Characterizing SEAndroid policies in the wild

Elena Reshetova; Filippo Bonazzi; Thomas Nyman; Ravishankar Borgaonkar; N. Asokan

doi:10.5220/0005759204820489

Characterizing SEAndroid policies in the wild

Elena Reshetova, Filippo Bonazzi, Thomas Nyman, Ravishankar Borgaonkar, N. Asokan

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

3 Citations (Scopus)

Abstract

Starting from the 5.0 Lollipop release all Android processes must be run inside confined SEAndroid access control domains. As a result, Android device manufacturers were compelled to develop SEAndroid expertise in order to create policies for their device-specific components. In this paper we analyse SEAndroid policies from a number of 5.0 Lollipop devices on the market, and identify patterns of common problems we found. We also suggest some practical tools that can improve policy design and analysis. We implemented the first of such tools, SEAL.

Original language	English
Title of host publication	ICISSP 2016 - Proceedings of the 2nd International Conference on Information Systems Security and Privacy
Publisher	SciTePress
Pages	482-489
Number of pages	8
ISBN (Print)	9789897581670
DOIs	https://doi.org/10.5220/0005759204820489
Publication status	Published - 2016
MoE publication type	A4 Conference publication
Event	International Conference on Information Systems Security and Privacy - Rome, Italy Duration: 19 Feb 2016 → 21 Feb 2016 Conference number: 2

Conference

Conference	International Conference on Information Systems Security and Privacy
Abbreviated title	ICISSP
Country/Territory	Italy
City	Rome
Period	19/02/2016 → 21/02/2016

Keywords

Access Control
SEAndroid
Security
SELinux

Access to Document

10.5220/0005759204820489

Cite this

@inproceedings{a5276db77710438d85783ab935fe441a,

title = "Characterizing SEAndroid policies in the wild",

abstract = "Starting from the 5.0 Lollipop release all Android processes must be run inside confined SEAndroid access control domains. As a result, Android device manufacturers were compelled to develop SEAndroid expertise in order to create policies for their device-specific components. In this paper we analyse SEAndroid policies from a number of 5.0 Lollipop devices on the market, and identify patterns of common problems we found. We also suggest some practical tools that can improve policy design and analysis. We implemented the first of such tools, SEAL.",

keywords = "Access Control, SEAndroid, Security, SELinux",

author = "Elena Reshetova and Filippo Bonazzi and Thomas Nyman and Ravishankar Borgaonkar and N. Asokan",

year = "2016",

doi = "10.5220/0005759204820489",

language = "English",

isbn = "9789897581670",

pages = "482--489",

booktitle = "ICISSP 2016 - Proceedings of the 2nd International Conference on Information Systems Security and Privacy",

publisher = "SciTePress",

address = "Portugal",

note = "International Conference on Information Systems Security and Privacy, ICISSP ; Conference date: 19-02-2016 Through 21-02-2016",

}

Reshetova, E, Bonazzi, F, Nyman, T, Borgaonkar, R & Asokan, N 2016, Characterizing SEAndroid policies in the wild. in ICISSP 2016 - Proceedings of the 2nd International Conference on Information Systems Security and Privacy. SciTePress, pp. 482-489, International Conference on Information Systems Security and Privacy, Rome, Italy, 19/02/2016. https://doi.org/10.5220/0005759204820489

Characterizing SEAndroid policies in the wild. / Reshetova, Elena; Bonazzi, Filippo; Nyman, Thomas et al.
ICISSP 2016 - Proceedings of the 2nd International Conference on Information Systems Security and Privacy. SciTePress, 2016. p. 482-489.

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Characterizing SEAndroid policies in the wild

AU - Reshetova, Elena

AU - Bonazzi, Filippo

AU - Nyman, Thomas

AU - Borgaonkar, Ravishankar

AU - Asokan, N.

N1 - Conference code: 2

PY - 2016

Y1 - 2016

N2 - Starting from the 5.0 Lollipop release all Android processes must be run inside confined SEAndroid access control domains. As a result, Android device manufacturers were compelled to develop SEAndroid expertise in order to create policies for their device-specific components. In this paper we analyse SEAndroid policies from a number of 5.0 Lollipop devices on the market, and identify patterns of common problems we found. We also suggest some practical tools that can improve policy design and analysis. We implemented the first of such tools, SEAL.

AB - Starting from the 5.0 Lollipop release all Android processes must be run inside confined SEAndroid access control domains. As a result, Android device manufacturers were compelled to develop SEAndroid expertise in order to create policies for their device-specific components. In this paper we analyse SEAndroid policies from a number of 5.0 Lollipop devices on the market, and identify patterns of common problems we found. We also suggest some practical tools that can improve policy design and analysis. We implemented the first of such tools, SEAL.

KW - Access Control

KW - SEAndroid

KW - Security

KW - SELinux

UR - http://www.scopus.com/inward/record.url?scp=84968820482&partnerID=8YFLogxK

U2 - 10.5220/0005759204820489

DO - 10.5220/0005759204820489

M3 - Conference article in proceedings

AN - SCOPUS:84968820482

SN - 9789897581670

SP - 482

EP - 489

BT - ICISSP 2016 - Proceedings of the 2nd International Conference on Information Systems Security and Privacy

PB - SciTePress

T2 - International Conference on Information Systems Security and Privacy

Y2 - 19 February 2016 through 21 February 2016

ER -

Characterizing SEAndroid policies in the wild

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

SELint: an SEAndroid policy analysis tool

Cite this