1 2 3 4 1
Market( ) Market 2
DB CVE : Common Vulnerability and Exposures (, MITRE ) Android 187 JVN : Japan Vulnerability Notes (JPCERT/CC, IPA ) Android 103 3
Jailbreak root zergrush exploit oneclick tool runme.bat Ø Root Root android PC usb runme.bat android zergrush exploit code root system remount su / busybox system SuperUsr.apk system reboot adb su command id superuser.apk get root!! runme.bat (root oneclick tool ) +files /adb.exe/busybox/su /superuser.apk/zergrush Ø runme.bat zergrush root root 4
PC** PC Market /data /system Jailbreak 5
1 2 3 4 6
Jailbreak root Step1: root Step2: OSroot Step3: rootsu 7
OS Security Spiced Android /system /system/bin su 8
SEAndroid Security Enhanced Android NSASELinux Android root root LinuxDAC: Discretionary Access Control rwx r-x r-x 755 /data/aaa.txt owner group other root = root SELinuxMAC: Mandatory Access Control) root 9
SEAndroid Disable ver4.2 SELinux Android4.3SEAndroid Permissive Mode ver4.3 dmesg or /data/misc/audit/audit.log Enforcing Mode ver4.4 AOSP* master branchenforcing Mode Android Open Source Project 10
KDDI Android ARMTPM 2012 Android ARMTPM Android OS Android(ARM), TPM 11
SIM SIM/UIM 3GSIM/UIM 12
2014ARM SIM/UIM Step5) Step4) SIM/ UIM Linuxinit Step 3) SIM/UIM Android Linuxinit Step 2) LinuxIntramfs SIM/UIM ROMBoot Loader Step 1) SIM/UIM SIM/UIM SIM/UIM ROMBoot Loader 13
SIM/UIMLinuxinitramfs Step 1 Step 2 Step 2 14
Root of Trust emmc ARM ROM Root of Trust SIM/UIM SIM/UIM SIM/UIM SIM/UIMTPMPCR ARMCPU SIM/UIM 15
SIM/UIM SIM/UIM ARM ARMSIM/UIM 16
Electric Control Unit ECU Micro Computing Unit MCUController Area Network CAN 1 2 3 4 17
?! H/W?! Micro Control Unit(MCU) 2020 NW 18
( ) (), () 2011 09 28 ( ) 39 http://www.takara-sign.com/r_blog_2011/s_images/2011-10-01-virus-001s.jpg 19
Renaissance / Renaissance MCU MCU Renaissance 20
Web AV CAN LIN RlexRay AVETC GW [] WiFi [] [] [] [(OEM)] 21
22
Electric Control Unit ECU Micro Computing Unit MCUController Area Network CAN 1 2 3 4 23
MCU CAN MCU MCU CAN MCU MCU ROM Root of TrustSecure RAM Secure ROM CAN MCU MCU Media Authentication Code MAC hash 24
MCU Web AV AVETC CAN LIN RlexRay GW MCU (1) MCU (2) MCU (3) CAN 25
Secure RAM/ROM Root of Trust MCU Root of Trust MCU (1) Root of TrustMUCMCU (2) MCUMCU (3) MCU 26
MCU MCU Root of TrustBoot Loader Secure ROM Secure RAM Step 0) ROMRoot of TrustBoot Loader Step 1) Boot LoaderFlash Step 2) Secure ROM Step 3) OKBoot Loader Step 4) Boot LoaderRAM HSBV850E2FG4-LCPU 60MHz CPU:TOPPERS/ATK2-SC1 1.3.0 110msec 60KB 27
MCU FL-850/F1L-176-S http://www.tessera.co.jp/fl/f1l-176.html MCU RH850F1L http://japan.renesas.com/products/ mpumcu/rh850/rh850f1x/rh850f1l/index.jsp CubeSuite+ for V850 http://www.digikey.jp/product-search/ja?vendor =0&keywords=CUBESUITE+for+V850 OS TOPPERS ATK2-SC1 RH850 https://www.toppers.jp/atk2-download.html 28
MCU MCU MCUMCU MCUMCU 29
MAC CAN RAM MAC 30
MAC CAN CAN MCU MAC hash MACCANLayer3 CRCLayer2 MAC Inter Frame Space CAN-L2SEC type1 Standard Format (ID 11 bit) Data Frame Inter Frame Space Recessive CRC Delimiter ACK Delimiter idle S O F ID RTR Control Field Data Field 0-8 Bytes CRC MAC ACK Slot E O F ITM idle Dominant 1 11 1 6 0 64 15 1 1 1 7 3 IV 64 IDE r d3 d2 d1 d0 Data Length Code / DLC 0 0 Reserved HMAC Data 31
MCU TT-01 MCU GW 32 MCUCAN (1) MCU (2) MCU (3) CAN