Skip the navigation
)
News

NSA releases security-enhanced version of Android

The National Security Agency's version of Android provides better access-control policies

By Lucian Constantin
January 17, 2012 11:34 AM ET

IDG News Service - The National Security Agency (NSA) has released SE Android, a security-enhanced version of Android, which provides and enforces stricter access-control policies than those found in the popular mobile operating system by default.

SE Android is based on NSA's previous research into mandatory access controls that gave birth to the Security-Enhanced Linux project back in 2000. SE Linux is a collection of Linux kernel security modules and other tools that provide a flexible mechanism for restricting what resources users or applications can access.

Over the years, most of the low-level SE Linux modifications were merged into the official Linux kernel and they were also ported to Solaris and FreeBSD.

The NSA revealed its plan to port SE Linux to Android as part of a new project called SE Android at the Linux Security Summit last year. The first version was released Jan. 6.

SE Android is aimed at companies and organizations that need to implement strict access-control policies similar to those mandated by the U.S. Department of Defense.

One of the main things that SE Android is trying to improve is Android's application security model, which is based on the default Linux discretionary access control. Under DAC, an application run by a particular user has access to all of the files and resources accessible to that user.

However, under the MAC model implemented by SE Linux and now SE Android, the resources available to an application can be restricted to whatever is defined in a policy, regardless of the user's permissions on the system. Because of this, SE Android can be used to confine privileged services and limit the damage that attackers can do if they exploit vulnerabilities.

Many Android root exploits like GingerBreak, Exploid or RageAgainstTheCage, target vulnerabilities in Android services. For example, the GingerBreak exploit leverages a vulnerability in vold, the Android volume daemon, which runs as root. SE Android can block the GingerBreak exploit at six different steps during its execution, depending on how strict the enforced policies are.

However, installing SE Android on devices is not as straightforward as installing other custom Android ROMs, because the SE Android project doesn't provide any pre-compiled builds.

Users interested in deploying SE Android need to download and build the official Android Open Source Project source code and then sync their AOSP clone with the SE Android git trees in order to apply all patches and modifications. The SE Android project website contains instructions on how to do this.

Reprinted with permission from IDG.net. Story copyright 2012 International Data Group. All rights reserved.
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
Additional Resources
Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Mobile Apps and Services White Papers
Mobile Middleware Strategies
Learn why a mobile development platform is critical to be able to support today's complex enterprise mobility strategies. Learn what to look for...
The Evolution of Enterprise Mobile App Development
Driven by explosive growth in smartphone and tablet sales, enterprise mobility has become an essential part of business. Organizations across industries are developing...
Native & HTML5 Mobile Apps: Not an either or, but a where and when
Learn how developers are using HTML5 and native development methods to build mobile apps. Get practical insights on how these tools are being...
Bank Improves Crisis Management Communications with Help from BlackBerry Solution
With a staff of more than 60,000 people dispersed across the United States, U.S. Bank needed a robust and intuitive program that would...
Why Centralized Cloud Identity Management is Crucial for the Enterprise
Now that employees are leaving the relative safety of the firewall to use online SaaS applications, enterprises need to adjust the way they...
All Mobile Apps and Services White Papers
Mobile Apps and Services Webcasts
BlackBerry NFC Security Overview
The presentation on NFC security will provide an overview of the security protections built into the BlackBerry platform to protect users, application developers...
Apps that add business value
BlackBerry® has all that you need to leverage mobile applications for BlackBerry® smartphones and BlackBerry® PlayBook™ tablets. You will see some simple applications...
Distributed Database Security with Real-time Monitoring
View this demo and learn how IBM InfoSphere Guardium database activity monitoring can help protect your sensitive data in distributed DBMS environments with...
InfoSphere Warehouse Packs Demo
These flash modules make warehousing more tangible and relevant to business users through detailed explanations of the InfoSphere Warehouse Packs.
Delivery Management -- Extending Lifecycle Management
Date: Wednesday, June 20, 2012, 1:00 PM EDT

Siloed organizations continue doing the wrong things and doing things wrong, leading to increased costs,...
All Mobile Apps and Services Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs