Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Google strengthens Android security muscle with SELinux protection

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 25 Jul 2013 05:35:03 +0000 (UTC)
http://arstechnica.com/security/2013/07/google-strengthens-android-security-muscle-with-nsa-developed-protection/

By Dan Goodin
Ars Technica
July 24, 2013
The upcoming version of Google's Android operating system offers several enhancements designed to strengthen handset security, particularly in businesses and other large organizations. Ars will be giving the just-unveiled version 4.3 a thorough review in the coming days. In the meantime, here's a quick rundown of the security improvements.
The most significant change is the addition of a security extension known as SELinux -- short for Security-Enhanced Linux -- to reinforce Android's current hack-mitigation model. Since Android's debut, apps have run inside a "sandbox" that restricts the data they can access and isolates code they can execute from other apps and the operating system as a whole. Built on a traditional Unix scheme known as discretionary access control, Android sandboxing prevents the pilfering of sensitive passwords by a rogue app a user has been tricked into installing or by a legitimate app that has been commandeered by a hacker.
Originally developed by programmers from the National Security Agency, SELinux enforces a much finer-grained series of mandatory access control policies. Among other things, SELinux allows varying levels of trust to each app, as well as dictating what kind of data an app can access inside its confined domain.
"SELinux will help cut off some of the attack surface of a modern Android device," Jon Oberheide, CTO of Duo Security and an expert in smartphone security, told Ars. He went on to say much will depend on the specific implementation of SELinux in Android and the policies it defines. On desktop computers and servers, the extensions sometimes fail to prevent hacks that exploit flaws in the operating-system kernel itself. That may be less of an issue with Android, because it has been considerably trimmed down from its Linux origins. 

[...]



--
Find the best InfoSec talent without breaking your budget!
Post a Job! $99 for 31 days
http://www.hotinfosecjobs.com/
Previous By Date Next
Previous By Thread Next

Current thread: