TY - JOUR
T1 - Protecting the integrity of trusted applications in mobile phone systems
AU - Muthukumaran, Divya
AU - Schiffman, Joshua
AU - Hassan, Mohamed
AU - Sawani, Anuj
AU - Rao, Vikhyath
AU - Jaeger, Trent
PY - 2011/6
Y1 - 2011/6
N2 - Mobile phones have evolved into indispensable devices that run many exciting applications that users can download from phone vendor's application stores. However, as it is not practical to fully vet all application code, users may download malware-infected applications, which may steal or modify security-critical data. In this paper, we propose a security architecture for phone systems that protects trusted applications from such downloaded code. Our architecture uses reference monitors in the operating system and user-space services to enforce mandatory access control policies that express an approximation of Clark-Wilson integrity. In addition, we show how to justify the integrity of mobile phone applications by using the Policy Reduced Integrity Measurement Architecture (PRIMA), which enables a remote party to verify the integrity of applications running on a phone. We have implemented a prototype on the Openmoko Linux Platform, using an SELinux kernel with a PRIMA module and user-space services that leverage the SELinux user-level policy server. We find that the performance of enforcement and integrity measurement is satisfactory, and the SELinux reference policy can be reduced in size by 90% (although more reduction should be possible), enabling practical system integrity with a desirable usability model.
AB - Mobile phones have evolved into indispensable devices that run many exciting applications that users can download from phone vendor's application stores. However, as it is not practical to fully vet all application code, users may download malware-infected applications, which may steal or modify security-critical data. In this paper, we propose a security architecture for phone systems that protects trusted applications from such downloaded code. Our architecture uses reference monitors in the operating system and user-space services to enforce mandatory access control policies that express an approximation of Clark-Wilson integrity. In addition, we show how to justify the integrity of mobile phone applications by using the Policy Reduced Integrity Measurement Architecture (PRIMA), which enables a remote party to verify the integrity of applications running on a phone. We have implemented a prototype on the Openmoko Linux Platform, using an SELinux kernel with a PRIMA module and user-space services that leverage the SELinux user-level policy server. We find that the performance of enforcement and integrity measurement is satisfactory, and the SELinux reference policy can be reduced in size by 90% (although more reduction should be possible), enabling practical system integrity with a desirable usability model.
UR - http://www.scopus.com/inward/record.url?scp=79955780166&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79955780166&partnerID=8YFLogxK
U2 - 10.1002/sec.194
DO - 10.1002/sec.194
M3 - Article
AN - SCOPUS:79955780166
SN - 1939-0114
VL - 4
SP - 633
EP - 650
JO - Security and Communication Networks
JF - Security and Communication Networks
IS - 6
ER -