Android gets new shield of armour – NSA deploys security enhanced version
The call for better security is answered as first release of SE Android is revealed to the world
After staunch criticism over Android’s vulnerability, the US government has stepped (sort of) to produce a battle-hardened version of Google’s operating system.
The National Security Agency (NSA), which is part of the US Defence Department has unveiled an enhanced build, codenamed SE Android, which is armed and ready to deal with the malware attacks that Android faces daily on a global scale.
The project based on SELinux has the following mission directive:
Security Enhanced (SE) Android is a project to identify and address critical gaps in the security of Android. Initially, the SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the SE Android project is not limited to SELinux.
SE Android also refers to the reference implementation produced by the SE Android project. The current SE Android reference implementation provides a worked example of how to enable and apply SELinux at the lower layers of the Android software stack and provides a working demonstration of the value provided by SELinux in confining various root exploits and application vulnerabilities.
Details on how and where you can deploy SE Android appear on the project’s homepage. Currently SE Android is only available as source and is built by cloning the Android Open Source Project (AOSP) git repository, and then applying the modifications from the project’s git repository. Rather than seeking to prevent potential threats, SE Android’s main role is damage limitation, hoping to greatly diminish the number of issues that currently face the malware paradise that has become Android. The best form of attack is defence after all.
However, when the prototype was first unveiled at Linux Security Summit 2011, Stephen Smalley explained that SE Android cannot protect against kernel vulnerabilities and misconfiguration of the security policy. The build is clearly those in a developer mindset, rather than an anti-virus solution for the consumer, but by hopefully countering malware threats at the beginning of the chain, Android’s security lapses could be a thing of the past.