Protecting the integrity of trusted applications in mobile phone systems

Divya Muthukumaran, Joshua Schiffman, Mohamed Hassan, Anuj Sawani, Vikhyath Rao, Trent Jaeger

Research output: Contribution to journalArticlepeer-review

8 Scopus citations

Abstract

Mobile phones have evolved into indispensable devices that run many exciting applications that users can download from phone vendor's application stores. However, as it is not practical to fully vet all application code, users may download malware-infected applications, which may steal or modify security-critical data. In this paper, we propose a security architecture for phone systems that protects trusted applications from such downloaded code. Our architecture uses reference monitors in the operating system and user-space services to enforce mandatory access control policies that express an approximation of Clark-Wilson integrity. In addition, we show how to justify the integrity of mobile phone applications by using the Policy Reduced Integrity Measurement Architecture (PRIMA), which enables a remote party to verify the integrity of applications running on a phone. We have implemented a prototype on the Openmoko Linux Platform, using an SELinux kernel with a PRIMA module and user-space services that leverage the SELinux user-level policy server. We find that the performance of enforcement and integrity measurement is satisfactory, and the SELinux reference policy can be reduced in size by 90% (although more reduction should be possible), enabling practical system integrity with a desirable usability model.

Original languageEnglish (US)
Pages (from-to)633-650
Number of pages18
JournalSecurity and Communication Networks
Volume4
Issue number6
DOIs
StatePublished - Jun 2011

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Protecting the integrity of trusted applications in mobile phone systems'. Together they form a unique fingerprint.

Cite this