Moses,
I think my requirements were a little muddled when I was describing the
security mechanism I'm looking for. I'm not trying to create secure
storage on the SDcard. Rather, I'm looking for one file system that is
accessed by both Android applications and the PC, but still isolates
Android applications. That is, if AppA writes FileA, the default
permissions keep AppB from access it. However, when the phone is mounted
on a PC, the user can access FileA.
Correct me if I'm wrong, but I don't think any of your solution provide
that functionality.
Thanks,
-Will
Moses Roses wrote:
Hi,
Basically is to create a partition which supports a stronger enabled FS.
The 2 options I know of are : virtual disk via device mapper and real
partition (FAT & EXT3)
More elaboration on the methods:
It is possible to have a virtual drive on the FAT, namely, you have one
file on the FAT and that found is mounted (via device mapper) as a file
system, meaning that you can have full yaffs2 or any other type of
supported FS by the kerne. If you will use encrypted FS(dm-crypt), it
will protected the visibility of file when mounted onto PC.
You need to make sure that the kernel supports device mapper, and make
sure that on the initial mounting table the new partition appears.
A different method could be 2 partitions, one is FAT and the other any
FS you want that the linux supports. For this method you can use simple
tools such as gparted to do that.
Good Luck,
Moses
On Mon, Aug 3, 2009 at 11:24 PM, William Enck <[email protected]
<mailto:[email protected]>> wrote:
Luis,
You might look into a suitable way of securing data on the SDcard.
It's a FAT file system, so you can't use UNIX permissions to
restrict applications. Officially, nothing sensitive is supposed to
be placed on the SDcard. However, there are some situations (at
least in my research) where it would be nice to show through some
sort of analysis that two applications truly are isolated and can't
share data, even through the SDcard.
The difficulty is that the SDcard needs to be FAT, because the PC
mounts it. I read on one of the Android mailing lists a while back
that there is a desire not to make kernel modifications to support
such isolation. That may, or may not, be a requirement for you.
This leaves the question of how to add security to the SDcard in
such a way that it still allows the user to access all of the files
when mounted on a PC.
I've tried to get some Masters students here at Penn State to look
at the problem, but no one bit (yet). It's not a particularly deep
research problem, but it's something I'd like to see a good solution
for. Part of your evaluation should look at how existing
applications use the SDcard and whether or not your solution breaks
these applications. Theoretically, Content Providers should be used,
but this might not always be the case.
Best,
-Will
Luis wrote:
Hi all,
I am looking to contribute to Android security and at the same time
write my thesis.
I have experience in C++ programming as well as other languages; and
also in coporate security management.
Any ideas of topics where I could help?
Luis
