworks.
(4) It is not comprehensive to familarize Android. The
goal is to utilize Android platforms, which are the
popular and powerful development devices to us.
Android. behind the scenes_programatica 2012Agora Group
The document provides an overview of the Android initialization process and application launch sequence. It discusses how QEMU can be used to emulate Android applications on x86 platforms by intercepting forks or running a second emulated zygote process. It also describes the init system and init.rc file that starts core system services like ril-daemon, zygote, and media server. Finally, it outlines the steps involved in an application launch, from the activity manager sending an intent to the launched activity's onCreate() method being called.
Google released the Android mobile operating system in 2007. Android is an open source software stack that includes an operating system, middleware and key applications. It uses the Linux kernel and is developed using the Java programming language. The Android software architecture includes components like the Dalvik virtual machine, application framework, libraries and core applications. Developers can create applications using the Android SDK that will run within the Android environment on mobile devices.
The document discusses LLVM and its use in building programming language compilers and runtimes. It provides an overview of LLVM, including its core components like its intermediate representation (IR), optimizations, and code generation capabilities. It also discusses how LLVM is used in various applications like Android, browsers, and graphics processing. Examples are given of using Clang and LLVM to compile and run a simple C program.
Android graphic system (SurfaceFlinger) : Design Pattern's perspectiveBin Chen
SurfaceFlinger is a vital system service in Android system, responsible for the composting all the application and system layer and displaying them. In this slide,we looked in detail how surfaceFlinger was designed from Design Pattern's perspective.
Presentation at Android Builders Summit 2012.
Based on the experience of working with ODM companies and SoC vendors, this session would discuss how to figure out the performance hotspot of certain Android devices and then improve in various areas including graphics and boot time. This session consists of the detailed components which seem to be independent from each other in traditional view. However, the situation changes a lot in Android system view since everything is coupled in a mass. Three frequently mentioned items in Android engineering are selected as the entry points: 2D/3D graphics, runtime, and boot time. Audience: Developers who work on Android system integration and platform enablement.
Linaro's mission is to make it easier and quicker for ARM partners to deploy the latest technology into optimized Linux based products. This presentation covers the basic work from Linaro Android platform team.
The document discusses operating system security and introduces TOMOYO Linux as an access control mechanism for Linux that can restrict administrator privileges and limit the damage caused by stolen devices or exploited vulnerabilities. It explains that TOMOYO Linux tracks process executions to generate security policies and allows administrators to view process histories to define access control rules. The presentation also provides an overview of SELinux and concludes with an announcement of a demonstration of TOMOYO Linux's policy learning mode capabilities.
The document discusses and compares Dalvik VM and Java VM. It states that Dalvik VM is used in Android and executes optimized .dex files and Dalvik bytecodes, while Java VM executes .class files. It also mentions that Dalvik VM uses register-based architecture while Java VM uses stack-based architecture. The document further discusses advantages of Dalvik VM like minimal memory footprint and how .class files are converted to .dex files. It provides comparisons between key aspects of both VMs.
Binder IPC allows processes to communicate by sharing common interface definitions. A client obtains a local proxy object and invokes methods which are translated to calls on a remote service object via the binder driver. Services register with the ServiceManager and clients obtain remote service objects by name. Calls involve parceling requests into ioctl calls between proxy helpers and remote helpers.
In this presentation, the unaware or indirect applications of essential computer science concepts are dicussed as showcase. Jim Huang presented in Department of Computer Science and Engineering, National Taiwan University.
Presentation at FreedomHEC 2012 Conference. 0xlab extends DMTCP (Distributed Multi-Threaded CheckPointing) to enable Android checkpointing, which leads to resume to stored state for faster Android boot time and make better product field trial experience.
This document discusses using GDB to relearn C programming. It provides background on using GDB to debug a simple embedded Ajax system called eServ. Key steps outlined include downloading and compiling eServ, using basic GDB commands like run, break, list, and next to observe the program's execution and set breakpoints. The goal is to analyze the system and gain skills in UNIX system programming development.
The document discusses developing a community-based Android distribution and upstreaming experience. It describes building an enhanced Android distribution called 0xdroid to address performance and usability issues encountered in the Android Open Source Project (AOSP). The goals are to contribute improvements back to AOSP and other community projects like CyanogenMod and Android-x86. Key aspects covered include hardware enablement, usability fixes, performance optimizations, new features, and strategies for submitting changes upstream.
Linux uses /proc/iomem as a "Rosetta Stone" to establish relationships between software and hardware. /proc/iomem maps physical memory addresses to devices, similar to how the Rosetta Stone helped map Egyptian hieroglyphs to Greek and decode ancient Egyptian texts. This virtual file allows the kernel to interface with devices by providing address translations between physical and virtual memory spaces.
The document discusses how Java code runs on the Android operating system without requiring a Java runtime environment. It explains that Android uses its own virtual machine called Dalvik, which was developed based on the Apache Harmony project. Dalvik converts Java bytecode into a .dex file format and then interprets the dex files instead of using a standard Java virtual machine. This allows Android to run Java code in its own customized way without infringing on Java's intellectual property.
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Jérôme Petazzoni
Containers, Docker, and Security: State of the Union
This document discusses the past, present, and future of container security with Docker. It summarizes that container isolation used to be a major concern but improvements have been made through finer-grained permissions and immutable containers. Image provenance is now a bigger issue but techniques like Docker Content Trust (Notary) help address it. Defense in depth with both containers and VMs is recommended. The security of containers continues to improve through practices like better upgrades, security benchmarks, and policies.
(1) Pick up one Android phone and discover its internals
(2) Learn how to select the "weapons" to fight with
Android system facilities
(3) Skipping Java parts, we focus on the native area:
dynamic linking, processes, debugger, memory
layout, IPC, and interactions with frameworks.
(4) It is not comprehensive to familarize Android. The
goal is to utilize Android platforms, which are the
popular and powerful development devices to us.
Android. behind the scenes_programatica 2012Agora Group
The document provides an overview of the Android initialization process and application launch sequence. It discusses how QEMU can be used to emulate Android applications on x86 platforms by intercepting forks or running a second emulated zygote process. It also describes the init system and init.rc file that starts core system services like ril-daemon, zygote, and media server. Finally, it outlines the steps involved in an application launch, from the activity manager sending an intent to the launched activity's onCreate() method being called.
Google released the Android mobile operating system in 2007. Android is an open source software stack that includes an operating system, middleware and key applications. It uses the Linux kernel and is developed using the Java programming language. The Android software architecture includes components like the Dalvik virtual machine, application framework, libraries and core applications. Developers can create applications using the Android SDK that will run within the Android environment on mobile devices.
Eclispe daytoulouse combining the power of eclipse with android_fr_1024_768_s...Mathias Seguy
Cette présentation a été donnée à l'Eclipse Day Toulouse 2012 par Android2EE - Mathias Seguy (1/2h).
L’objectif est de présenter l'utilisation du plugin Android pour eclipse, en particulier la Vue DDMS. Cette présentation se finit par la mise en place de la chasse d'une fuite mémoire dans un programme Android avec l'utilisation du Heap dump et du plugin MAT d'eclipse (Memory analysis Tool).
Cette présentation est une présentation d’Android2EE, entreprise spécialisée dans l’expertise, le consulting et la formation Android. Vous souhaitez apprendre la programmation Android, Android2EE vous accompagne au-travers ses EBooks ou ses formations.
Laissez moi vous raconter mon histoire concernant cette entreprise. En 2010, je me suis penché sur la technologie Android, j’ai écrit trois EBooks sur l’art de la programmation Android (disponible sur Android2EE). J’ai quitté ma précédente entreprise et j’ai créé l’entreprise Android2EE (Android To Enterprise Edition) dont l’objectif est la formation, l’expertise et le consulting Android. J’ai quelques contrats en tant que consultant et aussi en tant que formateur. J’ai monté un ensemble de formations Android pour les entreprises:
Formation Initiale : Devenir autonome (3j).
Formation Approfondissement (2j).
Formation Spécificité Tablette et Graphisme(2j).
Formation Applications complexes (2j).
Formation chef de projet - responsable technique (1j).
Formation Mutlimédia (2j).
Formation sur mesure (2 à 3j).
Je pratique ces formations en donnant des cours dans les universités et les écoles d’ingénieurs de Toulouse ainsi que dans de grandes conférences Java:
CESI-EXIA, EPITECH, Sup-Info, IUP ISI, InfoSup, IUP SI, IUP ISI, IngeSup, INSA
Et bien sûr: Devoxx France (LA conférence Java française de 2012), Mercredi 18 Avril 2012,
Et
JCertif Afrique 2012 (LA conférence Java du continent Africain) Septembre 2012 Conférence et Cours
Enfin, j’ai investi l’espace numérique, voici quelques uns des ces sites:
http://www.android2ee.com/
http://mathias-seguy.developpez.com/
http://blog.developpez.com/android2ee-mathias-seguy/
http://android2ee.blogspot.com/
La critique de mon livre « Android A Complete course » par developpez.com (dont je ne suis pas peu fier, quand même):
http://android.developpez.com/livres/#L9791090388000
J’ai des articles sur Developpez.com concernant Android.
Ah oui, j’oubliais, mon cv se trouve ici (si jamais) : http://mathias-seguy.developpez.com/MathiasSeguyCV201106/
Rococo Software is a leading provider of Java/Bluetooth products and services. It founded in 2000 and has 10 employees. Its main products are an Impronto Simulator for developing Bluetooth apps without hardware, an Impronto Development Kit for deploying apps to devices, and an Impronto Technology Licensing Kit for manufacturers. Rococo was involved in defining the JABWT/JSR-82 Java Bluetooth API standard and its products support this standard.
BP207 - Meet the Java Application Server You Already Own – IBM DominoSerdar Basegmez
This document discusses preparing the runtime and development environments for DOTS (Domino OSGi Tasklet Service) on IBM Domino. It describes copying necessary JAR files and executable files to directories within the Domino program folder to prepare the runtime environment. It also mentions that the Eclipse IDE is needed for developing DOTS tasklets as OSGi bundles, and steps will be provided for configuring Eclipse to develop plugins that can run on the Domino OSGi environment.
In this presentation, Jeremy Schulman provides a deep dive into the integration between Puppet and Junos. Included is an overview of how they work together to simplify network management, and it also includes configurations for operators to leverage.
Video automation testing is important at Skype. Continuous integration helps build, test, and provide feedback continuously across different platforms. Unit, component, and system tests are written by both developers and quality engineers. Cross-platform testing utilizes a CI team and framework to run tests on various devices and analyze results. Non-functional requirements like quality metrics are also tested and evaluated to ensure the best possible video call quality.
Video automation testing is important at Skype. Continuous integration helps build, test, and provide feedback continuously across different platforms. Unit, component, and system tests are written by both developers and quality engineers. Cross-platform testing utilizes a CI team and framework to run tests on various devices and analyze results. Non-functional requirements like quality metrics are also tested and evaluated to ensure the best possible video call quality.
Nokia Qt SDK in action - Qt developer days 2010Nokia
Presentation for Qt developer days 2010 in Munich covering the details of using Nokia Qt SDK and publishing the applications to Ovi store. Focusing on Symbian but covering the current status of maemo. Explains the Ovi Store Symbian Signing Service.
Vayavya Labs is a company that develops system level design tools and provides embedded design services. It has created DDGEN, the world's first automated device driver generator, which can significantly reduce the cost and efforts required for device driver development. DDGEN takes hardware specification files as input and generates fully functional device drivers and test code. It supports a range of device complexities and operating systems. Pilot results found DDGEN provided close to 200-300% reductions in time and effort for driver development.
ITECH Kenya presentation on OpenMRS Developers Forumdjazayeri
The document describes the first OpenMRS "Distribution", which is a packaged, pre-configured version of OpenMRS tailored for specific workflows. It includes OpenMRS 1.9, the MVP/CIEL concept dictionary, and modules for metadata sharing, HTML form entry, a UI framework, and the Kenya EMR module. The distribution allows consistent configuration across hundreds of healthcare facilities without needing hundreds of system administrators.
The document discusses new features and updates related to Linux on IBM System z mainframes, including:
- Support for newer Linux distributions and kernel versions.
- Core system improvements like address space randomization and breaking event handling.
- Enhanced I/O and networking features for DASD, FCP, QDIO, OSA, and z/VM integration.
- Tooling updates like performance monitoring and crash dumping support.
- Filesystem additions like CMSFS for z/VM minidisk access and Btrfs/ext4 changes in kernel 3.2.
Qt App Development for Symbian & MeeGo - v3.4.6 (17. January 2012)Andreas Jakl
Learn what Qt is all about, why it is important and what you can do with it! Includes an introduction to the Qt SDK, Qt Quick and the Qt Mobility APIs for development on Symbian and MeeGo Harmattan. Links to further resources help you to get an easy start!
What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...Novell
LUM it or leave it! Join us in this session to explore the inner workings of Linux User Management. You'll learn about the architecture, configuration and implementation of Linux User Management on Novell Open Enterprise Server and SUSE Linux Enterprise Desktop. We'll also cover placement of LUM objects in a tree, services and tree design to enhance performance for LUM-enabled users, and LUM considerations when upgrading from NetWare to Linux.
Deep Dive into WinRT - discover how the Windows Runtime is based on COM, how asynchronous operations work, how language projections enable access from a variety of languages, and what performance considerations are relevant for interoperability.
Quickstart: Qt for Windows, Symbian and Maemo / Meego v2.0.8 (January 10th, 2...Andreas Jakl
Complete instructions on how to set up your development environment to develop using Qt and deploy with one click to Windows, Symbian, Maemo / MeeGo and the Qt Simulator. Based on the Nokia Qt SDK Beta.
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...Ian Choi
The document discusses security in virtualized cloud environments. It describes how traditional security appliances have limitations around cost and bandwidth. The proposed approach uses SDN to control distributed deep packet inspection (DPI) nodes to provide flexible, scalable security as a service. Diagrams show how OpenStack could integrate with SDN and DPI nodes to provide centralized security policy management across virtual machines on multiple compute nodes.
The document discusses the Qt Mobility APIs, which provide functionality for mobile applications to access device sensors, location data, contacts, and messaging. It introduces the Sensor, Location, Contacts, and Messaging APIs, describing their purposes and basic architectures. Code examples are provided for reading sensor data, retrieving location information, and managing contacts.
Jython for embedded software validationPyCon Italia
This document discusses using Jython for embedded software validation. It proposes a runtime plugin model using Jython that allows dynamic code loading and multithreaded execution. This enables extending test automation capabilities and reusable test code. The model is implemented using Jython embedded in Eclipse, providing benefits like cross-platform code and dynamic reloading while avoiding risks of mixed language development.
I've uploaded my own Japanese translation of Jos's speech at Stanford University at http://www.slideshare.net/haradats/youve-got-to-find-what-you-love-jobs-says.
If you treasure the original speech like I do, why don't you make and share your version in your language?
This kit is a LaTeX template including the speech text. All you need is replace "*Your*" with translations and compile.
Enjoy.
Hint:
To adjust the horizontal positions of paragraphs, \baselineskip is handy.
Note:
The original text which has been published at the Stanford University is slightly different from the spoken words. My guess is that Stanford text is based on Job's memo received from Jobs.
My own Japanese translation of the legendary Steven Jobs's speech at the Stanford university.
Browser version available in http://slides.com/haradats/deck#/
この翻訳および文書の作成は、2015年10月23日に芝浦工業大学で行った講義、「人生をより良く生きるためのプレゼンーション入門」の資料として作成したものです。
PDFファイルは下記でダウンロードできます。
http://www11.plala.or.jp/tsh/stanford.pdf
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
This document discusses the advantages and disadvantages of label-based access control versus pathname-based access control. It notes that while label-based access control is robust against changes to pathnames and namespaces, the location and name of a file still have meaning in terms of how the system behaves and provides services. The document argues that restricting pathname changes is important for preventing unintended system behavior and maintaining system availability. It suggests that both label-based and pathname-based access controls are needed and that the LSM should support both.
TOMOYO Linux is an extension of the Linux kernel that adds process tracing capabilities. It automatically stores the "process invocation history" which shows how each process was created. This allows users to browse the entire process tree and see the relationships between running processes. The TOMOYO Linux policy editor provides a command line interface to view the stored process histories on a system and monitor actions caused by each process. TOMOYO Linux can help provide visibility into process activity and is maintained as an open source project with repositories of patched kernels and tools.
This document provides an introduction to securing Linux systems. It begins by explaining the types of exploits that can compromise Linux systems and gain root access. It then discusses how traditional Linux security methods like discretionary access controls (DAC) and firewalls are insufficient to prevent exploits. The document introduces mandatory access controls (MAC) as an enhancement that can restrict what programs are allowed to do even with root privileges. It emphasizes that MAC systems require security policies to define which accesses should be allowed or denied to provide protection while maintaining usability. The goal of secure Linux extensions is to grant necessary access according to policies while rejecting all other access attempts.
This document summarizes the key differences between SELinux and TOMOYO Linux access control systems. SELinux focuses on restricting programs based on security labels, while TOMOYO Linux focuses on restricting programs based on their process invocation history and parameters. The document argues that while label-based access control has limitations in guaranteeing information flow, TOMOYO Linux can help reinforce access control by restricting programs' actions and parameters within the kernel.
This document discusses the TOMOYO Linux access control system. It describes two versions of TOMOYO - version 1.6 which does not use Linux Security Modules (LSM) and version 2.2 which modifies TOMOYO to use LSM. The document then provides examples of how TOMOYO can provide access control based on file/directory names and parameters to address scenarios like restricting file uploads and executions. It argues that while label-based access control controls permissions, name-based controls like TOMOYO can address additional factors around how file contents are processed once in userspace.
The document proposes a method called "login authentication multiplexing" to strengthen login authentication security by enforcing multiple authentications rather than a single authentication. It involves placing extra authentication programs after the initial login that must be passed before accessing protected resources. This approach reduces vulnerabilities, allows flexible policies, and prevents damage until all authentications are passed. Practical issues like restricting shell access and remote access programs are also discussed.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
20240609 QFM020 Irresponsible AI Reading List May 2024
TOMOYO Linux on Android
1. TOMOYO Linux on Android
CE Linux Forum
Japan Technical Jamboree 28
Osaka, 2009/06/12
Giuseppe La Tona
giuseppelatona@gmail.com
Copyright (C) 2009 NTT Data Corporation Android Goodies image is reproduced from work created and shared by Google and
used according to terms described in the Creative Commons 2.5 Attribution License
2. About me…
• Master Degree in Computer Engineering
University of Catania (Italy), 2008
Università degli
– Exchange student in Linköping University (Sweden), 2007 Studi di Catania
• “Vulcanus in Japan” (Sep. 2008 – Aug. 2009)
programme of the EU-Japan Centre for Industrial Cooperation
– Industrial placement-oriented student exchange
– Scholarship offered by EU and Japanese METI
– Japanese language intensive course , cultural activities
– Internship in NTT Data Corporation (R&D)
(January-August 2009)
Learning and experiencing Japanese culture, lifestyle, working way!
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 2
3. About my internship…
• Secure OS group
– TOMOYO Linux project
• R&D:
– Study
• Mandatory Access Control (MAC)
• TOMOYO Linux
– Porting TOMOYO Linux to Android platform
– Analyze TOMOYO and MAC potentials on embedded Linux
Android Robot is reproduced from work created and shared by Google and used
according to terms described in the Creative Commons 2.5 Attribution License
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 3
4. TOMOYO Linux
• MAC implementation for Linux Operating Systems
– pathname-based approach
• It consists of:
– a kernel patch (ccspatch)
– a set of utilities (ccstools), for management and
security policy editing
• TOMOYO Linux 2.2.0 has just been merged in
Linux kernel 2.6.30 (10 June 2009)!
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 4
5. Android overview
• Full software stack for mobile devices
Java
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 5
6. Android kernel
• Linux Kernel 2.6 with some changes
– reduced set of standard Linux utilities ( toolbox)
– no support for glibc ( Bionic libraries)
– no standard IPC ( Binder, specific IPC driver)
– no native windowing system
– optimized Power Management
– Low memory killer, Alarm, Kernel Debugger, etc.
• Android SDK 1.5 r2 (May 2009)
– released with Linux Kernel 2.6.27
– higher versions being developed (2.6.29 is ready)
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 6
7. Android from boot to user (1/2)
adbd
vold (mount)
rild (radio) Runtime
debuggerd
installd init
init
Native Servers
…
Binder
init
init
Daemons servicemanager mediaserver zygote
init
Kernel
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 7
8. Android Runtime: Dalvik and Zygote
• Runtime is made by Java programs running in application
Dalvik: Virtual Machine for mobile devices
– slow CPU, small RAM, no swap space, battery
– Not a JVM, no JIT: only interpreter of DEX Dalvik VM
(optimized bytecode obtained from Java .class)
– Multiple VM instances can run efficiently.
• Zygote process: fork()
zygote
– first instance of Dalvik VM, partially initialized
– load preload classes and resources
to make applications start faster
– is kept always alive in idle state
When an application execution request occurs:
– zygote fork()s to a new process…
• …which loads the requested package
(Biology concept of “zygote”: duplicate, specialize and differentiate)
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 8
9. Android from boot to user (2/2)
service manager
service manager service manager
service manager
System Services Applications
Home
systemserver
Dalvik VM
Dalvik VM
adbd Dalvik VM
Dalvik VM
vold (mount)
registration
rild (radio) GUI
Runtime
debuggerd
installd init
init
Native Servers
… fork()
Binder
init
init
Daemons servicemanager mediaserver zygote
init exec()
fork()
Dalvik
Kernel specialization
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 9
10. Android security model
• Each application runs in its own process
– Runtime in separate instances of Dalvik virtual machine
• Each process is a “secure sandbox”
– Linux Discretionary Access Control (DAC) for file access: all
applications are assigned a unique UID (constant)
• UID for system services are hard-coded
• UID for user packages are progressively assigned at install-time, starting
from uid 10000 (and mapped to app_0, app_1, …); they are saved in a file
are maintained constant during the life of the package on the device.
• Application specific files are saved in /data/data in
separate folders owned by specific UID users
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 10
11. Porting TOMOYO Linux to Android
• Patching Android kernel with TOMOYO patch
• Adapting TOMOYO ccstools for embedded purposes
• Cross-compiling for Android
• Integrating TOMOYO Policy Loader in Android boot
• TOMOYO policy files location
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 11
12. TOMOYO Linux versions
There are 2 main development lines:
- non-LSM (versions 1.6.x)
- provides full functionalities of pathname-based MAC
(MAC for files, network, capabilities…)
- mainline (version 2.2.0)
- uses Linux Security Modules (LSM)
- necessary hooks available from Linux kernel 2.6.29
- subset of MAC functionalities (only for files, so far)
- currently developing the others to use LSM
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 12
13. Patching Android kernel
• TOMOYO Linux 1.6.8 (non-LSM version)
• Emulator (no real Android device available)
Linux kernel version: Goldfish v2.6.29
– “Goldfish” is the given to the ARM architecture
emulated by Android SDK Emulator
• ccspatch 1.6.8 (2009/05/28) for kernel vanilla v2.6.29
TOMOYO Linux
Kernel
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 13
14. Adapting ccstools (1/2)
Since version 1.6.7, ccstools has been enhanced
with Network mode, to support editing policy via TCP
connection
$ ccs-editpolicy <IP>:<port>
In the case of embedded systems, this is more
convenient for developing policies and debugging.
Using the policy editor from the embedded device
is generally not required.
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 14
15. Adapting ccstools (2/2)
Only few utilities are actually useful on the device:
loadpolicy, savepolicy, setprofile, ccstree, make_alias.
Other tools would also need porting C libraries missing
ccstools version for Android:
• Reduced the size and the complexity of these utilities
removing the unnecessary code
• Introducing editpolicy-agent daemon to allow network
mode communication
This ccstools version could actually be suitable for other
embedded Linux systems as well.
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 15
16. Cross-compiling for Android
• C libraries used by Android: Bionic
– no glibc
• Toolchain
– suite of cross-compilers for different architectures
• agcc (Perl script by Andrew Ross http://plausible.org/andy/agcc)
– simple gcc-like front-end to compile C programs for Android
– links Android libraries (needs Android source)
– uses the appropriate cross-compiler from the Android
Toolchain
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 16
17. Modifying Android boot
init
init
Native Servers
Binder
init
init
Daemons servicemanager mediaserver zygote
init
Kernel
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 17
18. Modifying Android boot
It is required in order to:
• start TOMOYO Policy Loader /sbin/ccs-init, via /sbin/ccs-start (*)
• launch agent for editing policy remotely
/sbin/ccs-editpolicy-agent
zygote
mediaserver
Daemons
Daemons
/sbin/ccs-init Editpolicy Agent Daemons servicemanager
3
Policy
Loader
init
2
* 1
TOMOYO Linux
Kernel
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 18
19. TOMOYO policy files location (1/2)
• /data/ccs/ (at the moment)
• /data is…
– …a readwrite partition
– …allowed to be empty at Android boot time
– …supposed to be wiped off if Android device is
reset to factory default state
Not a safe place for security policy files?
– a reset would delete them!
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 19
20. TOMOYO policy files location (2/2)
A possible solution: split policy files for…
• prebuilt firmware applications
in /system readonly partition (i.e. /system/ccs)
• other applications downloaded/installed later
in /data readwrite partition (i.e. /data/ccs)
– application-specific policies could be saved at
application install-time, in /data
– any eventual reset will wipe off those policies, but the
related applications as well.
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 20
21. TOMOYO Linux on Android
• Analyzing Android processes and domains
• Problem of Zygote “fork vs exec” approach
• Splitting domains in Android runtime
• Enforcing policy
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 21
22. Domain transition tree
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 22
23. Process tree
ccs-ccstree: command showing process tree with relative security domains and profiles
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 23
24. Process tree
ccs-ccstree:
servicemanager
init
init
Daemons
mediaserver
zygote service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 24
25. Problem of splitting domains
• The applications are executed with different UID (i.e.: root,
system, app_#, …) and different process name, but…
ps:
service manager
service manager
Applications
System Server
• …they are all fork()ed from app_process!
ccs-ccstree:
Dalvik VM
Dalvik VM
Dalvik VM
fork()
zygote
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 25
26. Problem of splitting domains
• New and unexpected
situation for TOMOYO Linux
• In TOMOYO Linux,
domain transitions occur
after process invocation, that
is execve(), not fork()
Splitting domain
<kernel> /system/bin/app_process
in different domains
according to each single
application is impossible. . . ?
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 26
27. Problem of splitting domains
<kernel> /system/bin/app_process
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 27
28. An example
We want to allow the Browser to connect to Internet.
In this way any process running under “<kernel> /system/app/process”
domain would be allowed to open TCP connection on any IP, port 80.
least-privilege principle violated
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 28
29. Solution
• TOMOYO Linux allows conditional ACL
• Using task UID as a condition, for access grant.
app_1 811 586 132256 31548 ffffffff afe03e4 S com.android.browser
UID=10001
In this way only the task with UID=10001 (browser) will be able to connect
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 29
30. TOMOYO’s MAC and Android DAC
• Android security rule: data files of one application should be
prevented from being accessed by other applications
• This is performed by using DAC permissions, as said before
• TOMOYO can provide with conditional ACL a further insurance
that this rule is respected, especially in cases when:
– DAC permissions are poorly configured
– root process (zygote) would be hijacked
allow_read/write @APP_DATA_FILE if task.uid=path1.uid
allow_unlink @APP_DATA_FILE if task.uid=path1.uid
allow_mkdir @APP_DATA_DIR if task.uid=path1.parent.uid1
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 30
31. TOMOYO’s MAC and Android DAC
• DAC’s ability to restrict by UID has a low granularity: only
“owner”, “group”, “others”.
• TOMOYO, on the other hand, allows minimal and
customizable permissions to any group of specific UIDs.
• Example: users are app_1, app_2, app_3, app_4; some files
owned by app_2 (uid=10002) need to be accessed by app_1
(uid=10001) also, but not by all the “others”.
allow_read/write @SOME_FILES if task.uid=10001-10002
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 31
32. DEMO
• Remote management of Android + TOMOYO Linux
– ccstools
• “<kernel> /system/bin/app_process” domain policy
• Enforcing MAC with conditional ACL
– browser, application data, …
• Support for symbolic links
– toolbox
– makealias
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 32
33. Some numbers
Android kernel +
Android kernel impact
TOMOYO 1.6.8
1,397,200 1,440,616
Kernel zImage size about 43 KB
Bytes Bytes
Kernel memory 93856 KB 93772 KB
84 KB
usage (total=96MB) available after boot available after boot
Policy handling 32768 Bytes about 33 KB
- (with access logs (with access logs
memory usage
221952 Bytes) about 222 KB)
• TO DO: Benchmark!
to measure all the overhead caused by TOMOYO Linux
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 33
34. Some possible scenarios
• MAC for Android devices
– Protection for vulnerabilities
– Effective containment of malicious attacks
• Function restriction
– Limited network access
(specific sites, applications)
– Package Installing/Uninstalling ability
• Enterprise employee portable devices
• User smartphones, netbooks, …
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 34
35. Conclusions
• TOMOYO Linux successfully working on Android
• MAC enforced for system services and user applications
• Solution proposed with the minimum modifications in
both Android and TOMOYO Linux
– no changes in Android kernel source code, beside the TOMOYO patch
– no changes in Android userland applications, except adding TOMOYO
management tools
– no changes in TOMOYO Linux patch
– enhancements to TOMOYO Linux tools for embedded purposes
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 35
36. Conclusions
• Ideas and plans for future works
– Benchmarking
– Porting and testing TOMOYO Linux to other
embedded Linux systems
• Call For Collaboration!
Discuss and confronting with you is essential to improve
and develop new ideas. We need your help
We would be glad to receive any form of feedback:
questions, comments, critics, proposals!
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 36
38. CE Linux Forum Japan Technical Jamboree 28 2009/06/12
Thank you for listening
ご静聴どうもありがとうございました
TOMOYO is a registered trademark of NTT DATA CORPORATION in Japan.
Linux is a trademark of Linus Torvalds.
Other names and trademarks are the property of their respective owners.
TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 38