SBIR-STTR Award

The DoD and IC trusted desktop programs have typically been limited to small, fixed numbers of domains due to having to run multiple instances of Microsoft Windows. The next frontier for the DoD and IC is mobile devices, and in this context, Android (and more specifically, SEAndroid) can support Mandatory Access Control separation mechanisms in the core OS via SEAndroid security policies, without relying on micro virtualization techniques in an untrusted OS. This proposal focuses on leveraging SEAndroid policies to enable secure process and app separation in large populations of mobile devices, including research on the best management methodologies and enterprise integration requirements. SEAndroid-based domains could enable better agility for Communities of Interest without compromising on information assurance, and would also allow better isolation of untrusted applications that might contain malware.

Benefit:
DroidCloud is an enterprise software company with its technology installed in the DOD, intelligence community and Fortune 100. The agile SEAndroid domain techniques developed in this research effort would be directly transitioned into DroidCloud's Commercial Off The Shelf platform, improving cyber security for both its US Government and commercial customers.

Keywords:
Virtualization, SEAn

Given NSAs MCP requirements for no data at rest, VMI will prove critical to enabling access to mobile apps on classified networks, and VMI can also enable working from personally owned end points under teleworking policies. Desktop thin client technology is already employed by the AF on both classified and unclassified networks a mobile equivalent is the natural next step. SEAndroid policy integration will help to ensure the integrity of these remote mobile application environments. We will develop a working system leveraging Security Enhanced Android in a VMI platform to demonstrate a flexible and extensible model for process level separation. The work shall be integrated into Hyporis Commercial Off The Shelf (COTS) product, its Android Cloud Environment (ACE) platform. A lab bench demonstration shall signify meeting this objective and completion (finished). VMI solves the problem of enabling mobile apps in highly secure environments, such as classified networks, ensuring compliance with NSAs Mobility Capability Package (MCP) thin client architecture. This project addresses the security problem of running different sets of mobile apps with robust separation between the sets. Hypori will assure the proper handling of information from cradle to grave by leveraging process level virtualization throughout the information life cycle.;

Benefit:
This solution will allow process level separation in Android, enabling communities of interest to leverage compartments to have different data sets accessible from a single OS. The project will also provide more fine grained access controls for apps interacting with sensors in the operating system, dealing with apps that request unnecessarily broad sensor access rights. The technology will be integrated into the commercial software platform from Hypori (formerly DroidCloud), and will be made available to all is customers across the US government and commercial sectors.