MUST READ: Congress demands answers from Google over Glass privacy concerns

Topic: Hardware

NSA releases security-enhanced Android OS

Summary: Security Enhanced (SE) Android is aimed at limiting the damage that can be done by flawed or malicious apps and at enforcing separation guarantees between apps.

Ryan Naraine

By for Zero Day |

The U.S. government's National Security Agency (NSA) has created and released a hardened version of Google's Android, a move aimed at sealing "critical gaps in the security" of the mobile operating system.

The project, called Security Enhanced (SE) Android, uses SELinux to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps, according to documentation released by the NSA.

[ SEE: Android security team appeals to hackers ]

Some of these security enhancements include:

  • Per-file security labeling support for yaffs2,
  • Filesystem images (yaffs2 and ext4) labeled at build time,
  • Kernel permission checks controlling Binder IPC,
  • Labeling of service sockets and socket files created by init,
  • Labeling of device nodes created by ueventd,
  • Flexible, configurable labeling of apps and app data directories,
  • Userspace permission checks controlling use of the Zygote socket commands,
  • Minimal port of SELinux userspace,
  • SELinux support for the Android toolbox,
  • Small TE policy written from scratch for Android,
  • Confined domains for system services and apps,
  • Use of MLS categories to isolate apps.

More information on the goals of SE Android can be found in these presentation slides [pdf].

Topics: Hardware, Android, Google, Mobile OS, Mobility, Operating Systems, Security, Smartphones, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

17 comments
Log in or register to join the discussion

  • How bad can it be? Who Knew?

    nt
    Dietrich T. Schmitz *Your
    Reply Vote

    • RE: NSA releases security-enhanced Android OS

      @Dietrich T. Schmitz * Your Linux Advocate

      When the NSA gets done with Android, even I would buy an Android device. Grin.
      kenosha77a
      Reply Vote

    • RE: NSA releases security-enhanced Android OS

      @Dietrich T. Schmitz * Your Linux Advocate

      Yet another incompatible version. As a developer who would actually like to publish to Android, I think I'll give up until they stay on one version for more than a few months and actually commit to upgrading it.
      tonymcs@...
      Reply Vote

    • sdfdf

      Wholesale Bedding Baby Products Suppliers http://www.chinawholesaletown.com/wholesale-Cooler/ Cooler
      Wholesale Socks China Wholesale http://www.chinawholesaletown.com/wholesale-Tag---lable/ Entertainment Supplies
      Personal Safety Products Wholesale Playing Card http://www.chinawholesaletown.com/ Glove
      Wholesale Compressed Products Crystal Gifts http://www.chinawholesaletown.com/wholesale-Playing-Card/ Racks
      Medicine Instrument Wholesale Jewelry http://www.chinawholesaletown.com/wholesale-Eye-Masks/ Playing Card
      Water Bottle Medicine Instrument http://www.chinawholesaletown.com/wholesale-Calendar/ Stapler
      Coca Cola Gifts Wholesale Belt http://www.chinawholesaletown.com/wholesale-Coca-Cola-Gifts/ Mouse
      Wholesale Memory Card Wholesale Knife http://www.chinawholesaletown.com/wholesale-Mouse/ Massager
      China Wholesale Wholesale Clothing http://www.chinawholesaletown.com/wholesale-Electroluminescent/ Advertising Material
      Home Appliances Wholesale Vase http://www.chinawholesaletown.com/wholesale-USB-Flash-Drive/ Glasses
      Promotional Gifts Wholesale Waterproof Case http://www.chinawholesaletown.com/wholesale-Bottle-Opener/ Garden Decorations
      Wholesale USB Flash Drive Wholesale Bookmark http://www.chinawholesaletown.com/wholesale-Banner---Flag/ Money Clip
      Wholesale Mirror Bottle Opener http://www.chinawholesaletown.com/wholesale-Baby-Suppliers/ Promotional Items
      Wholesale Bag Wholesale Scissors http://www.chinawholesaletown.com/wholesale-Wallet/ Vuvuzela
      Name Card Holder Wholesale Scissors http://www.chinawholesaletown.com/wholesale-Knife/ Lanyard
      Wholesale Carabiner Wholesale Pedometer http://www.chinawholesaletown.com/wholesale-T-Shirts/ Coca Cola Gifts
      Wholesale Golf Products Flash Gift http://www.chinawholesaletown.com/wholesale-Writing-Instrument/ Arts Crafts
      Patient Care Products Hair Products http://www.chinawholesaletown.com/wholesale-Stationery/ Keychain
      Wholesale Tellurion Mouse Pad http://www.chinawholesaletown.com/wholesale-Scissors/ Thermometer
      World Cup Products Water Bottle http://www.chinawholesaletown.com/wholesale-Beauty-Equipment/ Voice Recorder
      Wholesale Radio Giveaway Material http://www.chinawholesaletown.com/wholesale-Sticker/ Money Bank
      Wholesale Jewelry Wholesale Tableware http://www.chinawholesaletown.com/wholesale-Pom-Poms/ Knife
      Wholesale Waterproof Case Wholesale Cup http://www.chinawholesaletown.com/wholesale-Electrical-Gifts/ Bracelet
      CD Holde Wholesale USB Flash Drive http://www.chinawholesaletown.com/wholesale-Cap/ Writing Instrument
      Wholesale Shoe Wholesale lable http://www.chinawholesaletown.com/wholesale-Computer-Keyboard/ China Wholesale
      Wholesale Swimming Products Wholesale TelePhone http://www.chinawholesaletown.com/wholesale-USB-Products/ Sticker
      Wholesale Stationery Inflatable Products http://www.chinawholesaletown.com/wholesale-Name-Card-Holder/ Raincoat
      Wholesale T-Shirts Name Card Holder http://www.chinawholesaletown.com/wholesale-Money-Clip/ Electrical Gifts
      Wholesale Pedometer Wholesale Bangle http://www.chinawholesaletown.com/wholesale-Gift-Box---Display/ Consumer Electronics
      Cleaner Products Wedding Favors http://www.chinawholesaletown.com/wholesale-Wedding-Favors/ Bedding
      Lighting Products Wholesale Tellurion http://www.chinawholesaletown.com/wholesale-Socks/ Giveaway Material
      Wholesale Earphone Wholesale Flashlight http://www.chinawholesaletown.com/wholesale-Computer-Accessories/ Hair Products
      Entertainment Supplies Wholesale Compass http://www.chinawholesaletown.com/wholesale-Consumer-Electronics/ Scissors
      Wholesale Scarf Wholesale Raincoat http://www.chinawholesaletown.com/wholesale-Watch/ Computer Accessories
      Hair Products Automotive Products http://www.chinawholesaletown.com/wholesale-Glove/ Wallet
      Wholesale Raincoat Wholesale Glass http://www.chinawholesaletown.com/wholesale-Mobile-Phone/ Waterproof Case
      Wholesale Pen Money Bank http://www.chinawholesaletown.com/wholesale-Album/ Christmas Gifts
      jywhy888
      Reply Vote

  • the government recognized the strategic importance of FOSS

    and invested the tax dollars wisely this time.
    The Linux Geek
    Reply Vote

    • RE: NSA releases security-enhanced Android OS

      @The Linux Geek Or they realize just what a huge security risk vanilla Android really is and is taking the steps that Google [i]should have[/i] taken.
      athynz
      Reply Vote

      • RE: NSA releases security-enhanced Android OS

        @Pete "athynz" Athens: Or they just realize that COTS never will be designed for the paranoid geeks, and decided that Android was the best existing project to build upon.
        Natanael_L
        Reply Vote

      • RE: NSA releases security-enhanced Android OS

        @Pete "athynz" Athens Nah, the release an SE version for every Linux out there but it is usually just an add on.
        slickjim
        Reply Vote

  • This from the agency that crashes probes into the planets surface because

    it forgot to convert meters to feet. Seriously though is app isolation really youre biggest security worry with android. Arent you much more worried about the hundreds of vulnerabilities in the os itself that anyone can use to pwnd android devices without even loading apps onto them?
    Johnny Vegas
    Reply Vote

    • RE: NSA releases security-enhanced Android OS

      @Johnny Vegas Umm, you might want to re-read the article. This was referencing the NSA, as in National Security Agency. You know, the secrets and codes and encryption people. NOT NASA, the space agency.
      tkeller@...
      Reply Vote

    • RE: NSA releases security-enhanced Android OS

      @Johnny Vegas
      SELinux in part could address the OS vulnerabilities and or at least isolate them from doing much/further damage.
      captfrank66
      Reply Vote

  • A natural evolution from Linux-based servers and desktops with SELinux

    Android appears to have won amongst it's Linux competitors (MeeGo and WebOS) in the mobile device space. And Android, as an open-source operating system, is available for organizations (and individuals) to make various modifications and improvements.

    SELinux was created by the three-letter agency in the article's title. It was the first Linux Security Module incorporated into the Linux kernel and is currently the LSM used in Fedora and Red Hat Enterprise Linux on both the server and the desktop.

    It only makes sense that SELinux moves down the chain (so to speak) to mobile devices and embedded systems.
    Rabid Howler Monkey
    Reply Vote

  • RE: NSA releases security-enhanced Android OS

    These enhancements will be incorporated by google either Android 5 or 6 at the latest.

    It will still be one of the most hack systems on the planet, as it one of the most popular systems on the planet.
    Knowles2
    Reply Vote

    • RE: NSA releases security-enhanced Android OS

      @Knowles2: Technically, not "hacked". But infected, yes, since trojans are just as bad.
      Natanael_L
      Reply Vote

  • RE: NSA releases security-enhanced Android OS

    I had previously been looking at hypervisors as a way to provide app isolation (OK Labs, Greenhill???s, good etc) to prevent exploits from further doing damage to the system but wonder if this negates them or augments them or depends? Could see still running hypervisors splitting out at a macro level and SElinux doing the fine tuning as SELinux policy development is not trivial.
    captfrank66
    Reply Vote

    • RE: NSA releases security-enhanced Android OS

      @captfrank66: Have you seen that Qube OS project? It uses separate VMs for different software (like work, surfing, gaming, etc). KDE is the user enviroment, modded with windows coloring based on which VM the windows belongs to.
      Natanael_L
      Reply Vote

  • More Secure. Yeah, Right...

    "NSA Security-Enhanced Android, now with free back doors!"

    In addition to being more resistant to viruses and trojans, it will include these handy features:

    If you forget your password, contact the NSA and they can tunnel in and retrieve it for you.

    If you lose or destroy your Android device, don't worry, the NSA will have backups of all your private data.

    :-)
    grayforge
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close