SLR-SELinux: Enhancing the Security Footstone of SEAndroid with Security Label Randomization

Abstract: The root privilege escalation attack is extremely destructive to the security of the Android system. SEAndroid implements mandatory access control to the system through the SELinux security policy at the kernel mode, making the general root privilege escalation attacks unenforceable. However, malicious attackers can exploit the Linux kernel vulnerability of privilege escalation to modify the SELinux security labels of the process arbitrarily to obtain the desired permissions and undermine system security. Ther… Show more

“…Whereas, dynamic analysis helps to detect and prevent indirect information flow at runtime. [31] proposed an optimization scheme for SELinux mechanism based on security label randomization. At Android runtime, the system randomizes the security label mapping inside and outside the kernel to protect the privileged security labels of the system from being illegally obtained and tampered by attackers.…”

SELinux-based operating system security research

“…Whereas, dynamic analysis helps to detect and prevent indirect information flow at runtime. [31] proposed an optimization scheme for SELinux mechanism based on security label randomization. At Android runtime, the system randomizes the security label mapping inside and outside the kernel to protect the privileged security labels of the system from being illegally obtained and tampered by attackers.…”

SELinux-based operating system security research

Agile Approach on the Performance Prediction of ARM TrustZone-based Mandatory Access Control Security Enhancement

SPRT: Automatically Adjusting SELinux Policy for Vulnerability Mitigation