Characterizing SEAndroid Policies in the Wild

نویسندگان

  • Elena Reshetova
  • Filippo Bonazzi
  • Thomas Nyman
  • Ravishankar Borgaonkar
  • N. Asokan
چکیده

Starting from the 5.0 Lollipop release all Android processes must be run inside confined SEAndroid access control domains. As a result, Android device manufacturers were compelled to develop SEAndroid expertise in order to create policies for their device-specific components. In this paper we analyse SEAndroid policies from a number of 5.0 Lollipop devices on the market, and identify patterns of common problems we found. We also suggest some practical tools that can improve policy design and analysis. We implemented the first of such tools, SEAL.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

SELint: An SEAndroid Policy Analysis Tool

SEAndroid enforcement is now mandatory for Android devices. In order to provide the desired level of security for their products, Android OEMs need to be able to minimize their mistakes in writing SEAndroid policies. However, existing SEAndroid and SELinux tools are not very useful for this purpose. It has been shown that SEAndroid policies found in commercially available devices by multiple ma...

متن کامل

Characterizing Reservation Management for Media Gateway Controller (Performance and Reliability)

In this paper, analysis and simulation of Media Gateway Controller (MEGACO) based COPS (Common Open Policy Server) which is a protocol defined in IETF (Internet Engineering Task Force) to transport configuration requests and deliver the policies is presented. For this scenario, three queuing models include M/M/1, M/M/c and M/D/c were applied . Then, some of the key performance benchmarks look l...

متن کامل

Characterizing Reservation Management for Media Gateway Controller (Performance and Reliability)

In this paper, analysis and simulation of Media Gateway Controller (MEGACO) based COPS (Common Open Policy Server) which is a protocol defined in IETF (Internet Engineering Task Force) to transport configuration requests and deliver the policies is presented. For this scenario, three queuing models include M/M/1, M/M/c and M/D/c were applied . Then, some of the key performance benchmarks look l...

متن کامل

EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning

Mandatory protection systems such as SELinux and SEAndroid harden operating system integrity. Unfortunately, policy development is error prone and requires lengthy refinement using audit logs from deployed systems. While prior work has studied SELinux policy in detail, SEAndroid is relatively new and has received little attention. SEAndroid policy engineering differs significantly from SELinux:...

متن کامل

What's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources

The pervasiveness of security-critical external resources (e.g accessories, online services) poses new challenges to Android security. In prior research we revealed that given the BLUETOOTH and BLUETOOTH_ADMIN permissions, a malicious app on an authorized phone gains unfettered access to any Bluetooth device (e.g., Blood Glucose meter, etc.). Here we further show that sensitive text messages fr...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2016