Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

NSA releases security-enhanced version of Android

The National Security Agency's version of Android provides better access-control policies

Article comments

The National Security Agency (NSA) has released SE Android, a security-enhanced version of Android, which provides and enforces stricter access-control policies than those found in the popular mobile operating system by default.

SE Android is based on NSA's previous research into mandatory access controls that gave birth to the Security-Enhanced Linux project back in 2000. SE Linux is a collection of Linux kernel security modules and other tools that provide a flexible mechanism for restricting what resources users or applications can access.

Over the years, most of the low-level SE Linux modifications were merged into the official Linux kernel and they were also ported to Solaris and FreeBSD.

The NSA revealed its plan to port SE Linux to Android as part of a new project called SE Android at the Linux Security Summit last year. The first version was released on January 6.

One of the main things that SE Android is trying to improve is Android's application security model, which is based on the default Linux discretionary access control. Under DAC, an application run by a particular user has access to all of the files and resources accessible to that user.

However, under the MAC model implemented by SE Linux and now SE Android, the resources available to an application can be restricted to whatever is defined in a policy, regardless of the user's permissions on the system. Because of this, SE Android can be used to confine privileged services and limit the damage that attackers can do if they exploit vulnerabilities.

Many Android root exploits like GingerBreak, Exploid or RageAgainstTheCage, target vulnerabilities in Android services. For example, the GingerBreak exploit leverages a vulnerability in vold, the Android volume daemon, which runs as root. SE Android can block the GingerBreak exploit at six different steps during its execution, depending on how strict the enforced policies are.

Unfortunately, installing SE Android on devices is not as straightforward as installing other custom Android ROMs, because the SE Android project doesn't provide any pre-compiled builds.

Users interested in deploying SE Android need to download and build the official Android Open Source Project source code and then sync their AOSP clone with the SE Android git trees in order to apply all patches and modifications. The SE Android project website contains instructions on how to do this.

SE Android is aimed at companies and organisations that need to implement strict access-control policies similar to those mandated by the US Department of Defense.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *