Google is taking steps to ensure its operating system is fully protected. The company recently publicized mechanisms it uses to ensure the Linux kernel in Android is protected. According to Google, Android depends on kernel to enforce its security model.
The mechanisms can be grouped into two separate categories: memory protections and attack surface reduction.
“One of the major security features provided by the kernel is memory protection for user-space processes in the form of address space separation,” wrote Jeff Vander Stoep, Android security team member, in a blog post. “Unlike user-space processes, the kernel’s various tasks live within one address space, and a vulnerability anywhere in the kernel can potentially impact unrelated portions of the system’s memory. Kernel memory protections are designed to maintain the integrity of the kernel in spite of vulnerabilities.”
Android’s memory protection mechanisms include marking memory as read-only/no-execute, restricting kernel access to user space, and improving protection against stack buffer overflows.
Attack surface reduction aims to do so without breaking its functionality. “Reducing attack surface can include removing code, removing access to entry points, or selectively exposing features,” Vander Stoep wrote.
Such mechanisms include removing default access to debug features, restricting app access to ioctl commands, and requiring seccomp-bpf.