NSA releases security-enhanced Android OS

NSA releases security-enhanced Android OS

Summary: Security Enhanced (SE) Android is aimed at limiting the damage that can be done by flawed or malicious apps and at enforcing separation guarantees between apps.

SHARE:

The U.S. government's National Security Agency (NSA) has created and released a hardened version of Google's Android, a move aimed at sealing "critical gaps in the security" of the mobile operating system.

The project, called Security Enhanced (SE) Android, uses SELinux to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps, according to documentation released by the NSA.

[ SEE: Android security team appeals to hackers ]

Some of these security enhancements include:

  • Per-file security labeling support for yaffs2,
  • Filesystem images (yaffs2 and ext4) labeled at build time,
  • Kernel permission checks controlling Binder IPC,
  • Labeling of service sockets and socket files created by init,
  • Labeling of device nodes created by ueventd,
  • Flexible, configurable labeling of apps and app data directories,
  • Userspace permission checks controlling use of the Zygote socket commands,
  • Minimal port of SELinux userspace,
  • SELinux support for the Android toolbox,
  • Small TE policy written from scratch for Android,
  • Confined domains for system services and apps,
  • Use of MLS categories to isolate apps.

More information on the goals of SE Android can be found in these presentation slides [pdf].

Topics: Hardware, Android, Google, Mobile OS, Mobility, Operating Systems, Security, Smartphones, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

16 comments
Log in or register to join the discussion
  • How bad can it be? Who Knew?

    nt
    Dietrich T. Schmitz *Your
    • RE: NSA releases security-enhanced Android OS

      @Dietrich T. Schmitz * Your Linux Advocate

      When the NSA gets done with Android, even I would buy an Android device. Grin.
      kenosha77a
    • RE: NSA releases security-enhanced Android OS

      @Dietrich T. Schmitz * Your Linux Advocate

      Yet another incompatible version. As a developer who would actually like to publish to Android, I think I'll give up until they stay on one version for more than a few months and actually commit to upgrading it.
      tonymcs@...
  • the government recognized the strategic importance of FOSS

    and invested the tax dollars wisely this time.
    The Linux Geek
    • RE: NSA releases security-enhanced Android OS

      @The Linux Geek Or they realize just what a huge security risk vanilla Android really is and is taking the steps that Google [i]should have[/i] taken.
      athynz
      • RE: NSA releases security-enhanced Android OS

        @Pete "athynz" Athens: Or they just realize that COTS never will be designed for the paranoid geeks, and decided that Android was the best existing project to build upon.
        Natanael_L
      • RE: NSA releases security-enhanced Android OS

        @Pete "athynz" Athens Nah, the release an SE version for every Linux out there but it is usually just an add on.
        slickjim
  • This from the agency that crashes probes into the planets surface because

    it forgot to convert meters to feet. Seriously though is app isolation really youre biggest security worry with android. Arent you much more worried about the hundreds of vulnerabilities in the os itself that anyone can use to pwnd android devices without even loading apps onto them?
    Johnny Vegas
    • RE: NSA releases security-enhanced Android OS

      @Johnny Vegas Umm, you might want to re-read the article. This was referencing the NSA, as in National Security Agency. You know, the secrets and codes and encryption people. NOT NASA, the space agency.
      tkeller@...
    • RE: NSA releases security-enhanced Android OS

      @Johnny Vegas
      SELinux in part could address the OS vulnerabilities and or at least isolate them from doing much/further damage.
      captfrank66
  • A natural evolution from Linux-based servers and desktops with SELinux

    Android appears to have won amongst it's Linux competitors (MeeGo and WebOS) in the mobile device space. And Android, as an open-source operating system, is available for organizations (and individuals) to make various modifications and improvements.

    SELinux was created by the three-letter agency in the article's title. It was the first Linux Security Module incorporated into the Linux kernel and is currently the LSM used in Fedora and Red Hat Enterprise Linux on both the server and the desktop.

    It only makes sense that SELinux moves down the chain (so to speak) to mobile devices and embedded systems.
    Rabid Howler Monkey
  • RE: NSA releases security-enhanced Android OS

    These enhancements will be incorporated by google either Android 5 or 6 at the latest.

    It will still be one of the most hack systems on the planet, as it one of the most popular systems on the planet.
    Knowles2
    • RE: NSA releases security-enhanced Android OS

      @Knowles2: Technically, not "hacked". But infected, yes, since trojans are just as bad.
      Natanael_L
  • RE: NSA releases security-enhanced Android OS

    I had previously been looking at hypervisors as a way to provide app isolation (OK Labs, Greenhill???s, good etc) to prevent exploits from further doing damage to the system but wonder if this negates them or augments them or depends? Could see still running hypervisors splitting out at a macro level and SElinux doing the fine tuning as SELinux policy development is not trivial.
    captfrank66
    • RE: NSA releases security-enhanced Android OS

      @captfrank66: Have you seen that Qube OS project? It uses separate VMs for different software (like work, surfing, gaming, etc). KDE is the user enviroment, modded with windows coloring based on which VM the windows belongs to.
      Natanael_L
  • More Secure. Yeah, Right...

    "NSA Security-Enhanced Android, now with free back doors!"

    In addition to being more resistant to viruses and trojans, it will include these handy features:

    If you forget your password, contact the NSA and they can tunnel in and retrieve it for you.

    If you lose or destroy your Android device, don't worry, the NSA will have backups of all your private data.

    :-)
    grayforge