An SELinux-based Intent manager for Android

Simone Mutti, Enrico Bacis, Stefano Paraboschi

In Proceedings of the 3rd IEEE Conference on Communications and Network Security (CNS), Florence, Italy, September 28-30, 2015

The support for Mandatory Access Control offered by SELinux has become a significant component of the security design of the Android operating system, offering robust protection and the ability to support system-level policies enforced by all the elements of the system. A well-known security-sensitive aspect of Android that currently SELinux does not cover is the abuse of intents, which represent the Android approach to inter-process communication. We propose SEIntentFirewall, an SELinux intent manager that provides fine-grained access control over Intent objects, permitting to cover within MAC policies the use of intents.

@INPROCEEDINGS{7346916,
  author={S. {Mutti} and E. {Bacis} and S. {Paraboschi}},
  booktitle={2015 IEEE Conference on Communications and Network Security (CNS)}, 
  title={An SELinux-based intent manager for Android}, 
  year={2015},
  volume={},
  number={},
  pages={747-748},
  abstract={The support for Mandatory Access Control offered by SELinux has become a significant component of the security design of the Android operating system, offering robust protection and the ability to support system-level policies enforced by all the elements of the system. A well-known security-sensitive aspect of Android that currently SELinux does not cover is the abuse of intents, which represent the Android approach to inter-process communication. We propose SEIntentFirewall, an SELinux intent manager that provides fine-grained access control over Intent objects, permitting to cover within MAC policies the use of intents.},
  keywords={Android (operating system);authorisation;firewalls;mandatory access control;security design;Android operating system;system-level policies;abuse of intents;inter-process communication;SEIntentFirewall;SELinux intent manager;fine-grained access control;MAC policies;Androids;Humanoid robots;Access control;Firewalls (computing);Mobile communication;Kernel},
  doi={10.1109/CNS.2015.7346916},
  ISSN={},
  month={Sep.},}

Get the paper

Poster
IEEE CNS15 Best Poster Award