Abstract
Virtualization is used in various environments such as cloud and network, but it was difficult to utilize it in mobile devices due to computing resource problems. Technology such as containers that are faster and lighter than traditional hypervisor-based virtualization is being developed. In this paper, we implemented three virtualization technologies in the Android framework: hypervisor-based virtual machine, lightweight hypervisor-based virtual machine, and container. In the process of implementation, we created and applied the SEAndroid policy for each virtualization technology. In addition, we measured performance by considering the boot time for the implemented virtual instance. As a result of empirical experiments, the container showed the best performance, but it showed a problem with the compatibility of security function SEAndroid. The lightweight hypervisor technology shows faster performance than the legacy one and also provides safety by an additional kernel.
This work was supported by Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government(MSIT) (No. 2019-0-00477, Development of android security framework technology using virtualized trusted execution environment).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Averlant, G.: Multi-level isolation for android applications. In: 2017 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pp. 128–131. IEEE (2017)
Bellard, F.: Qemu, a fast and portable dynamic translator. In: USENIX Annual Technical Conference, FREENIX Track. vol. 41, p. 46 (2005)
Bornstein, D.: Dalvik vm internals. Google I/O developer Conference 23, 17–30 (2008)
Chau, N.T., Jung, S.: Dynamic analysis with android container: challenges and opportunities. Digital Investigation 27, 38–46 (2018)
Chen, L., Zhang, C.: Design and implement of binder extension model based on android inter-process communication. J. Xi’an Univ. Posts and Telecommun. 3 (2013)
Dall, C., Nieh, J.: Kvm/arm: the design and implementation of the linux arm hypervisor. ACM Sigplan Notices 49(4), 333–348 (2014)
Felter, W., Ferreira, A., Rajamony, R., Rubio, J.: An updated performance comparison of virtual machines and linux containers. In: 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), pp. 171–172. IEEE (2015)
Goto, Y.: Kernel-based virtual machine technology. Fujitsu Sci. Techn. J. 47(3), 362–368 (2011)
Gudeth, K., Pirretti, M., Hoeper, K., Buskey, R.: Delivering secure applications on commercial mobile devices: the case for bare metal hypervisors. In: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pp. 33–38 (2011)
Hertz, J.: Abusing privileged and unprivileged linux containers. Whitepaper, NCC Group 48 (2016)
Horsch, J., Huber, M., Wessel, S.: Transcrypt: Transparent main memory encryption using a minimal arm hypervisor. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 152–161. IEEE (2017)
Hua, Z., Gu, J., Xia, Y., Chen, H., Zang, B., Guan, H.: vtz: Virtualizing \(\{\)ARM\(\}\) trustzone. In: 26th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 17), pp. 541–556 (2017)
Huang, J.: Android IPC mechanism. Southern Taiwan University of Technology (2012)
Lin, X., Lei, L., Wang, Y., Jing, J., Sun, K., Zhou, Q.: A measurement study on linux container security: attacks and countermeasures. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 418–429 (2018)
Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the linux operating system. In: USENIX Annual Technical Conference, FREENIX Track, pp. 29–42 (2001)
Nguyen-Vu, L., Chau, N.T., Kang, S., Jung, S.: Android rooting: an arms race between evasion and detection. Secur. Commun. Netw. 2017 (2017)
Randazzo, A., Tinnirello, I.: Kata containers: An emerging architecture for enabling mec services in fast and secure way. In: 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS), pp. 209–214. IEEE (2019)
Shanker, A., Lai, S.: Android porting concepts. In: 2011 3rd International Conference on Electronics Computer Technology, vol. 5, pp. 129–133. IEEE (2011)
Shen, D., Li, Z., Su, X., Ma, J., Deng, R.: Tinyvisor: an extensible secure framework on android platforms. Comput. Secur. 72, 145–162 (2018)
Smalley, S., Craig, R.: Security enhanced (se) android: bringing flexible mac to android. NDSS 310, 20–38 (2013)
Sun, Y., Safford, D., Zohar, M., Pendarakis, D., Gu, Z., Jaeger, T.: Security namespace: making linux security frameworks available to containers. In: 27th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 18), pp. 1423–1439 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Yoon, J., Ngoc, T.C., Huy, H.N., Jung, S. (2020). Virtualization Technologies in the Android Framework and Compatibility with SEAndroid. In: You, I. (eds) Information Security Applications. WISA 2020. Lecture Notes in Computer Science(), vol 12583. Springer, Cham. https://doi.org/10.1007/978-3-030-65299-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-65299-9_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65298-2
Online ISBN: 978-3-030-65299-9
eBook Packages: Computer ScienceComputer Science (R0)