Fighting Crime with SE Android

Last week, I read a BBC News story (Met Police technology ‘ineffective and outdated’) about how the Metropolitan Police force in London, UK was being hampered in its fight against crime by out of date technologies. The news story discussed the London Assembly report (PDF) which highlighted the fact that most police officers had smart phones and tablets which they used in the personal lives, but at work they were reliant on legacy radio systems, and not only had to manually  enter the same data into up to ten different systems.

Clearly there isn’t going to be a simple solution to complex problem such as the Met’s IT infrastructure, when much of the IT budget is spent on maintaining existing systems, reducing the amount available for investment in new infrastructure. However, as the report highlights, it’s not hard to imagine how police officers would benefit from using secure mobile devices which would enable them to enter details of their investigations in real-time into handheld devices, providing them with immediate access to police resources and data, and reducing the amount of paper work and data re-entry.

Historically, many organisations have relied on bespoke devices to provide such capabilities, and while this may still be necessary for some high-security defence applications, this approach often has high non-recurring engineering costs which may be regarded as unaffordable in the current economic climate. The widespread adoption of smartphones and tablets in the consumer market provides an attractive lower-cost alternative for civilian organisations and government use.

Obviously these devices need to be configured and deployed in a secure manner to ensure that organisational data is protected from compromise and unauthorised access, and this is an area where Wind River has invested significantly in the customization and enhancement of Android (Google’s Linux distribution for mobile devices). This has included significant focus on the integration of Security Enhanced Linux to the Android stack implementing security features such as Role-Based Access Controls (RBAC), Policy Management, and Secure Boot (and other features secure boot providing protection against security exploits.

Wind River has also extended the capabilities of SE Android even further through the implementation of Lightweight Partitioning. This provides the ability to securely isolate Android applications and data in different security domains, enabling different security classifications to he hosted on the same device.  This provides a solution to the main challenge of Bring Your Own Devices (BYOD), where end users with internet-enabled mobile devices want to use the same device for both corporate use and personal use; corporate data needs to be kept securely isolated from applications which the user may have downloaded.

I recently had the opportunity to use Wind River’s SE Android and Lightweight Partitioning on an Asus Nexus 7 tablet. This is a very attractive touchscreen tablet, which is large enough for data entry and viewing documents, but small enough to fit into my jacket pocket. However, in order to use the Nexus 7 with Wind River SE Android, I needed to re-flash the OEM firmware image with an image containing Wind River SE Android and LWP. I actually experienced my own few minutes of terror while performing the flash update, fearing that if it had failed I would have created a very expensive paperweight! But I needn’t have worried, as this worked flawlessly, and the re-programmed device booted first time.

The new configuration provides the ability to demonstrate SE Android’s Role-Based Access Controls which prevent privilege-escalation exploits from gaining super user/admin privileges on the device (which can attempt to steal confidential data such as contact information). This involves setting the SE Linux Mandatory Access Control (MAC) mode to Enforcing, and showing that an exploit application will fail to root the device which it is in this mode.

Wind River’s Lightweight Partitioning also enabled me to create multiple security domains (in this instance a red zone and a green zone), one to securely isolate corporate applications and data, and the other domain for end user’s applications respectively, with the ability to switch between them quickly. The two security domains can also be configured with different security policies, for example the corporate domain can be encrypted with 256bit AES and locked-down to prevent downloads/updates by the end user, whereas the other domain could permit the end user to download applications. This shows that if a malware-infected application was downloaded into the end user domain (green zone, assuming it was configured with a permissive policy), it would not be able to compromise the corporate data held on the device.

Wind River has augmented these SE Android capabilities further with Secure Boot which ensures the integrity of the device by detecting malicious code that could compromise data. It does this by implementing a chain of trust where every component in the boot process measures the next one; if any component fails to pass signature verification, the boot process will stop. This can be augmented by a number of Secure Firmware Management techniques which can ensure that the device remains secure, such as the use of policy-based protection which allows only authorized and signed update packages to access the device.

These are just a few examples of the security hardening techniques now available to enable Android-based devices to be securely deployed within the corporate enterprise. SE Android is ready to join the fight against crime.

For additional information from Wind River, visit us on Facebook.