▶ Android
ASM Security

Android security is broken and we think we can fix it

North Carolina State University and the German institution Technische Universitat Darmstadt have created a proposal to radically shake up and harden the Android security model. Termed ASM, for Android Security Modules, the proposal is aimed at creating a flexible kernel capable of embracing current and future security systems without compromising functionality. 

There is a downside, however, in that implementing it requires some serious changes to the core Android security model - not least of which is root access to the devices - and these may well prove to be too difficult to implement whilst retaining backward compatibility with the millions of Android Apps currently available. Once installed however, root access isn't required for Apps to take advantage of the system from then on. The hope is that users won't see any of all this disruption, however, as manufacturers are encouraged to bake it into their devices so it's onboard when they leave the factory.

The Enterprise is calling

Samsungs "Knox" system is aimed squarely at the enterprise, and is implemented as a dual-personality system where each "persona" lives in its own secure sandbox, unaware of the other. ASM fully supports this model and is just as robust since it, too, is implemented at the kernel level.

William EnckDr. William Enck is the senior author of the paper, and is the assistant professor of computer science at NC State. He said  "in the ongoing arms race between white hats and black hats, researchers and developers are constantly coming up with new security extensions. But these new tools aren't getting into the hands of users because every new extension requires users to change their device's firmware, or operating system (OS). The ASM framework allows users to implement these new extensions without overhauling their firmware."

iOS users have long pointed to their "at point of use" security model as being superior to Androids "at point of install". The new proposal supports either, via the use of security system "callbacks" which continually query the framework every time a security-sensitive operation is requested to be performed. Going way beyond a mere "grant or deny" system, the data itself is processed such that sensitive parts are filtered out whilst the rest is allowed through. There are many uses for this, such an anonymizing GPS streams, or uploading all contact details to a remote server.

Coming to Android?

Enck has already shown the ASM framework to Google. Time will tell if it is adopted in its current form, or some future system based on the concepts it features. Core ASOP would be the ultimate goal since all the manufacturers base their build from this Open Source tree of Android.

Enck has already done significant work in this area: he co-authoed Kirin, a permission management system, and a workflow policy framework called Aquifier.

Performance also should not be an issue. “Adding security modules will result in a small impact for using the hooks, and then whatever overhead is required by the security module to make the security decision,” he said.