Measuring integrity on mobile phone systems

Muthukumaran, Divya; Sawani, Anuj; Schiffman, Joshua; Jung, Brian M.; Jaeger, Trent

doi:10.1145/1377836.1377862

Cited by 55 publications

(32 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Traditional integrity models are not efficient and flexible under these scenarios. For example, LOMAC [20], UMIP [23], and CWlite [25] require a process dynamically downgrade its security level whenever it accesses low integrity objects or receives inputs from low integrity processes. However, the process needs to re-start whenever it needs to access high integrity objects later, which is not efficient for mobile devices.…”

Section: Secure Runtimementioning

confidence: 99%

“…However, directly porting this to mobile devices is not practical due to its high computation overhead during booting and runtime. PRIMA [25] leverages the CW-lite information flow control to maintain a process's integrity, where particular interfaces of the process filter low integrity information when received by this process. However, identifying filtering interfaces in many service processes (daemons) on a mobile phone is not a easy task, especially many of them come from different software vendors, e.g., network carrier, device manufacturer, and third party service providers.…”

Section: Related Workmentioning

confidence: 99%

“…However, identifying filtering interfaces in many service processes (daemons) on a mobile phone is not a easy task, especially many of them come from different software vendors, e.g., network carrier, device manufacturer, and third party service providers. Also, PRIMA still has more than 200 measurements on an Openmoko phone device [25].…”

Section: Related Workmentioning

confidence: 99%

“…The measurements take long time during boot and introduces significant performance delay during runtime. PRIMA [25] extends IMA on mobile phone devices and simplifies the integrity measurements. However it still has more than 200 measurements on an Openmoko phone device [25].…”

Section: Introductionmentioning

confidence: 99%

“…PRIMA [25] extends IMA on mobile phone devices and simplifies the integrity measurements. However it still has more than 200 measurements on an Openmoko phone device [25]. Although many software components (e.g., libs and binary images) on a phone are smaller than corresponding components in PC and servers, the performance overhead is still very significant and degrades the overall user experience.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Building Efficient Integrity Measurement and Attestation for Mobile Phone Platforms

Zhang

Acıiçmez

Seifert

2009

Security and Privacy in Mobile Information and Communication Systems

View full text Add to dashboard Cite

Abstract. Integrity measurement and attestation mechanisms have already been developed for PC and server platforms, however, porting these technologies directly on mobile and resource-limited devices does not truly satisfy their performance constraints. Therefore, there are ongoing research efforts on mobileefficient integrity measurement and attestation mechanisms. In this paper we propose a simple and efficient solution for this problem by considering the unique features of mobile phone devices. Our customized secure boot mechanism ensures that a platform can boot to a secure state. During runtime an information flow-based integrity model is leveraged to maintain high integrity status of the system. Our solution satisfies identified security goals of integrity measurement and attestation. We have implemented our solution on a LiMo compatible mobile phone platform.

show abstract

Section: Secure Runtimementioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Building Efficient Integrity Measurement and Attestation for Mobile Phone Platforms

Zhang

Acıiçmez

Seifert

2009

Security and Privacy in Mobile Information and Communication Systems

View full text Add to dashboard Cite

show abstract

Protecting the integrity of trusted applications in mobile phone systems

Muthukumaran¹,

Schiffman²,

Hassan³

et al. 2011

Security Comm Networks

Self Cite

View full text Add to dashboard Cite

SummaryMobile phones have evolved into indispensable devices that run many exciting applications that users can download from phone vendor's application stores. However, as it is not practical to fully vet all application code, users may download malware-infected applications, which may steal or modify security-critical data. In this paper, we propose a security architecture for phone systems that protects trusted applications from such downloaded code. Our architecture uses reference monitors in the operating system and user-space services to enforce mandatory access control policies that express an approximation of Clark-Wilson integrity. In addition, we show how we can justify the integrity of mobile phone applications by using the Policy Reduced Integrity Measurement Architecture (PRIMA), which enables a remote party to verify the integrity of applications running on a phone. We have implemented a prototype on the Openmoko Linux Platform, using an SELinux kernel with a PRIMA module and user-space services that leverage the SELinux user-level policy server. We find that the performance of enforcement and integrity measurement is satisfactory, and the SELinux policy can be reduced in size by 90% (although even more reduction should ultimately be possible), enabling practical system integrity with a desirable usability model.

show abstract

Semantically rich application‐centric security in Android

Ongtang

McLaughlin

Enck

et al. 2011

Security Comm Networks

136

View full text Add to dashboard Cite

Abstract-Smartphones are now ubiquitous. However, the security requirements of these relatively new systems and the applications they support are still being understood. As a result, the security infrastructure available in current smartphone operating systems is largely underdeveloped. In this paper, we consider the security requirements of smartphone applications and augment the existing Android operating system with a framework to meet them. We present Secure Application INTeraction (Saint), a modified infrastructure that governs install-time permission assignment and their run-time use as dictated by application provider policy. An in-depth description of the semantics of application policy is presented. The architecture and technical detail of Saint is given, and areas for extension, optimization, and improvement explored. As we show through concrete example, Saint provides necessary utility for applications to assert and control the security decisions on the platform.

show abstract

Measuring integrity on mobile phone systems

Cited by 55 publications

References 10 publications

Building Efficient Integrity Measurement and Attestation for Mobile Phone Platforms

Building Efficient Integrity Measurement and Attestation for Mobile Phone Platforms

Protecting the integrity of trusted applications in mobile phone systems

Semantically rich application‐centric security in Android

Contact Info

Product

Resources

About