Home / Latest Videos /

The Case For Security Enhanced (SE) Android



The Android software stack defines its own security model for apps through its permissions model. However, at its foundation, Android relies upon the Linux kernel to protect the system from flawed or malicious apps and to isolate apps from one another. Presently Android leverages Linux discretionary access control (DAC) to enforce these guarantees, despite the known shortcomings of DAC. In this talk, we motivate and describe our work to enable the effective use of SELinux in Android. We then demonstrate the benefits of SELinux through analysis of how our SE Android implementation would mitigate a number of public Android exploits. Our implementation is presently based on Android 4.0.3 and runs on devices supported by AOSP. The audience is OEMS, integrators, developers, and users with an interest in improved Android security. The talk will delve into deep technical detail at points, but should be of benefit even to less technical audience members. Stephen Smalley, National Security Agency (NSA) Mr. Smalley is a computer security researcher in the Trusted Systems Research organization of the US National Security Agency (NSA). He previously led the development and successful technology transfer of Security-Enhanced Linux (SELinux) to mainline Linux and is presently engaged in addressing security challenges in Android.



Subscribe to Comments Feed
  • Derp Said:

    THE VIDEO. IT DOES NOTHING. If you want to watch it, wait for the error to come up then just cut+paste the link into your browser, should download the video http://d17mmld7179ppq.cloudfront.net/the-case-for-security-enhanced-se-android_ebce8b/low.webm is the low fi version, good enough for this talk.