A trusted mobile phone reference architecturevia secure kernel

Driven by the ever increasing information security demands in mobile devices, the Trusted Computing Group (TCG) formed a dedicated group - Mobile Phone Working Group (MPWG). to address the security needs of mobile platforms. Along this direction, the MPWG has recently released a Trusted Mobile Phone Reference Architecture Specification. In order to realize trusted mobile platforms, they adapt well-known concepts like TPM, isolation, integrity measurement, etc. from the trusted PC world - with slight modifications due to the characteristics and resource limitations of mobile devices - into generic mobile phone platforms. The business needs of mobile phone industry mandate 4 different stakeholders(platform owners): device manufacturer, cellular service provider, general service provider, and of course the end-user. The specification requires separate trusted and isolated operational domains, so called Trusted Engines, for each of these stakeholders. Although the TCG MPWG does not explicitly prescribe a specific technical realization of these Trusted Engines, a general perception suggests reusing the very well established (Trusted) Virtualization concept from corresponding PC architectures. However, despite of all its merits, the current "resource devourer" Virtualization is not very well suited for mobile devices. Thus, in this paper, we propose another isolation technique, which is specifically crafted for mobile phone platforms and respects its resource limitations. We achieve this goal by realizing the TCG's Trusted Mobile Phone specification by leveraging SELinux which provides a generic domain isolation concept at the kernel level. Additional to harnessing the potential of SELinux to realize mobile phone specific (isolated) operational domains, we are also able to seamlessly integrate the important integrity measurement and verification concept into our SELinux-based Trusted Mobile Phone architecture. This is achieved by defining some SELinux policy language extensions. Thus, the present paper provides a novel, efficient and inherently secure TCG-aware Mobile Phone reference architecture

[1]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[2]  David Caplan,et al.  SELinux by Example: Using Security Enhanced Linux (Prentice Hall Open Source Software Development Series) , 2006 .

[3]  Karl MacMillan,et al.  Lessons Learned Developing Cross- Domain Solutions on SELinux , 2006 .

[4]  Trent Jaeger,et al.  PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.

[5]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[6]  Timothy Fraser,et al.  LOMAC: MAC You Can Live With , 2001, USENIX Annual Technical Conference, FREENIX Track.

[7]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[8]  Ahmad-Reza Sadeghi,et al.  Taming "Trusted Platforms" by Operating System Design , 2003, WISA.

[9]  Stefan Berger,et al.  Building a MAC-based security architecture for the Xen open-source hypervisor , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[10]  Karl MacMillan,et al.  Reference Policy for Security Enhanced Linux , 2006 .

[11]  Richard J. Feiertag,et al.  A separation model for virtual machine monitors , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[12]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[13]  Ahmad-Reza Sadeghi,et al.  Reconfigurable trusted computing in hardware , 2007, STC '07.

[14]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[15]  Ole Agesen,et al.  A comparison of software and hardware techniques for x86 virtualization , 2006, ASPLOS XII.

[16]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[17]  John M. Rushby,et al.  Proof of separability: A verification technique for a class of a security kernels , 1982, Symposium on Programming.

[18]  David A. Glanzer,et al.  Technical Overview , 2008 .

[19]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.