Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust and Trustworthy Computing

Trust 2012: Trust and Trustworthy Computing pp 159–178Cite as

Trustworthy Execution on Mobile Devices: What Security Properties Can My Mobile Platform Give Me?

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7344))

Abstract

We are now in the post-PC era, yet our mobile devices are insecure. We consider the different stake-holders in today’s mobile device ecosystem, and analyze why widely-deployed hardware security primitives on mobile device platforms are inaccessible to application developers and end-users. We systematize existing proposals for leveraging such primitives, and show that they can indeed strengthen the security properties available to applications and users, all without reducing the properties currently enjoyed by OEMs and network carriers. We also highlight shortcomings of existing proposals and make recommendations for future research that may yield practical, deployable results.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Android – An Open Handset Alliance Project. Issue 10809: Password is stored on disk in plain text (August 2010), http://code.google.com

  2. Android Developers. Android API: AccountManager, developer.android.com (accessed November 2011)

  3. Apple. iOS: Understanding data protection. Article HT4175 (October 2011)

    Google Scholar 

  4. ARM Limited. ARM builds security foundation for future wireless and consumer devices. ARM Press Release (May 2003)

    Google Scholar 

  5. ARM Limited. ARM security technology: Building a secure system using TrustZone technology. WhitePaper PRD29-GENC-009492C (April 2009)

    Google Scholar 

  6. ARM Limited. TrustZone API specification 3.0. Technical Report PRD29-USGC-000089 3.1, ARM (February 2009)

    Google Scholar 

  7. ARM Limited. AMBA 4 AXI4-Stream protocol version 1.0 specification (March 2010)

    Google Scholar 

  8. ARM Limited. Virtualization extensions architecture specification (October 2010), http://infocenter.arm.com

  9. Azema, J., Fayad, G.: M-Shield mobile security: Making wireless secure. Texas Instruments WhitePaper (June 2008)

    Google Scholar 

  10. Becher, M., Freiling, F.C., Hoffman, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile security catching up? revealing the nuts and bolts of the security of mobile devices. In: Proceedings of the IEEE Symposium on Security and Privacy (2011)

    Google Scholar 

  11. comex. JailbreakMe, jailbreakme.com (accessed, November 2011)

  12. Costan, V., Sarmenta, L.F.G., van Dijk, M., Devadas, S.: The Trusted Execution Module: Commodity General-Purpose Trusted Computing. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 133–148. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. Dietrich, K., Winter, J.: Towards customizable, application specific mobile trusted modules. In: Proceedings of the ACM Workshop on Scalable Trusted Computing (2010)

    Google Scholar 

  14. Ekberg, J.E., Asokan, N., Kostiainen, K., Rantala, A.: Scheduling execution of credentials in constrained secure environments. In: Proceedings of the ACM Workshop on Scalable Trusted Computing (2008)

    Google Scholar 

  15. Ekberg, J.-E., Kylänpää, M.: Mobile trusted module (mtm) – an introduction. Technical Report NRC-TR-2007-015, Nokia Research Center (November 2007)

    Google Scholar 

  16. Ekberg, J.-E., Kylänpää, M.: MTM implementation on the TPM emulator. Source code (February 2008), http://mtm.nrsec.com

  17. ElcomSoft: Proactive Software. iOS forensic toolkit (November 2011)

    Google Scholar 

  18. Gligor, V.D., Chandersekaran, C.S., Chapman, R.S., Dotterer, L.J., Hecht, M.S., Jiang, W.-D., Johri, A., Luckenbaugh, G.L., Vasudevan, N.: Design and implementation of Secure Xenix. IEEE Transactions on Software Engineering 13, 208–221 (1986)

    Article  Google Scholar 

  19. Global Platform Device Technology. TEE client API specification version 1.0. Technical Report GPD_SPE_007 (July 2010), http://globalplatform.org

  20. Global Platform Device Technology. TEE internal API specification version 0.27. Technical Report GPD_SPE_010 (September 2011), http://globalplatform.org

  21. Global Platform Device Technology. TEE system architecture version 0.4. Technical Report GPD_SPE_009 (October 2011), http://globalplatform.org

  22. GottaBeMobile. Texas Instruments ARM OMAP4 becomes first mobile CPU to get Netflix certification for Android HD streaming (2011), http://gottabemobile.com

  23. Green Hills Software. Emergence of the mobile multivisor (2011), http://ghs.com

  24. Hecht, M.S., Carson, M.E., Chandersekaran, C.S., Chapman, R.S., Dotterrer, L.J., Gligor, V.D., Jiang, W.D., Johri, A., Luckenbaugh, G.L., Vasudevan, N.: UNIX without the superuser. In: Proceedings of USENIX Technical Conference, pp. 243–256 (1987)

    Google Scholar 

  25. Heider, J., Boll, M.: Lost iPhone? Lost passwords! Practical consideration of iOS device encryption security. Technical report, Fraunhofer SIT (February 2011)

    Google Scholar 

  26. Intel Corp. Intel atom processor, http://www.intel.com/content/www/us/en/processors/atom/atom-processor.html (accessed, March 2012)

  27. Intel Corp. Intel atom processor z2460 (March 2012)

    Google Scholar 

  28. Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: formal verification of an OS kernel. In: Proceedings of the ACM Symposium on Operating Systems Principles, SOSP (2009)

    Google Scholar 

  29. Koistiainen, K., Reshetova, E., Ekberg, J.-E., Asokan, N.: Old, new, borrowed, blue—a perspective on the evolution of mobile platform security architectures. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, CODASPY (2011)

    Google Scholar 

  30. Kostiainen, K., Ekberg, J.E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: Proceedings of ASIACCS (2009)

    Google Scholar 

  31. Kursawe, K., Schellekens, D.: Flexible MicroTPMs through disembedding. In: Proceedings of ASIACCS (2009)

    Google Scholar 

  32. Lampson, B.: Usable security: How to get it. Communications of the ACM 52(11) (2009)

    Google Scholar 

  33. Lineberry, A., Strazzere, T., Wyatt, T.: Inside the Android security patch lifecycle. Presented at BlackHat (August 2011)

    Google Scholar 

  34. Mastin, M.: Square vs. intuit gopayment: Mobile credit card systems compared. PCWorld (September 2011), http://www.pcworld.com/businesscenter/article/239250/

  35. McCammon, R.: How to build a more secure smartphone with mobile virtualization and other commercial off-the-shelf technology. Open Kernel Labs Technology White Paper (September 2010)

    Google Scholar 

  36. McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2010)

    Google Scholar 

  37. Mills, E.: Researchers find avenues for fraud in square. CNET (August 2011), http://news.cnet.com/8301-27080_3-20088441-245/

  38. Open Kernel Labs. OK Labs company datasheet (2010), http://www.ok-labs.com

  39. Popek, G.J., Goldberg, R.P.: Formal requirements for virtualizable third generation architectures. Communications of the ACM, 17 (July 1974)

    Google Scholar 

  40. Sailer, R., Jaeger, T., Valdez, E., Cáceres, R., Perez, R., Berger, S., Griffin, J., van Doorn, L.: Building a MAC-based security architecture for the Xen opensource hypervisor. In: Proceedings of the Annual Computer Security Applications Conference (December 2005)

    Google Scholar 

  41. Schell, S.V., Narang, M., Caballero, R.: US Patent 2011/0269423 Al: Wireless Network Authentication Apparatus and Methods (November 2011)

    Google Scholar 

  42. Schwartz, M.J.: Apple iOS zero-day PDF vulnerability exposed. InformationWeek (July 2011), http://www.informationweek.com/news/231001147

  43. Sun Microsystems, Inc. Java card specifications v3.0.1: Classic edition, Connected edition (May 2009)

    Google Scholar 

  44. TCG Mobile Phone Working Group. TCG mobile trusted module specification. Version 1.0, Revision 7.02 (April 2010)

    Google Scholar 

  45. Texas Instruments E2E Community. Setup of secure world environment using TrustZone. OMAP35X Processors Forum (August 2010), http://e2e.ti.com

  46. US Department of Defense. Trusted computer system evaluation criteria (orange book). DoD 5200.28-STD (December 1985)

    Google Scholar 

  47. Wang, Z., Stavrou, A.: Exploiting smart-phone usb connectivity for fun and profit. In: Proceedings of the Annual Computer Security and Applications Conference, ACSAC (2010)

    Google Scholar 

  48. Winter, J.: Trusted computing building blocks for embedded linux-based ARM TrustZone platforms. In: Proceedings of the ACM Workshop on Scalable Trusted Computing (2008)

    Google Scholar 

  49. Xen.org. Xen ARM project, wiki.xen.org/wiki/XenARM . (accessed November 2011)

  50. Yao, Y.: Security issue exposed by android accountmanager (January 2011), http://security-n-tech.blogspot.com/2011/01/security-issue-exposed-by-android.html

  51. Zhang, X., Aciicmez, O., Seifert, J.P.: A trusted mobile phone reference architecture via secure kernel. In: Proceedings of the ACM Workshop on Scalable Trusted Computing (2007)

    Google Scholar 

  52. Zhou, Z., Gligor, V.D., Newsome, J., McCune, J.M.: Building verifiable trusted path on commodity x86 computers. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CyLab, Carnegie Mellon University, USA

    Amit Vasudevan, Emmanuel Owusu, Zongwei Zhou, James Newsome & Jonathan M. McCune

Authors
  1. Amit Vasudevan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emmanuel Owusu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zongwei Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. James Newsome
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jonathan M. McCune
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Technical University Darmstadt, Hochschulstrasse 10, 64289, Darmstadt, Germany

    Stefan Katzenbeisser  & Melanie Volkamer  & 

  2. Institute of Software Technology and Interactive Systems, Vienna University of Technology and SBA Research, Favoritenstrsse 9-11, 1040, Vienna, Austria

    Edgar Weippl

  3. School of Informatics, Indiana University, 901 East Tenth Street, 47405, Bloomington, IN, USA

    L. Jean Camp

  4. Department of Computer Science, University of North Carolina at Chapel Hill, 201 S. Columbia Street UNH-CH, 27599-3175, Chapel Hill, NC, USA

    Mike Reiter

  5. Huawei America R&D, 2330 Central Expressway, 95050, Santa Clara, CA, USA

    Xinwen Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Vasudevan, A., Owusu, E., Zhou, Z., Newsome, J., McCune, J.M. (2012). Trustworthy Execution on Mobile Devices: What Security Properties Can My Mobile Platform Give Me?. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds) Trust and Trustworthy Computing. Trust 2012. Lecture Notes in Computer Science, vol 7344. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30921-2_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-30921-2_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30920-5

  • Online ISBN: 978-3-642-30921-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation