Abstract
We are now in the post-PC era, yet our mobile devices are insecure. We consider the different stake-holders in today’s mobile device ecosystem, and analyze why widely-deployed hardware security primitives on mobile device platforms are inaccessible to application developers and end-users. We systematize existing proposals for leveraging such primitives, and show that they can indeed strengthen the security properties available to applications and users, all without reducing the properties currently enjoyed by OEMs and network carriers. We also highlight shortcomings of existing proposals and make recommendations for future research that may yield practical, deployable results.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Android – An Open Handset Alliance Project. Issue 10809: Password is stored on disk in plain text (August 2010), http://code.google.com
Android Developers. Android API: AccountManager, developer.android.com (accessed November 2011)
Apple. iOS: Understanding data protection. Article HT4175 (October 2011)
ARM Limited. ARM builds security foundation for future wireless and consumer devices. ARM Press Release (May 2003)
ARM Limited. ARM security technology: Building a secure system using TrustZone technology. WhitePaper PRD29-GENC-009492C (April 2009)
ARM Limited. TrustZone API specification 3.0. Technical Report PRD29-USGC-000089 3.1, ARM (February 2009)
ARM Limited. AMBA 4 AXI4-Stream protocol version 1.0 specification (March 2010)
ARM Limited. Virtualization extensions architecture specification (October 2010), http://infocenter.arm.com
Azema, J., Fayad, G.: M-Shield mobile security: Making wireless secure. Texas Instruments WhitePaper (June 2008)
Becher, M., Freiling, F.C., Hoffman, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile security catching up? revealing the nuts and bolts of the security of mobile devices. In: Proceedings of the IEEE Symposium on Security and Privacy (2011)
comex. JailbreakMe, jailbreakme.com (accessed, November 2011)
Costan, V., Sarmenta, L.F.G., van Dijk, M., Devadas, S.: The Trusted Execution Module: Commodity General-Purpose Trusted Computing. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 133–148. Springer, Heidelberg (2008)
Dietrich, K., Winter, J.: Towards customizable, application specific mobile trusted modules. In: Proceedings of the ACM Workshop on Scalable Trusted Computing (2010)
Ekberg, J.E., Asokan, N., Kostiainen, K., Rantala, A.: Scheduling execution of credentials in constrained secure environments. In: Proceedings of the ACM Workshop on Scalable Trusted Computing (2008)
Ekberg, J.-E., Kylänpää, M.: Mobile trusted module (mtm) – an introduction. Technical Report NRC-TR-2007-015, Nokia Research Center (November 2007)
Ekberg, J.-E., Kylänpää, M.: MTM implementation on the TPM emulator. Source code (February 2008), http://mtm.nrsec.com
ElcomSoft: Proactive Software. iOS forensic toolkit (November 2011)
Gligor, V.D., Chandersekaran, C.S., Chapman, R.S., Dotterer, L.J., Hecht, M.S., Jiang, W.-D., Johri, A., Luckenbaugh, G.L., Vasudevan, N.: Design and implementation of Secure Xenix. IEEE Transactions on Software Engineering 13, 208–221 (1986)
Global Platform Device Technology. TEE client API specification version 1.0. Technical Report GPD_SPE_007 (July 2010), http://globalplatform.org
Global Platform Device Technology. TEE internal API specification version 0.27. Technical Report GPD_SPE_010 (September 2011), http://globalplatform.org
Global Platform Device Technology. TEE system architecture version 0.4. Technical Report GPD_SPE_009 (October 2011), http://globalplatform.org
GottaBeMobile. Texas Instruments ARM OMAP4 becomes first mobile CPU to get Netflix certification for Android HD streaming (2011), http://gottabemobile.com
Green Hills Software. Emergence of the mobile multivisor (2011), http://ghs.com
Hecht, M.S., Carson, M.E., Chandersekaran, C.S., Chapman, R.S., Dotterrer, L.J., Gligor, V.D., Jiang, W.D., Johri, A., Luckenbaugh, G.L., Vasudevan, N.: UNIX without the superuser. In: Proceedings of USENIX Technical Conference, pp. 243–256 (1987)
Heider, J., Boll, M.: Lost iPhone? Lost passwords! Practical consideration of iOS device encryption security. Technical report, Fraunhofer SIT (February 2011)
Intel Corp. Intel atom processor, http://www.intel.com/content/www/us/en/processors/atom/atom-processor.html (accessed, March 2012)
Intel Corp. Intel atom processor z2460 (March 2012)
Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: formal verification of an OS kernel. In: Proceedings of the ACM Symposium on Operating Systems Principles, SOSP (2009)
Koistiainen, K., Reshetova, E., Ekberg, J.-E., Asokan, N.: Old, new, borrowed, blue—a perspective on the evolution of mobile platform security architectures. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, CODASPY (2011)
Kostiainen, K., Ekberg, J.E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: Proceedings of ASIACCS (2009)
Kursawe, K., Schellekens, D.: Flexible MicroTPMs through disembedding. In: Proceedings of ASIACCS (2009)
Lampson, B.: Usable security: How to get it. Communications of the ACM 52(11) (2009)
Lineberry, A., Strazzere, T., Wyatt, T.: Inside the Android security patch lifecycle. Presented at BlackHat (August 2011)
Mastin, M.: Square vs. intuit gopayment: Mobile credit card systems compared. PCWorld (September 2011), http://www.pcworld.com/businesscenter/article/239250/
McCammon, R.: How to build a more secure smartphone with mobile virtualization and other commercial off-the-shelf technology. Open Kernel Labs Technology White Paper (September 2010)
McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2010)
Mills, E.: Researchers find avenues for fraud in square. CNET (August 2011), http://news.cnet.com/8301-27080_3-20088441-245/
Open Kernel Labs. OK Labs company datasheet (2010), http://www.ok-labs.com
Popek, G.J., Goldberg, R.P.: Formal requirements for virtualizable third generation architectures. Communications of the ACM, 17 (July 1974)
Sailer, R., Jaeger, T., Valdez, E., Cáceres, R., Perez, R., Berger, S., Griffin, J., van Doorn, L.: Building a MAC-based security architecture for the Xen opensource hypervisor. In: Proceedings of the Annual Computer Security Applications Conference (December 2005)
Schell, S.V., Narang, M., Caballero, R.: US Patent 2011/0269423 Al: Wireless Network Authentication Apparatus and Methods (November 2011)
Schwartz, M.J.: Apple iOS zero-day PDF vulnerability exposed. InformationWeek (July 2011), http://www.informationweek.com/news/231001147
Sun Microsystems, Inc. Java card specifications v3.0.1: Classic edition, Connected edition (May 2009)
TCG Mobile Phone Working Group. TCG mobile trusted module specification. Version 1.0, Revision 7.02 (April 2010)
Texas Instruments E2E Community. Setup of secure world environment using TrustZone. OMAP35X Processors Forum (August 2010), http://e2e.ti.com
US Department of Defense. Trusted computer system evaluation criteria (orange book). DoD 5200.28-STD (December 1985)
Wang, Z., Stavrou, A.: Exploiting smart-phone usb connectivity for fun and profit. In: Proceedings of the Annual Computer Security and Applications Conference, ACSAC (2010)
Winter, J.: Trusted computing building blocks for embedded linux-based ARM TrustZone platforms. In: Proceedings of the ACM Workshop on Scalable Trusted Computing (2008)
Xen.org. Xen ARM project, wiki.xen.org/wiki/XenARM . (accessed November 2011)
Yao, Y.: Security issue exposed by android accountmanager (January 2011), http://security-n-tech.blogspot.com/2011/01/security-issue-exposed-by-android.html
Zhang, X., Aciicmez, O., Seifert, J.P.: A trusted mobile phone reference architecture via secure kernel. In: Proceedings of the ACM Workshop on Scalable Trusted Computing (2007)
Zhou, Z., Gligor, V.D., Newsome, J., McCune, J.M.: Building verifiable trusted path on commodity x86 computers. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vasudevan, A., Owusu, E., Zhou, Z., Newsome, J., McCune, J.M. (2012). Trustworthy Execution on Mobile Devices: What Security Properties Can My Mobile Platform Give Me?. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds) Trust and Trustworthy Computing. Trust 2012. Lecture Notes in Computer Science, vol 7344. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30921-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-30921-2_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30920-5
Online ISBN: 978-3-642-30921-2
eBook Packages: Computer ScienceComputer Science (R0)