Hardened Android Release Has Better Sandboxing And Access-Control Policies

The National Security Agency has publicly released Security Enhanced (SE) Android, a secure version of Google’s mobile operating system.

A security-enhanced version of Android, SE Android would enforce stricter access-control policies and better sandboxing than is currently available in the most up-to-date version of Google Android. The NSA announced the project at the Linux Security Summit in September and released the first version on 6 January.

Security enhancements

SE Android is based on SE Linux, a hardened version of Linux that the NSA initially released in 2000. Several SE Linux components have eventually made it back into the official Linux kernel as well as various Linux distributions, Solaris and FreeBSD.

“Security Enhanced Android is a project to identify and address critical gaps in the security of Android,” the agency wrote in the project documentation.

As designed, SE Android would isolate applications from each other, mitigate problems introduced by flawed or malicious applications, prevent applications from accessing system resources, ensure proper permission levels and perform security checks. Every file and folder on the device can be individually locked and encrypted, and WiFi and mobile network security features have been enhanced.

Android’s application security model allows applications run by a particular user to have access to all the files and resources normally available to that user. This has been an issue with applications having too much control over device elements like Bluetooth and the camera. SE Android uses Mandatory Access Control, which relies on policies to restrict the system resources available to the application regardless of user permissions.

“Even if an application were to break out its security sandbox, it would have limited ability to affect core system functionality,” Cameron Camp, an ESET researcher, wrote on the ESET Threat Blog.

The team is expected to further incorporate SE Android into Application Layer Security, to thwart unauthorised access and compromised programs at the application layer instead of letting it reach the kernel.

The NSA does not appear to be offering SE Android as the answer to all kernel issues, according to a presentation from the Linux Security Summit, but it suggested that many existing exploits would have been stopped with SE Android. Published Android root exploits, such as GingerBreak, Exploid or RageAgainstTheCage, target vulnerabilities in Android services and launch processes. SE Android can block the GingerBreak exploit at six different steps during its execution, depending on how strict the enforced policies are, NSA’s Stephen Smalley said in the presentation.

NSA is clearly targeting mobile developers, security experts and device manufacturers who need to implement strict access-control policies, such as the ones mandated by the US Department of Defense, in mobile devices and applications.

While it remains to be seen if SE Android will see widespread commercial adoption, it seems to indicate a growing role for Android in enterprise settings where SE platforms are currently deployed, according to Camp. “Having more security options for the mobile platform seems like a move in a positive direction,” Camp said.

Installing SE Android – still in its early stages – is a fairly complex process as there are no precompiled binaries available. Interested users and developers would need to download and build the official Android Open Source Project source code before obtaining patches and modifications from the SE Android code repositories. However, some developers are already discussing plans to release packaged versions to make it easier to work with.