Black and White by HC120708175759

VIEWS: 4 PAGES: 10

									Android Security Enhancement



           Willis Falls
        Allison Hepburn
       CSCE 522 Fall 2010
           Android Security
   Existing security framework is insufficient
   Three categories of security mechanism:
        Linux mechanisms
        Android-specific mechanisms
        Environmental features
         Security Mechanisms
   Linux
        Portable Operating System Interface user
         (POSIX)
        File Access Restrictions
   Android Mechanisms
        Permissions
   Environmental Features
        Type safety (Java)
           High-risk Threats
   Maliciously using the permissions granted to
    an installed application
   Exploiting vulnerabilities in the Linux kernel
    or system libraries
   Exposing private content
   Depleting resources
   Compromising the internal or protected
    network
       Solutions for Malicious
          Permission Use
   Host-based intrusion-detection/prevention
    system
   Firewall
   Application certification
   Selective Android permissions
Solution for Exploiting Core
       Vulnerabilities
 SELinux (security enhanced Linux)
    Solutions for Private Content
             Exposure
   Login
   Firewall
   Data encryption
   Context-aware access control
   Remote management
Solutions for Resource Depletion
   Resource management
   Intrusion-detection/prevention system
    Solutions for Compromised
             Networks
   Virtual Private Network (VPN)
   Remote management
   Context-aware access control
              Conclusion
   Android needs new security features to
    enhance its framework
   New features with existing mechanisms will
    allow the Android to be a secure, trusted
    open-source operating system

								
To top