Wind River, a software subsidiary of Intel, has announced an enhanced version of the National Security Agency’s Security Enhanced (SE) Android, along with two other tools designed to improve the security of Android devices. “Wind River Solution Accelerators for Android, Security” includes modules for SE Android, Lightweight Partitioning, and Secure Boot.
Just as Wind River Platform for Android offers embedded-focused extensions to Google’s Android Open Source Project (AOSP) operating system, the SE Android module in its latest trio of security-oriented Android “accelerators” offers extensions to the secure enhanced SE Android. Sometimes referred to as SEforAndroid, the distribution is a version of the secure SELinux kernel distribution featuring Android user space modifications. It gives users or administrators more control over who, what, and how their Android apps can communicate. The open source project is a collaboration between AOSP, the SELinux project, and the National Security Agency, which released the initial SE Android, and formally submitted the code to AOSP in January
Wind River’s three new security tools are part of its suite of Solution Accelerators for Android middleware stacks. A modular alternative to Wind River Platform for Android, the accelerators include tested and validated applications and middleware for user experience (multimedia), connectivity, medical, automotive, and now, security applications
Here’s a closer look at the three modules in Wind River’s Solution Accelerators for Android, Security:
- SE Android — Wind River’s version of SE Android “addresses a variety of vulnerabilities to make SE Android suitable for commercial use,” says Wind River. It enables enterprise-oriented policies, such as restricted privileges and customized application downloading. The module also extends protection for the Android shared memory driver (Ashmem) and Mandatory Access Control (MAC), and enables policies for confining flawed or malicious apps.
- Lightweight Partitioning — This module offers secure isolation via multiple encrypted partitions, enabling different user and work profiles on a single device. It further supplies device usage models with specialized access to an unlimited number of security domains, including top secret or classified data. Strong disk encryption is applied to inactive domains.
Lightweight Partitioning overview
(click image to enlarge)
- Secure Boot — The Secure Boot accelerator verifies each stage of the boot process before execution, enabling only authenticated software to be executed while blocking malicious code. Every component in the boot process measures the next one, creating “a chain of trust,” says Wind River. The process does not impact compliance with the Android Compatibility Test Suite (CTS), and the impact on boot time performance is said to be negligible.
Secure Boot overview
(click image to enlarge)
Since McAfee joined embedded Linux firmware provider Wind River as an Intel subsidiary in early 2011, the two companies have been collaborating on mobile and embedded security. Wind River’s security products include the military-focused Wind River Linux Secure, the first commercial embedded Linux platform featuring EAL4+ certification using the GP-OSPP profile
Wind River Solution Accelerators for Android, Security is available now. More information may be found at the company’s Solution Accelerators for Android, Security product page.