Mobile phones have evolved from simple voice terminals into highly-capable, general-purpose computing platforms. While people are becoming increasingly more dependent on such devices to perform sensitive operations, protect secret data, and be available for emergency use, it is clear that phone operating systems are not ready to become mission-critical systems. Through a pair of vulnerabilities and a simulated attack on a cellular network, we demonstrate that there are a myriad of unmanaged mechanisms on mobile phones, and that control of these mechanisms is vital to achieving reliable use. Through such vectors, mobile phones introduce a variety of new threats to their own applications and the telecommunications infrastructure itself. In this paper, we examine the requirements for providing effective mediation and access control for mobile phones. We then discuss the convergence of cellular networks with the Internet and its impact on effective resource management and quality of service. Based on these results, we argue for user devices that enable predictable behavior in a network-where their trusted computing bases can protect key applications and create predictable network impact.
In this paper, we present a mandatory access control system that uses input from multiple stakeholders to compose policies based on runtime information. In the emerging ubiquitous environment, many devices run software whose access permissions depends on multiple stakeholders, such as the device owner, the service provider, the application owner, etc., rather than a single system administrator. However, current access control administration remains as either discretionary, allowing the running and perhaps compromised process to administer, or mandatory, requiring all permissions to be known by load-time. A key problem is that users may download arbitrary programs to their devices, requiring that the system contain such programs while allowing some reasonable functionality. However, such programs may need access to resources that can lead to attacks, such as implementing voice-over-IP calls, but that may also be needed for benign operations. In our approach, we use a "soft" sandboxing mechanism to first contain such processes, request the stakeholder to authorize operations outside the sandbox that are not prohibited by policy, and maintain a runtime execution role for the process to identify its access state to the stakeholders. We define a proxy policy server that caches and combines stakeholder policies to make such access decisions. Our framework was implemented by modifying the SELinux module and using a remote proxy policy server, although a local proxy policy server is also possible. We incur a 0.288 µs performance overhead only when stakeholders need to be consulted, and new permissions are cached.
No abstract
SummaryMobile phones have evolved into indispensable devices that run many exciting applications that users can download from phone vendor's application stores. However, as it is not practical to fully vet all application code, users may download malware-infected applications, which may steal or modify security-critical data. In this paper, we propose a security architecture for phone systems that protects trusted applications from such downloaded code. Our architecture uses reference monitors in the operating system and user-space services to enforce mandatory access control policies that express an approximation of Clark-Wilson integrity. In addition, we show how we can justify the integrity of mobile phone applications by using the Policy Reduced Integrity Measurement Architecture (PRIMA), which enables a remote party to verify the integrity of applications running on a phone. We have implemented a prototype on the Openmoko Linux Platform, using an SELinux kernel with a PRIMA module and user-space services that leverage the SELinux user-level policy server. We find that the performance of enforcement and integrity measurement is satisfactory, and the SELinux policy can be reduced in size by 90% (although even more reduction should ultimately be possible), enabling practical system integrity with a desirable usability model.
SUMMARYSimultaneous obsenations of space correlations and time correlations verify that Taylor's hypothesis x = Ut is valid for intervals up to at least 90 rn, and for relative intensities of turbulence at least up to 0.26. It is also shown that, when the stratification is stable, the longitudinal scale of turbulence tends to be much larger along the flow than across it. In an unstable layer, the scale is of the same order of magnitude in all directions.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.