The so-called Android Security Modules (ASM) framework, due to be presented at Friday's Usenix event in San Diego, is the brainchild of researchers from North Carolina State University and Germany's Darmstadt Technical University.
It pools the knowledge from a dozen or more prior proposals for new Android security architectures, to create a programmable interface for developers to use, providing a series of standard hooks into the operating system so that users can plug-in any new security enhancement.
The researchers say: “We envision multiple ways in which ASM can benefit the security community. As the Android OS changes, only the ASM hook placements need to change.”
They say ASM could help companies introduce bring your own device (BYOD) projects by toughening up and standardising the security on their devices and mitigating against specific security threats - combatting the problem of different Android phones and OS releases having different levels of security.
But they admit that for this to happen, ASM has to be promoted by Google itself.
“If adopted by Google,” they say, “we envision ASM enabling in-the-field security enhancement of Android devices without requiring root access, a significant limitation of existing bring-your-own-device solutions.”
They also say ASM caters for the different types of mobile device users.
“Simply providing type enforcement, information flow control or capabilities does not meet the demands of all potential OS customers - consumers, enterprise and government. Therefore, an extensible OS security interface must be programmable. In short, we seek to accomplish for Android what the LSM and TrustedBSD frameworks have provided for Linux and BSD respectively.”
Analysing their idea, UK security expert Graeme Batsman, security director of EncSec, admitted that “Android has the worst security out there” but feels ASM still faces an uphill battle to get widespread adoption.
“It will only work if Google took up the idea which may be tough,” he told SCMagazineUK.com via email.
But Batsman said it could appeal to individual device manufacturers and the largest user organisations.
“Smaller hardware makers could take up the idea to go for a niche market – ie, privacy and security freaks. Knox by Samsung is a good example and it has government users.
“Interest will depend on the size of the company or government department. Smaller firms probably wouldn't even use BYOD (Bring Your Own Device) products. Medium firms would just take off-the-shelf SaaS service, larger ones would get a consultant in, and giant firms with unlimited resources may look into this as they can dedicate a project manager to get it customised.”
He concluded: “The concept may be a little hard to persuade people, since there are plenty of BYOD services and products out there which to the layman may appear to do everything. This offers more granularity.”
Rorie Hood, a consultant at UK-based MWR InfoSecurity, agreed that Google's support will be crucial. He told SC by email: “While ASM has the potential to be useful, its uptake will be limited unless Google commits to including it into Android.”
Hood said: “ASM builds on the work done in previous Android security research, though it is set apart by its programmable interface that will allow users and enterprises to customise the security of their Android devices.”
But he warned: “Currently it is unlikely to help CISOs in the immediate future. Were it to be integrated into Android, uptake would likely be higher. The inclusion of ASM would allow organisations to tailor modules to satisfy their own security needs and requirements. This may provide increasingly useful for an enterprise wishing to enforce IT policies in a BYOD environment.
“As Google have just recently begun moving from Dalvik to ART, it seems unlikely that they will commit to the large reworking that ASM requires in the near future. That being said, Google incrementally adds additionally security features to Android and recently teamed up with Samsung to introduce Samsung Knox technology into Android L. It is not unforeseeable that the functionality of ASM makes an appearance in Android in the future.”
The ASM framework code is available for free, non-commercial use here.
ASM's launch coincides with the discovery of another vulnerability affecting Android devices – and likely iOS and Windows ones as well.
In a Usenix paper, researchers from the University of Michigan and University of California, Riverside say the security of the Android smartphone GUI can be breached by a new class of attacks they call ‘UI state inference'.
A flaw in the GUI framework means it can potentially reveal every UI state change through a newly discovered shared-memory public side channel. The UI state does not reveal the exact pixels, the researchers say, but can “serve as a powerful building block to enable more serious attacks”.
It could allow a hacker to hijack the UI state to steal user input login credentials or obtain sensitive camera images such as personal cheque photos for banking apps.