http://arstechnica.com/security/2013/07/google-strengthens-android-security-muscle-with-nsa-developed-protection/
By Dan Goodin
Ars Technica
July 24, 2013
The upcoming version of Google's Android operating system offers several
enhancements designed to strengthen handset security, particularly in
businesses and other large organizations. Ars will be giving the
just-unveiled version 4.3 a thorough review in the coming days. In the
meantime, here's a quick rundown of the security improvements.
The most significant change is the addition of a security extension known
as SELinux -- short for Security-Enhanced Linux -- to reinforce Android's
current hack-mitigation model. Since Android's debut, apps have run inside
a "sandbox" that restricts the data they can access and isolates code they
can execute from other apps and the operating system as a whole. Built on
a traditional Unix scheme known as discretionary access control, Android
sandboxing prevents the pilfering of sensitive passwords by a rogue app a
user has been tricked into installing or by a legitimate app that has been
commandeered by a hacker.
Originally developed by programmers from the National Security Agency,
SELinux enforces a much finer-grained series of mandatory access control
policies. Among other things, SELinux allows varying levels of trust to
each app, as well as dictating what kind of data an app can access inside
its confined domain.
"SELinux will help cut off some of the attack surface of a modern Android
device," Jon Oberheide, CTO of Duo Security and an expert in smartphone
security, told Ars. He went on to say much will depend on the specific
implementation of SELinux in Android and the policies it defines. On
desktop computers and servers, the extensions sometimes fail to prevent
hacks that exploit flaws in the operating-system kernel itself. That may
be less of an issue with Android, because it has been considerably trimmed
down from its Linux origins.
[...]
--
Find the best InfoSec talent without breaking your budget!
Post a Job! $99 for 31 days
http://www.hotinfosecjobs.com/
