Difference between revisions of "SEforAndroid"

From SELinux Wiki
Jump to: navigation, search
(New page: == What is SE Android? == Security Enhanced (SE) Android is a project to identify and address critical gaps in the security of Android. Initially, the SE Android project is enabling the ...)
 
(540 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== What is SE Android? ==
+
Security Enhancements (SE) for Android™ was a NSA-led project that created and released an open source reference implementation of how to enable and apply SELinux to Android, made the case for adopting SELinux into mainline Android, and worked with the Android Open Source Project (AOSP) to integrate
 +
the changes into mainline Android. As a result, SELinux is now a core part of Android.
 +
See https://source.android.com/security/selinux/ for further information on SELinux in Android.
  
Security Enhanced (SE) Android is a project to identify and address critical gaps in the security of Android. Initially, the SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the SE Android project is not limited to SELinux.
+
SE for Android was originally called Security Enhanced Android (SE Android) but was renamed to comply with the Android brand guidelines.
 +
Hence, you will see the older name in many of the presentations and papers below.
  
SE Android also refers to the reference implementation produced by the SE Android project.  The current SE Android reference implementation provides a worked example of how to enable and apply SELinux at the lower layers of the Android software stack and provides a working demonstration of the value provided by SELinux in confining various root exploits and application vulnerabilities.
+
SE for Android used to maintain its own source code repositories on bitbucket.org but these have been removed since the code has all been merged to AOSP.
  
SE Android was first publically described in a presentation at the
+
Presentations and papers describing SE for Android included:
Linux Security Summit 2011. The slides from that talk can be found at:
+
* The Case for SE Android, Linux Security Summit 2011, Sep 2011. [http://selinuxproject.org/~jmorris/lss2011_slides/caseforseandroid.pdf Slides]
http://selinuxproject.org/~jmorris/lss2011_slides/caseforseandroid.pdf
+
* The Case for Security Enhanced (SE) Android, Android Builders Summit 2012, Feb 2012. [https://events.linuxfoundation.org/images/stories/pdf/lf_abs12_smalley.pdf Slides]
 +
* Security Enhanced (SE) Android, LinuxCon North America 2012, Aug 2012.  [https://events.linuxfoundation.org/images/stories/pdf/lcna_co2012_smalley.pdf Slides]
 +
* Middleware MAC for Android, Linux Security Summit 2012, Aug 2012.  [http://kernsec.org/files/LSS2012-MiddlewareMAC.pdf Slides]
 +
* Security Enhanced (SE) Android:  Bringing Flexible MAC to Android, 20th Annual Network and Distributed System Security Symposium (NDSS '13), Feb 2013.  [https://www.ndss-symposium.org/ndss2013/ndss-2013-programme/security-enhanced-se-android-bringing-flexible-mac-android Paper and Slides]
 +
*  Laying a Secure Foundation for Mobile Devices, 20th Annual Network and Distributed System Security Symposium (NDSS '13), Feb 2013. [https://www.ndss-symposium.org/ndss2013/ndss-2013-programme/laying-secure-foundation-mobile-devices/ Slides]
 +
* Security Enhancements (SE) for Android, Android Builders Summit 2014, Apr 2014. [http://events.linuxfoundation.org/sites/events/files/slides/abs2014_seforandroid_smalley.pdf Slides]
 +
* Protecting the Android TCB with SELinux, Linux Security Summit 2014, Aug 2014. [http://kernsec.org/files/lss2014/lss2014_androidtcb_smalley.pdf Slides]
 +
* SELinux in Android Lollipop and Marshmallow, Linux Security Summit 2015, Aug 2015. [http://kernsec.org/files/lss2015/lss2015_selinuxinandroidlollipopandm_smalley.pdf Slides]
 +
 
 +
Further talks describing the impact of SELinux on Android security and further SELinux development in Android include:
 +
* ioctl command whitelisting in SELinux, Linux Security Summit 2015, Aug 2015. [http://kernsec.org/files/lss2015/vanderstoep.pdf Slides]
 +
* Android: protecting the kernel, Linux Security Summit, Aug 2016. [http://events17.linuxfoundation.org/sites/events/files/slides/Android-%20protecting%20the%20kernel.pdf Slides]
 +
* Honey I Shrunk the Attack Surface: Adventures in Android Security Hardening, Black Hat USA 2017, July 2017. [https://www.blackhat.com/docs/us-17/thursday/us-17-Kralevich-Honey-I-Shrunk-The-Attack-Surface-Adventures-In-Android-Security-Hardening.pdf Slides]
 +
* SELinux in Android Oreo or: How I Learned to Stop Worrying and Love Attributes, Linux Security Summit 2017, Sep 2017. [http://events17.linuxfoundation.org/sites/events/files/slides/LSS%20-%20Treble%20%27n%27%20SELinux_0.pdf Slides]
 +
* Year in Review: Android Kernel Security, Linux Security Summit 2018, Aug 2018. [https://events.linuxfoundation.org/wp-content/uploads/2017/11/LSS2018.pdf Slides]
 +
 
 +
(Android is a trademark of Google LLC)

Revision as of 12:50, 5 October 2018

Security Enhancements (SE) for Android™ was a NSA-led project that created and released an open source reference implementation of how to enable and apply SELinux to Android, made the case for adopting SELinux into mainline Android, and worked with the Android Open Source Project (AOSP) to integrate the changes into mainline Android. As a result, SELinux is now a core part of Android. See https://source.android.com/security/selinux/ for further information on SELinux in Android.

SE for Android was originally called Security Enhanced Android (SE Android) but was renamed to comply with the Android brand guidelines. Hence, you will see the older name in many of the presentations and papers below.

SE for Android used to maintain its own source code repositories on bitbucket.org but these have been removed since the code has all been merged to AOSP.

Presentations and papers describing SE for Android included:

  • The Case for SE Android, Linux Security Summit 2011, Sep 2011. Slides
  • The Case for Security Enhanced (SE) Android, Android Builders Summit 2012, Feb 2012. Slides
  • Security Enhanced (SE) Android, LinuxCon North America 2012, Aug 2012. Slides
  • Middleware MAC for Android, Linux Security Summit 2012, Aug 2012. Slides
  • Security Enhanced (SE) Android: Bringing Flexible MAC to Android, 20th Annual Network and Distributed System Security Symposium (NDSS '13), Feb 2013. Paper and Slides
  • Laying a Secure Foundation for Mobile Devices, 20th Annual Network and Distributed System Security Symposium (NDSS '13), Feb 2013. Slides
  • Security Enhancements (SE) for Android, Android Builders Summit 2014, Apr 2014. Slides
  • Protecting the Android TCB with SELinux, Linux Security Summit 2014, Aug 2014. Slides
  • SELinux in Android Lollipop and Marshmallow, Linux Security Summit 2015, Aug 2015. Slides

Further talks describing the impact of SELinux on Android security and further SELinux development in Android include:

  • ioctl command whitelisting in SELinux, Linux Security Summit 2015, Aug 2015. Slides
  • Android: protecting the kernel, Linux Security Summit, Aug 2016. Slides
  • Honey I Shrunk the Attack Surface: Adventures in Android Security Hardening, Black Hat USA 2017, July 2017. Slides
  • SELinux in Android Oreo or: How I Learned to Stop Worrying and Love Attributes, Linux Security Summit 2017, Sep 2017. Slides
  • Year in Review: Android Kernel Security, Linux Security Summit 2018, Aug 2018. Slides

(Android is a trademark of Google LLC)

Retrieved from "http://selinuxproject.org/w/?title=SEforAndroid&oldid=1861"