Obama administration aims for bottom-up approach to creating global standards for protection of IT and critical infrastructure.
Since last year, the National Institute of Standards and Technology and George Mason University, in Fairfax, Va., have been building the foundation on which future Google AndroidÂbased tablets might be used by the government.
“We had to take a commercial smartphone and re-engineer it,” says Jeff Voas, a NIST computer scientist on the project. NIST and George Mason settled on Android because it’s an open platform that they could rebuild and tailor to their security requirements. “And we’ve done nothing that restricts this technology from moving to Android tablets,” Voas adds.
The result is a mobile operating system that is a hardened version of the original Android OS. It has been tailored to the security requirements of agencies without rendering the hardware device unusable. Too much security can have an adverse effect on performance and user experience, Voas says, so engineers focused on minimizing other resource hogs, including the device’s screen and its wireless radio.
“You can disallow an app from continuously monitoring the wireless connection or leaving the screen on too long,” he says.
As part of the program, NIST engineers also are working with partners to create an app-testing portal where independent developers can submit software to be thoroughly vetted by NIST and George Mason. “NIST requires source code for testing; GMU can test Android binaries,” Voas says.
Between them, NIST and George Mason have pored over about 130,000 Android apps, he says. “And as long as Android is the underlying system for future tablet platforms, we can support them with a just few tweaks when a new device becomes available.”