The Linux kernel is at the heart of the Android OS. And with that in mind, Google has detailed a number of Android...
security improvements that defend the kernel.
Jeff Vander Stoep, software engineer for the Android security team at Google, organized the improvements made into two categories: memory protection and attack surface reduction.
"Android relies heavily on the Linux kernel for enforcement of its security model. One of the major security features provided by the kernel is memory protection for userspace [sic] processes in the form of address space separation," Vander Stoep wrote in a blog post. "Unlike userspace [sic] processes, the kernel's various tasks live within one address space, and a vulnerability anywhere in the kernel can potentially impact unrelated portions of the system's memory. Kernel memory protections are designed to maintain the integrity of the kernel in spite of vulnerabilities."
Alex Cox, senior researcher for the FirstWatch team at RSA, the security division of EMC, told SearchSecurity, "Memory protection is the most important protection on the list" of improvements released by Google.
"Control of the contents of system memory is often the route to an OS takeover, so these protections will pay dividends as new attack vectors and vulnerabilities are discovered," Cox said. "Reducing the attack surface is also important, but memory protection is a critical security mechanism when it comes to protecting any system."
Vander Stoep detailed features that set restrictive read-only or no-execute page access permissions on each segment of kernel memory, prevent the kernel from accessing user space memory and protect against stack buffer overflows.
According to Chris Fearon, research director at Black Duck Software Inc., based in Burlington, Mass., these features will improve Android security by mitigating an attack vector where hardware drivers are allowed to execute in kernel memory.
"Tried-and-tested userspace [sic] memory protection techniques are now being applied to the kernel. This prevents rogue processes being able to read and modify other core data in use by the Android operating system," Fearon told SearchSecurity via email. "Kernel memory segments can now be marked as read-only or no-execute. This prevents rogue processes from overwriting protected areas of memory and executing malicious code in them."
For attack surface reduction features, Vander Stoep described how certain system calls and access to the kernel would be restricted or blocked completely.
"Attack surface reduction attempts to expose fewer entry points to the kernel without breaking legitimate functionality," Vander Stoep wrote. "Reducing attack surface can include removing code, removing access to entry points or selectively exposing features."
Liviu Arsene, senior e-threat researcher at Romania-based antimalware firm Bitdefender, said these new restrictions should help improve Android security, but it is too early to tell if other attack surfaces will arise.
"Restricting applications from accessing ioctl commands should also prevent vulnerabilities in drivers from being exploited to execute arbitrary code within the context of the kernel. The addition of Seccomp and restricting ioctl commands are two security features that should prevent a wide range of attacks that deal with kernel privilege escalation," Arsene told SearchSecurity. "Trying to run malicious apps with elevated privileges is usually an attacker's goal, and while the new security mechanism should hinder some of their abilities, other attack surfaces will surely be exploited."
Learn more about the questions that remained after Google detailed the Android N security improvements.
Find out about automated security analysis of Android applications.
Get info on why the second annual Android Security Report is a mixed bag.