An SELinux-based Intent manager for Android

Simone Mutti, Enrico Bacis, Stefano Paraboschi

In Proceedings of the 3rd IEEE Conference on Communications and Network Security (CNS)

The support for Mandatory Access Control offered by SELinux has become a significant component of the security design of the Android operating system, offering robust protection and the ability to support system-level policies enforced by all the elements of the system. A well-known security-sensitive aspect of Android that currently SELinux does not cover is the abuse of intents, which represent the Android approach to inter-process communication. We propose SEIntentFirewall, an SELinux intent manager that provides fine-grained access control over Intent objects, permitting to cover within MAC policies the use of intents.

@INPROCEEDINGS{7346916,
  author={S. {Mutti} and E. {Bacis} and S. {Paraboschi}},
  booktitle={2015 IEEE Conference on Communications and Network Security (CNS)}, 
  title={An SELinux-based intent manager for Android}, 
  year={2015},
  volume={},
  number={},
  pages={747-748},
  abstract={The support for Mandatory Access Control offered by SELinux has become a significant component of the security design of the Android operating system, offering robust protection and the ability to support system-level policies enforced by all the elements of the system. A well-known security-sensitive aspect of Android that currently SELinux does not cover is the abuse of intents, which represent the Android approach to inter-process communication. We propose SEIntentFirewall, an SELinux intent manager that provides fine-grained access control over Intent objects, permitting to cover within MAC policies the use of intents.},
  keywords={Android (operating system);authorisation;firewalls;mandatory access control;security design;Android operating system;system-level policies;abuse of intents;inter-process communication;SEIntentFirewall;SELinux intent manager;fine-grained access control;MAC policies;Androids;Humanoid robots;Access control;Firewalls (computing);Mobile communication;Kernel},
  doi={10.1109/CNS.2015.7346916},
  ISSN={},
  month={Sep.},}

Get the paper

Poster
IEEE CNS15 Best Poster Award