SAN DIEGO. It’s no secret that Google’s Android mobile operating system has had its share of security flaws. But what is less well-known is that the U.S. government’s National Security Agency (NSA) is among the teams working to improve Android security.
Speaking at the LinuxCon North America 2012 conference, NSA developer Stephen Smalley detailed how the NSA is working to make Android more secure for everyone.
The NSA is no stranger to the world of Linux and open source security. In 2004, the NSA began to work on something known as SELinux (Security-Enhanced Linux). SELinux provides mandatory access control and granular application level controls to Linux. SELinux is now baked into Linux and is a key component of its overall enhanced security.
The NSA’s SE (Security-Enhanced) Android project is an attempt to extend that same approach to Android phones. SE Android was launched by the NSA to address what they perceive as critical gaps in the security of Android.
Smalley stressed that with SE Android, the NSA is not seeking to create a government version or fork of Android.
“We’re not looking to create a product of our own,” Smalley said. “We have a focus on platform security issues that aren’t addressed in the commercial sector and throughout the project, we’re working with an eye toward mainline Android adoption.”
As an open-source project, Google accepts code contributions to Android. Smalley noted that SE Android was first released in January and to date, some of the changes it introduces have been incorporated into Google’s own development.
The use cases for SE Android includes preventing data leakage, privilege escalation, as well as the bypass of security features.
“We want to protect the integrity of apps and data and we want it to be beneficial for consumers, businesses, and government,” Smalley said.
Android Isn’t Just Linux
While Android has a Linux component to it, the effort to move the SELinux model to Android is not a simple one. Smalley said that it’s important to realize that almost everything above the kernel is different.
He explained that in Android there is an application-level permission model that controls access to app components and system resources. That’s the level of Android security that most app writers see and that users might know about. But there’s a lot going on below all that, Smalley explained.
“Beneath that there is a kernel-level mechanism that provides sandboxing and isolation,” Smalley said. “That guarantees that apps are separate from each other and prevents bypass of the app permission model.”
This kernel-level mechanism is the one that is not normally seen by developers or users and is an area of specific focus for SE Android.
“SELinux gives us the ability to confine flawed or malicious applications and it can also help for Android,” Smalley said. “It could confine privileged daemons and then limit the damage that can be done via them.”
According to Smalley, SE Android can be used on real devices today and it has currently been tested on the Galaxy Nexus phone. He stressed that based on the NSA’s testing so far, there is a negligible performance impact on Android when running with SE Android. The plan from the NSA is to continue to enhance the effort and contribute those changes upstream to the mainline Android project for inclusion.
“SE would make a difference to the security of Android in the wild,” Smalley said.