Google has begun working on firmware-level enhancements to further improve the security of Android. The firmware level is a key component of the system stack that interacts directly with the various processors in the system-on-chip (SoC).
Google plans to extend the security settings of Android devices to other processors in the SoC, specializing in tasks such as cellular communications, media processing or security modules.
Google said it is working with partners in the Android ecosystem to work together to improve the security of Android firmware and explore a variety of protection mechanisms.
Compiler-based cleanup procedures :
Detect memory security issues that lead to security vulnerabilities or crashes during the code compilation phase. Google mentions BoundSan and IntSan.
Vulnerability mitigation measures.
Control Flow Integrity (CFI), Kernel Control Flow Integrity (kCFI), ShadowCallStack, and Stack Canaries
Memory Security Features.
Prevents buffer overflows, post-user-release attacks, and null pointer dereferences, among other errors. Google refers to the “zero-initialized” mechanism, which zeroes out the memory value before the program accesses the allocated space, so it does not contain previously used random data.
Google said that by optimizing how and where the mitigation measures are activated, the impact on Android functionality, performance and system stability can be minimized.
