Maybe http://android-keystore-v2.webpki.org could be of some interest?
Associated "goodies" on:
http://groups.google.com/group/android-security-discuss/browse_thread/thread/5025fd3157c32a78
I'm pretty sure that Google have no plans in this direction :-)
Anders
Moses Roses wrote:
Will,
The encryption is just an additional capability you can have once you
have a virtual partition.
As for having ext2/3 FS on microSD, well, you can use many freeware
addons for windows that can read it.
Or...use a Samba server on Android to access the partition as a
"shared directory".
This way internally you have a FS which supports all the permissions
needed for isolation just as in internal memory, and a server which
provides good interoperability between linux-like platform to a
windows PC. The server gives another control mechanism for what you
want to expose to the PC (which is even better than the current
situation).
If you want to read the MicroSD directly via a card reader - you will
need the addon freewares (just google a bit).
I hope that helps...
Moses
On Thu, Aug 6, 2009 at 2:44 AM, William Enck <[email protected]
<mailto:[email protected]>> wrote:
Moses,
I think my requirements were a little muddled when I was
describing the security mechanism I'm looking for. I'm not trying
to create secure storage on the SDcard. Rather, I'm looking for
one file system that is accessed by both Android applications and
the PC, but still isolates Android applications. That is, if AppA
writes FileA, the default permissions keep AppB from access it.
However, when the phone is mounted on a PC, the user can access FileA.
Correct me if I'm wrong, but I don't think any of your solution
provide that functionality.
Thanks,
-Will
Moses Roses wrote:
Hi,
Basically is to create a partition which supports a stronger
enabled FS. The 2 options I know of are : virtual disk via
device mapper and real partition (FAT & EXT3)
More elaboration on the methods:
It is possible to have a virtual drive on the FAT, namely, you
have one file on the FAT and that found is mounted (via device
mapper) as a file system, meaning that you can have full
yaffs2 or any other type of supported FS by the kerne. If you
will use encrypted FS(dm-crypt), it will protected the
visibility of file when mounted onto PC.
You need to make sure that the kernel supports device mapper,
and make sure that on the initial mounting table the new
partition appears.
A different method could be 2 partitions, one is FAT and the
other any FS you want that the linux supports. For this method
you can use simple tools such as gparted to do that.
Good Luck,
Moses
On Mon, Aug 3, 2009 at 11:24 PM, William Enck
<[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>> wrote:
Luis,
You might look into a suitable way of securing data on the
SDcard.
It's a FAT file system, so you can't use UNIX permissions to
restrict applications. Officially, nothing sensitive is
supposed to
be placed on the SDcard. However, there are some situations (at
least in my research) where it would be nice to show
through some
sort of analysis that two applications truly are isolated
and can't
share data, even through the SDcard.
The difficulty is that the SDcard needs to be FAT, because
the PC
mounts it. I read on one of the Android mailing lists a
while back
that there is a desire not to make kernel modifications to
support
such isolation. That may, or may not, be a requirement for you.
This leaves the question of how to add security to the
SDcard in
such a way that it still allows the user to access all of
the files
when mounted on a PC.
I've tried to get some Masters students here at Penn State
to look
at the problem, but no one bit (yet). It's not a
particularly deep
research problem, but it's something I'd like to see a good
solution
for. Part of your evaluation should look at how existing
applications use the SDcard and whether or not your
solution breaks
these applications. Theoretically, Content Providers should
be used,
but this might not always be the case.
Best,
-Will
Luis wrote:
Hi all,
I am looking to contribute to Android security and at
the same time
write my thesis.
I have experience in C++ programming as well as other
languages; and
also in coporate security management.
Any ideas of topics where I could help?
Luis
