Integration of Effective Defenses against One-Day Exploits in Android Kernels

DeletedUser98

A recent study, presented at the 33rd USENIX Security Symposium, is researching the security of kernels of Android phones. As a quick conclusion: the security of most phones kernels is not in a good shape.

What is the GrapheneOS delevopers stance on this? How would GrapheneOS be affacted from those issues?

https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf

Edit: Seems to be impossible to fix that missing character in the title.

de0u

DeletedUser98 https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf

I skimmed it.

Understandably but unfortunately, they examined official vendor kernels, e.g., Google, Samsung, Huawei, OnePlus, Motorola, etc. (vendor table on page 4528), so the results don't directly apply to GrapheneOS.

Some of the mitigations discussed in the paper are similar to things the GrapheneOS project has been doing for a long time (e.g., GrapheneOS has spent a lot of time on hardening both the kernel and user-space malloc implementations).

Charmingly, the paper rates Fairphone at the bottom of their vendor kernel security scoring.

Perhaps a member of the GrapheneOS team will comment, but my hunch is that the GrapheneOS kernel is more hardened than Google's. As the paper discusses, there are security-vs.-performance tradeoffs in some cases, and vendors who want to do well in terms of user-experience benchmarks appear to "tune" some of the mitigations toward performance in some cases.

Overall: that paper is not directly applicable to GrapheneOS. Linux kernels are large and complicated. "Large" and "complicated" are serious obstacles to security, so doubtless the GrapheneOS kernel contains security bugs! But based on the mitigations discussed and suggested in that paper, and my (non-expert) understanding of the mitigations deployed in GrapheneOS kernels, to me this paper reads as good news.