An Historical Analysis of SE Android Policy
| dc.contributor.advisor | Wallach, Dan Seth | en_US |
| dc.creator | Im, Bumjin | en_US |
| dc.date.accessioned | 2019-05-17T13:30:13Z | en_US |
| dc.date.available | 2019-05-17T13:30:13Z | en_US |
| dc.date.created | 2018-05 | en_US |
| dc.date.issued | 2018-05-29 | en_US |
| dc.date.submitted | May 2018 | en_US |
| dc.date.updated | 2019-05-17T13:30:13Z | en_US |
| dc.description.abstract | Android adopted SELinux’s mandatory access control mechanisms in 2013, and since then billions of Android devices are now benefiting from MAC security policies, enforced in the OS kernel. Initially, Android took a gentle approach, with a large number of resources “unconfined”, but the policies are now quite detailed and comprehensive. This paper presents a historical analysis of the MAC security policies enforced by Android, based on years of Git commits in the Android Open Source Project (AOSP). We quantify the complexity of how these policies have evolved over time. In particular, SELinux allows for policies to be expressed as macros, where one policy “rule” may apply to a large number of system objects. We can similarly measure how many rules touch a given system object. Both measures have been creeping steadily upward over the years, suggesting that these measures are a good proxy for “complexity”; reducing this complexity should be a long-term Android engineering goal. We additionally discuss specific hallmarks in Android history, such as the “Stagefright” vulnerability in Android’s media facilities, and the rollout of time-of-use vs. time-of-install permission checks, pointing out how these hallmarks led to changes in the MAC policies. | en_US |
| dc.format.mimetype | application/pdf | en_US |
| dc.identifier.citation | Im, Bumjin. "An Historical Analysis of SE Android Policy." (2018) Master’s Thesis, Rice University. <a href="https://hdl.handle.net/1911/105603">https://hdl.handle.net/1911/105603</a>. | en_US |
| dc.identifier.uri | https://hdl.handle.net/1911/105603 | en_US |
| dc.language.iso | eng | en_US |
| dc.rights | Copyright is held by the author, unless otherwise indicated. Permission to reuse, publish, or reproduce the work beyond the bounds of fair use or other exemptions to copyright law must be obtained from the copyright holder. | en_US |
| dc.subject | Android | en_US |
| dc.subject | SELinux | en_US |
| dc.subject | SEAndroid | en_US |
| dc.subject | Security | en_US |
| dc.subject | Access Control | en_US |
| dc.title | An Historical Analysis of SE Android Policy | en_US |
| dc.type | Thesis | en_US |
| dc.type.material | Text | en_US |
| thesis.degree.department | Computer Science | en_US |
| thesis.degree.discipline | Engineering | en_US |
| thesis.degree.grantor | Rice University | en_US |
| thesis.degree.level | Masters | en_US |
| thesis.degree.major | Computer Security | en_US |
| thesis.degree.name | Master of Science | en_US |
Files
Original bundle
1 - 1 of 1