Are there any efforts to develop a Dalvik VM with extra/embedded security in mind?

I am looking in to adding some extra security features to the Android platform and most of them make sense at the OS level. However, I am wondering if anything could be done at the VM layer to better sandbox the data and code.

Examples (not necessary suited for the VM) would be:

• Encrypted memory management (RAM)
• limited access to system calls and native code
• support for encry开发者_运维技巧pted file systems

Again, I know that this stuff should probably be implemented at the Linux level, but I am brainstorming ideas that could be implemented cleanly at the VM level.

Any ideas? any work already available?

Android's security model limits access to storage, Internet, sensors etc. on an app-by-app basis. Apps are run in sandboxes and must be granted explicit permission (usually at install time) to access resources. This is done at the process level, and not in the Dalvik VM. From the security model doc,

"The kernel is solely responsible for sandboxing applications from each other. In particular the Dalvik VM is not a security boundary, and any app can run native code (see the Android NDK). All types of applications — Java, native, and hybrid — are sandboxed in the same way and have the same degree of security from each other."

Encrypted file systems are available starting in Android 3.0.