How Google protects the Android kernel, and future plans
On Wednesday, Jeff Vander Stoep of Google’s Android Security team took to the official Android Developers blog and shared some information about the defenses they have already implemented in Android, and some that they are currently working on.
Memory protections that they have introduced include:
- Segmentation of kernel memory and equipping the segments with restrictive page access permissions, the marking of code as read only + execute, and marking the data sections as no-execute and further segmenting into read-only and read-write sections,
- Prevention of the kernel directly acccessing userspace memory, and
- Improved protection against stack buffer overflows.
The attack surface reduction solutions they opted for encompass the removal of default access to debug features, an additional sandboxing mechanism that allows a process to restrict system calls, and restricting apps from accessing a set of commands.
And, as a testament to the fact that Google is not underestimating the attackers’ capabilities of coming up with ways to exploit and bypass already present protections, the Android Security team is already working on:
- Improvements to existing defenses (further sandbox tightening)
- Completely new ones (runtime and compiler defenses for the upstream kernel), as well as
- Projects that will ultimately help them with the bug hunting process.
I don’t know about you, but for me it’s always good to hear about the concrete measures the manufacturers of the devices we use daily are taking to protect us.