1 WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion in the number of connected devices, security attacks can now be launched from anywhere, targeting any place. Securing mobile devices is crucial because the same capabilities that increase our social interactions and business effectiveness can be subverted and used for unintended and unapproved uses. As a widely deployed and robust open source platform, Android provides the ideal foundation for the integration of appropriate security controls for personal and business device protection as well as high-assurance and battlefield use cases. Wind River has combined our extensive experience in commercial Android with our capabilities in secure certified embedded systems to develop an advanced security strategy for Android platforms that also ensures compatibility with the commercial Android development model. This comprehensive strategy includes attack detection and prevention, device integrity, isolation techniques, and infrastructure security to protect data and devices from multiple threat vectors. Wind River Android Security Strategy Attack Detection and Prevention Device Integrity Isolation SE Android with enhancements Selective permissions Pre-install filter Secure boot Secure firmware management Cryptography Lightweight partitioning Hypervisor Infrastructure Security Secure Android Deployment Mobile device management Integrity and attestation Forensics Testing and Android compliance Certification and validation Audit Security Brief INNOVATORS START HERE.
2 ATTACK DETECTION AND PREVENTION Security threats against Android-based devices are extensive and include unauthorized access, data and device destruction, information disclosure, modification of information, and denial of service. Security Enhanced (SE) Android identifies and addresses critical gaps in the security of Android. Released by the National Security Agency (NSA), it consists of Linux kernel and Android user space modifications. Wind River enhances SE Android by implementing additional features to remove vulnerabilities and allow more specialized policy for a given use case, including the following: Semi-custom policy for downloaded applications Restricted privileges as demanded by most enterprises and IT organizations Code extensions to support standard Android drivers Initial security policies with Android Compatibility Test Suite (CTS) and Wind River Test Management for Android SE Android was released with a reference implementation to open source, and the Wind River enhancements fill the gaps between that release and the requirements of a commercial product. Further precautions can be implemented with deployment of pre-install filters managed by customizable policy to inspect software installation requirements and disallow installation of applications requiring access to restricted device capabilities like cameras, network access, or recording features. DEVICE INTEGRITY Mobile device software stacks consist of many layers of software, from low-level boot firmware through operating system kernels, system services, middleware, and applications. Attackers can exploit vulnerabilities in any of these areas to turn a threat into a successful attack. Secure boot provides the foundation of security by verifying each stage of the boot process before it is executed. This mechanism allows only authenticated software and prevents malicious code from being executed. Secure boot implements a chain of trust in which every component in the boot process measures the next one; if any component fails to pass signature verification, the boot process will respond appropriately. Secure Android firmware management is integrated with secure boot and provides additional protection with error tolerance for power off, low battery, corrupt package, and memory error, as well as policy that allows only authorized and signed update packages to access the device. Integrity mechanisms require robust cryptography features to ensure digital signatures and other protections are appropriately verified. Robust cryptography is not only essential to support integrity verification, it is also essential to fully protect data, software, device access, and communications. 2 Security Brief
3 ISOLATION Android is designed for a single domain where installed applications share system resources, limiting its flexibility for reusing the device for multiple purposes that span multiple domains or multiple users. Some existing multi-domain solutions rely on virtualization, with guests corresponding to different protected domains, typically causing significant overhead and complications whenever there is a need to share hardware resources. Lightweight partitioning (LWP) is a security isolation strategy that provides multiple encrypted partitions, keeping information safe and secure between them. For example, a project team sharing a tablet can set up multiple users, or one partition can be set up to secure personal information and another to secure corporate information. LWP protects data from leaking across partitions so that secure applications and data can be kept separate (isolated) from other partitions. Partition Transition Reinitialize Authenticate Decrypt Android Partition 1 Android Partition 2 Android Partition N Hardware Figure 1: Lightweight partitioning For more concurrent partitioning, Wind River delivers virtualization for Android with a type 1 real-time embedded hypervisor, providing a virtualization layer that partitions a single- or multi-core chip into multiple partitions with varying levels of protection and capabilities. With a small footprint and high performance, Wind River Hypervisor offers all the benefits of embedded virtualization for Android: A faster and more reliable virtualization environment Lightweight and easy configuration and deployment on complex devices Secure environment separation between different operating systems, components, and applications 3 Security Brief
4 Android Partition 1 Android Partition N Device Securtiy Partition I/O Partition Device Attestation Device Audit Services Device Sanitation Services Guard/Filter I/0 Servers and Middleware I/0 Drivers Guest OS Guest OS Hypervisor Hardware Figure 2: Hypervisor isolation approach INFRASTRUCTURE SECURITY A comprehensive Android security strategy needs to address operation of the device within a greater networked system. Mobile device management (MDM) systems deliver important security features such as Android firmware distribution, security policy distribution, device inventory, and remote lock and wipe to stolen devices. These MDM capabilities ensure that system threat detection and prevention goals can be achieved. Wind River has implemented a lightweight MDM system that can be used to enhance control of the Android device, consisting of both server and client components. If you have an existing MDM system, the client portion is easily adaptable to connect to your in-house or third-party MDM solution. Authentication and identification are key security capabilities with a broad set of features and overlapping functionality. One aspect of authentication and identification protects the resources on the device by allowing access only to known users with physical access to the device; users who cannot demonstrate that they are valid users must not be allowed access to the resources of the device. Another aspect protects the resources on the device by allowing access only to known remote systems; a device must not perform MDM actions unless it can be assured that the MDM server is the one it claims to be. A third aspect of authentication and identification protects the resources on a remote server or system from a compromised device; the device must authenticate to the remote server that it is the one it claims to be and that the user has the proper credentials to access the remote system s resources. To better support system security, measurement and attestation should be added to the secure boot process at startup to take a measurement of code and state and provide evidence of authenticity. These actions are repeated periodically during device operation, and results are reported back to the enterprise management system. 4 Security Brief
5 WIND RIVER ANDROID AND SECURITY EXPERIENCE Founding member of the Open Handset Alliance (OHA) Original Google commercialization partner 100+ Android projects since 2007 Contributor to the U.S. National Security Agency s SE Android project FIPS certified cryptography Common Criteria certification Wurldtech s Achilles certification SECURE ANDROID DEPLOYMENT Adding advanced security capability to Android devices while still maintaining conformance to the Android development model introduces increased complexities for testing, validation, and certification of these devices. Wind River offers a complete automated test environment, Wind River Test Management for Android, to prove compliance with Google s Android Compatibility Test Suite (CTS), measure performance, and ensure the stability of devices running Android. Test Management for Android incorporates existing tests and test frameworks, and includes compliance test suites that can all be extended to support certification and validation processes. Communication Channel (Including Power Supply Control) Android Device Wind River Test Management for Android Wind River UX Test Development Kit for Android Monkey Tool Tests Alarm Camera Media Player Browser Clock Messaging Calculator Contacts Phone Calendar Settings Run-Time Drivers Open Source Tests/Tools Wind River Test Suites/Tools Device Management Engine (DME) TETware Stress Tests Instrumentation Tests Standard Android Compatibility Test Suite (CTS) Wind River Android Device Characterization Suite (ADCS) Bluetooth Location Stability Camera Media Transfer Graphics SMS Wi-Fi Optimized CTS Wind River Hardware Abstraction Layer (HAL) Suite Audio Flashlight Lights Sensors Battery Framebuffer Power Management Touchscreen Bluetooth GPS RIL Vibrator Camera Keyboard RTC Wi-Fi LTP IOZone IPerf Figure 3: Wind River Test Management for Android Certification and validation of secure devices is assured and expedited by comprehensive tool suites managed by expert security resources. Wind River Professional Services can support medium- to high-assurance certification efforts for secure Android platforms, as well as auditing and forensic activities and requirements. WIND RIVER SECURE MOBILITY VISION The challenge of securing the Android commercial capability and mobile platform requires endto-end system threat assessment and incorporation of embedded device strategies to effectively thwart cyberattacks and maintain secure communications. Wind River takes a holistic approach that includes threat and risk assessment services; technology solutions that counter security threats yet still deliver the benefits of commercial mobile platforms; and testing and verification frameworks that enable secure devices to be quickly verified, approved, and deployed. Wind River is a world leader in embedded and mobile software. Wind River has been pioneering computing inside embedded devices since 1981, and its technology is found in more than 1 billion products. Wind River is headquartered in Alameda, California, with offices in more than 20 countries. To learn more, visit Wind River at Wind River Systems, Inc. The Wind River logo is a trademark of Wind River Systems, Inc., and Wind River and VxWorks are registered trademarks of Wind River Systems, Inc. Rev. 11/2012
Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations.
AT&T Synaptic Hosting SM Service Security Overview A Look at AT&T s Protective Measures to Enable Your Business Success AT&T follows high security standards to help protect customers from the risks and
Mobile Security Reference Architecture May 23, 2013 Product of the Federal CIO Council and Department of Homeland Security National Protection and Program Directorate Office of Cybersecurity and Communications
Flyer 1 Meet evolving enterprise mobility challenges with Samsung KNOX Solve today s dynamic enterprise mobility demands with the right solution platform Enterprise Mobility Trends The growth of enterprise
Kony Write Once, Run Everywhere Mobile Technology WHITE PAPER July 2012 Meeting the BYOD challenge with next-generation application and device management Overview... 3 The Challenge... 4 MAM Functions...
1 MOBILITY IN FINANCIAL SERVICES A Checklist Towards Regulatory Compliance Whitepaper Whitepaper Brochure 2 A Checklist Towards Regulatory Compliance Like business leaders in every industry, decision makers
The Future of Mobile Enterprise Security Gearing Up for Ubiquitous Computing August 2014 795 Folsom Street, 1 st Floor San Francisco, CA 94107 Tel.: 415.685.3392 Fax: 415.373.3892 Contents Introduction...
Addressing NIST and DOD Requirements for Mobile Device Management Whitepaper 2013 ForeScout Technologies, Inc. All rights reserved. Call Toll-Free: 1.866.377.8771 www.forescout.com Contents 1. OVERVIEW
G DATA TechPaper #0273 Mobile Device Management G DATA Application Development TechPaper_#0273_2015_04_21 Contents 1. 2. 3. 4. Introduction... 3 Mobile devices in the enterprise... 3 2.1. Benefits... 4
APPLICATION SECURITY OVERVIEW Users have access to additional layers of security that are controlled and determined by the company s ICE administrator. These are designed to ensure company policies are
Next Generation Cloud Computing Issues and Solutions Jeon SeungHwan 1, Yvette E. Gelogo 1 and Byungjoo Park 1 * 1 Department of Multimedia Engineering, Hannam University 133 Ojeong-dong, Daeduk-gu, Daejeon,
Security Management Considerations for Mobile Devices Brian Davis Security Management Considerations for Mobile Devices P a g e 1 Mobile devices have been in existence for many years now. This class of
Protect what you value. Virtualization and Risk: Key Security Considerations for Your Enterprise Architecture Taking a structured and systematic view of the impact of hardware virtualization on IT risk
Kaseya White Paper Managing the Complexity of Today s Hybrid IT Environments There are many factors driving the increasing complexity of IT today. The rapid adoption of cloud computing, big data and mobile
White Paper McAfee Security Architectures for the Public Sector End-User Device Security Framework Table of Contents Business Value 3 Agility 3 Assurance 3 Cost reduction 4 Trust 4 Technology Value 4 Speed
Checklist to Assess Security in IT Contracts Federal Agencies that outsource or contract IT services or solutions must determine if security is adequate in existing and new contracts. Executive Summary
white paper 10 Things You Need to Know Best Practices for Securing Your Enterprise: In today s global economy, businesses depend on the Internet like never before -- enterprises are increasingly conducting
Continuous Compliance for Energy and Nuclear Facility Cyber Security Regulations Leveraging Configuration and Vulnerability Analysis for Critical Assets and Infrastructure May 2015 (Revision 2) Table of
IT@Intel White Paper Intel IT IT Best Practices Cloud Computing and Information Security January 2012 Virtualizing High-Security Servers in a Private Cloud Executive Overview Our HTZ architecture and design
Cyber Security Intel Corporation U.S. Executive Order 13636 and Critical Security Capabilities to Consider White Paper Authors Amit Agrawal (Security Strategist, Intel) Jack Lawson (Director - Security,
Swiftly Deploy Private and Hybrid Clouds with a Single Pane of Glass View into Cloud Infrastructure Enable Fast, Easy, and Robust Cloud Computing with RightScale and Eucalyptus Overview As organizations
CMSGu2013-02 Mauritian Computer Emergency Response Team Enhancing Cyber Security in Mauritius Guideline on Mobile Devices Security (Updated) National Computer Board Mauritius Version 2.0 May 2013 Issue
A Trend Micro White Paper April 2014 PCI DSS 3.0 Compliance How Trend Micro Cloud and Data Center Security Solutions Can Help INTRODUCTION Merchants and service providers that process credit card payments
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of
In this White Paper Connectivity is good. Secure connectivity is essential. This white paper by Thales UK explains how Thales Gateway Services protect the exchange of data across security domains. It discusses