Product Spotlight
Wind River Solution Accelerators for Android, Security
Product Overview
Download
As Android devices and technologies continue to evolve, the embedded Android market is facing a greater need for stronger security capabilities. Leveraging our deep embedded market and Android experience, Wind River® provides vital security capabilities on top of the Android Open Source Project to cover a broad spectrum of silicon architectures and vertical markets such as aerospace and defense, automotive, industrial, medical, consumer, and enterprise devices.
Enhanced Policy Control and Management with Security Enhanced Android
Security Enhanced (SE) Android is a project to identify and address critical security gaps within Android. Released by the National Security Agency (NSA), SE Android consists of a Linux kernel and Android user space modifications.
Wind River Solution Accelerator for SE Android enhances SE Android by implementing additional features to remove vulnerabilities and allow more specialized policy control for the following use cases:
- Customized policies allowing flexibility for specific usage models (e.g., downloaded applications), environments (for OEMs, MDMs, corporate enterprise, or government), and security requirements
- Extended protection for Android shared memory driver (Ashmem) and Mandatory Access Control (MAC)
- Additional policy management capabilities required by most enterprises and IT organizations to confine flawed or malicious applications
Encrypted Data Protection Through Isolation
As an operating system, Android is designed for a single domain where any installed application equally shares system resources, limiting the flexibility of the device for multiple purposes beyond a standard consumer phone or tablet.
Wind River Solution Accelerator for Android, Lightweight Partitioning is a security isolation strategy that provides:
- Unlimited number of domains (limited only by the storage capability of the device)
- Data protection for inactive domains using strong disk encryption; each partition is uniquely encrypted
- Separate security policies and application access per domain; for example, a single device could have highly restrictive features and limitations to protect data in work or military mode, but also be used in a personal mode with the openness of a consumer device while safely protecting work data, applications, and network access from being accessed or compromised
Securing the Boot Stage Processes
Wind River Solution Accelerator for Android, Secure Boot provides the foundation of security by verifying each stage of the boot process before the stage is executed.
This mechanism only allows authenticated software to be executed while preventing malicious code from being run. In addition, secure boot implements a chain of trust in which every component in the boot process measures the next one; if any component fails to pass signature verification, the boot process will stop.
- Designed and tested to limit overhead that would impact performance
- Does not impact compliance with Android Compatibility Test Suite (CTS)
