Browsing by Author "Im, Bumjin"

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    An Historical Analysis of SE Android Policy
    (2018-05-29) Im, Bumjin; Wallach, Dan Seth
    Android adopted SELinux’s mandatory access control mechanisms in 2013, and since then billions of Android devices are now benefiting from MAC security policies, enforced in the OS kernel. Initially, Android took a gentle approach, with a large number of resources “unconfined”, but the policies are now quite detailed and comprehensive. This paper presents a historical analysis of the MAC security policies enforced by Android, based on years of Git commits in the Android Open Source Project (AOSP). We quantify the complexity of how these policies have evolved over time. In particular, SELinux allows for policies to be expressed as macros, where one policy “rule” may apply to a large number of system objects. We can similarly measure how many rules touch a given system object. Both measures have been creeping steadily upward over the years, suggesting that these measures are a good proxy for “complexity”; reducing this complexity should be a long-term Android engineering goal. We additionally discuss specific hallmarks in Android history, such as the “Stagefright” vulnerability in Android’s media facilities, and the rollout of time-of-use vs. time-of-install permission checks, pointing out how these hallmarks led to changes in the MAC policies.
  • Thumbnail Image
    Item
    Safe and Secure Subprocess Virtualization in Userspace.
    (2021-08-13) Im, Bumjin; Dautenhahn, Nathan
    Commodity operating systems isolate the application with process boundary, and all the developers develop the applications upon the principle. However, the applications cannot simply trust the process-based isolation. Virtually all the applications link at least one dynamic library on the runtime that the libraries share all the resources in the same process boundary. Unfortunately, the application developers do not fully understand the libraries they are using, and it could even be infeasible for some complex applications. If a single malicious or buggy library is linked to the application, it can breach the entire application due to its process boundary principle. Since the process-based isolation could continue for some time, it could be harder to achieve the least privilege. We propose a new process model, Endokernel, to resolve this issue. Endokernel contains a monitor inside the standard process in the commodity operating system and provides safe isolation between subprocess, maintenance, and the secure interactions between subprocesses. Endokernel also proposes a endoprocess virtualization technique. Utilizing endoprocess virtualization could realize a more  fine-grained least privilege principle in the commodity computing environment. We develop Intravirt as the prototype of Endokernel. Intravirt realizes the Endokernelmodel on Intel CPU and Linux by actively utilizing Intel  Memory Protection Key(MPK) and Control flow Enforcement Technology(CET) as the core security mechanisms. Since MPK and CET are hardware mechanisms, Intravirt aims to secure and high-performance endoprocess virtualization. We then evaluate the security and the performance of Intravirt by measuring microbenchmarks and the actual applications with several use cases for the secure computing environment. Throughout the research, we verify Endokernel is a feasible, lightweight, applicable, and effective security model.