Characterizing SEAndroid Policies in the Wild
نویسندگان
چکیده
Starting from the 5.0 Lollipop release all Android processes must be run inside confined SEAndroid access control domains. As a result, Android device manufacturers were compelled to develop SEAndroid expertise in order to create policies for their device-specific components. In this paper we analyse SEAndroid policies from a number of 5.0 Lollipop devices on the market, and identify patterns of common problems we found. We also suggest some practical tools that can improve policy design and analysis. We implemented the first of such tools, SEAL.
منابع مشابه
SELint: An SEAndroid Policy Analysis Tool
SEAndroid enforcement is now mandatory for Android devices. In order to provide the desired level of security for their products, Android OEMs need to be able to minimize their mistakes in writing SEAndroid policies. However, existing SEAndroid and SELinux tools are not very useful for this purpose. It has been shown that SEAndroid policies found in commercially available devices by multiple ma...
متن کاملCharacterizing Reservation Management for Media Gateway Controller (Performance and Reliability)
In this paper, analysis and simulation of Media Gateway Controller (MEGACO) based COPS (Common Open Policy Server) which is a protocol defined in IETF (Internet Engineering Task Force) to transport configuration requests and deliver the policies is presented. For this scenario, three queuing models include M/M/1, M/M/c and M/D/c were applied . Then, some of the key performance benchmarks look l...
متن کاملCharacterizing Reservation Management for Media Gateway Controller (Performance and Reliability)
In this paper, analysis and simulation of Media Gateway Controller (MEGACO) based COPS (Common Open Policy Server) which is a protocol defined in IETF (Internet Engineering Task Force) to transport configuration requests and deliver the policies is presented. For this scenario, three queuing models include M/M/1, M/M/c and M/D/c were applied . Then, some of the key performance benchmarks look l...
متن کاملEASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning
Mandatory protection systems such as SELinux and SEAndroid harden operating system integrity. Unfortunately, policy development is error prone and requires lengthy refinement using audit logs from deployed systems. While prior work has studied SELinux policy in detail, SEAndroid is relatively new and has received little attention. SEAndroid policy engineering differs significantly from SELinux:...
متن کاملWhat's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources
The pervasiveness of security-critical external resources (e.g accessories, online services) poses new challenges to Android security. In prior research we revealed that given the BLUETOOTH and BLUETOOTH_ADMIN permissions, a malicious app on an authorized phone gains unfettered access to any Bluetooth device (e.g., Blood Glucose meter, etc.). Here we further show that sensitive text messages fr...
متن کامل