This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Securing Android-Powered Mobile Devices Using SELinux
May/June 2010 (vol. 8 no. 3)
pp. 36-44
Asaf Shabtai, Ben-Gurion University
Yuval Fledel, Ben-Gurion University
Yuval Elovici, Ben-Gurion University
Google's Android framework incorporates an operating system and software stack for mobile devices. Using a general-purpose operating system such as Linux in mobile devices has advantages but also security risks. Security-Enhanced Linux (SELinux) can help reduce potential damage from a successful attack.

1. C. Dagon, T. Martin, and T. Starner, "Mobile Phones as Computing Devices: The Viruses Are Coming," IEEE Pervasive Computing, vol. 3, no. 4, 2004, pp. 11–15.
2. J. Cheng et al., "SmartSiren: Virus Detection and Alert for Smartphones," Proc. 5th Int'l Conf. Mobile Systems, Applications and Services (MobiSys 07), ACM Press, 2007, pp. 258–271.
3. B. Vogel and B. Steinke, "Using SELinux Security Enforcement in Linux-Based Embedded Devices," Proc. 1st Int'l Conf. Mobile Wireless Middleware, Operating Systems, and Applications (MobilWare 08), Inst. for Computer Sciences, Social-Informatics and Telecomm. Eng., 2008, article 15.
4. Open Mobile Terminal Platform (OMTP), Application Security Framework, 2008.
5. D. Marti, "A Seatbelt for Server Software: SELinux Blocks Real-World Exploits," LinuxWorld.com,20 Feb. 2008; www.linuxworld.com/news/2008022408-selinux.html .
6. C. Wright et al., "Linux Security Module Framework," Proc. Linux Symp., Linux Symp., 2002, pp. 604–610.
7. J. Morris, "Have You Driven an SELinux Lately? An Update on the Security Enhanced Linux Project," Proc. Linux Symp., Linux Symp., 2008, pp. 101–113.
8. Y. Nakamura and Y. Sameshima, "SELinux for Consumer Electronics Devices," Proc. Linux Symp., Linux Symp., 2008, pp. 125–133; www.linuxsymposium.org/archives/OLS/Reprints-2008 nakamura-reprint.pdf.
9. X. Zhang, O. Aciicmez, and J.P. Seifert, "Building Efficient Integrity Measurement and Attestation for Mobile Phone Platforms," Proc. 1st Int'l Conf. Security and Privacy in Mobile Information and Comm. Systems (MobiSec 09), Springer, 2009, pp. 71–82.
10. C. Hanson, "SELinux and MLS: Putting the Pieces Together," Proc. SELinux Symp., SELinux Symp., 2006; http://selinux-symposium.org/2006/papers 03-SELinux-and-MLS.pdf.
11. A. Shabtai et al., "Google Android: A Comprehensive Security Assessment," IEEE Security & Privacy, vol. 8, no. 2, 2010, pp. 35–44.

Index Terms:
security, mobile devices, android, access control, Linux security modules, SELinux, mobile computing
Citation:
Asaf Shabtai, Yuval Fledel, Yuval Elovici, "Securing Android-Powered Mobile Devices Using SELinux," IEEE Security & Privacy, vol. 8, no. 3, pp. 36-44, May-June 2010, doi:10.1109/MSP.2009.144
Usage of this product signifies your acceptance of the Terms of Use.