Protecting the integrity of trusted applications in mobile phone systems

Mobile phones have evolved into indispensable devices that run many exciting applications that users can download from phone vendor's application stores. However, as it is not practical to fully vet all application code, users may download malware-infected applications, which may steal or modify security-critical data. In this paper, we propose a security architecture for phone systems that protects trusted applications from such downloaded code. Our architecture uses reference monitors in the operating system and user-space services to enforce mandatory access control policies that express an approximation of Clark—Wilson integrity. In addition, we show how to justify the integrity of mobile phone applications by using the Policy Reduced Integrity Measurement Architecture (PRIMA), which enables a remote party to verify the integrity of applications running on a phone. We have implemented a prototype on the Openmoko Linux Platform, using an SELinux kernel with a PRIMA module and user-space services that leverage the SELinux user-level policy server. We find that the performance of enforcement and integrity measurement is satisfactory, and the SELinux reference policy can be reduced in size by 90% (although more reduction should be possible), enabling practical system integrity with a desirable usability model. Copyright © 2010 John Wiley & Sons, Ltd.

[1]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[2]  吴倩 Android Market:难为聚宝盆 , 2011 .

[3]  Eamon F. Walsh,et al.  Application of the Flask Architecture to the X Window System Server , 2007 .

[4]  丸山 宏,et al.  安全なジョブの遠隔実行を可能にするTrusted Platform on demand , 2004 .

[5]  Elaine Shi,et al.  BIND: a fine-grained attestation service for secure distributed systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[6]  Martin Trautschold,et al.  BlackBerry App World , 2010 .

[7]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[8]  Trent Jaeger,et al.  PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.

[9]  Robert Love Get on the D-BUS , 2005 .

[10]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[11]  Trent Jaeger,et al.  Toward Automated Information-Flow Integrity Verification for Security-Critical Applications , 2006, NDSS.

[12]  Butler W. Lampson,et al.  A Trusted Open Platform , 2003, Computer.

[13]  Santosh K. Shrivastava Satem: Trusted Service Code Execution across Transactions , 2006, 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06).

[14]  Stephen Smalley,et al.  The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments , 2000 .

[15]  Xinwen Zhang,et al.  A Trusted Mobile Phone Prototype , 2008, 2008 5th IEEE Consumer Communications and Networking Conference.

[16]  Crispin Cowan,et al.  Linux security modules: general security support for the linux kernel , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[17]  Trent Jaeger,et al.  Measuring integrity on mobile phone systems , 2008, SACMAT '08.

[18]  Using GConf as an Example of How to Create an Userspace Object Manager , 2007 .

[19]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[20]  Timothy Fraser,et al.  LOMAC: Low Water-Mark integrity protection for COTS environments , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[21]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[22]  Liviu Iftode,et al.  Satem: Trusted Service Code Execution across Transactions , 2006, 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06).

[23]  Trent Jaeger,et al.  Verifying Compliance of Trusted Programs , 2008, USENIX Security Symposium.

[24]  Michael K. Reiter,et al.  Minimal TCB Code Execution , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).