Secure Mobile Business Information Processing

An ever increasing amount of functionality is incorporated into mobile phones—this trend will continue as new mobile phone platforms are more widely used such as the iPhone or Android. Along with this trend, however, new risks arise, especially for enterprises using mobile phones for security-critical applications such as business intelligence (BI). Although platforms like Android have implemented sophisticated security mechanisms, security holes have been reported. In addition, different stakeholders have access to mobile phones such as different enterprises, service providers, operators, or manufacturers. In order to protect security-critical business applications, a trustworthy mobile phone platform is needed. Starting with typical attack scenarios, we describe a security architecture for Android mobile phones based on the concepts of Trusted Computing. In particular, this architecture allows for a dynamic policy change to reflect the current environment the phone is being used in.

[1]  Siani Pearson Trusted Computing Platforms , the Next Security Solution , 2002 .

[2]  Peter Cumming,et al.  The TI OMAP™ Platform Approach to SOC , 2003 .

[3]  Grant Martin,et al.  Winning the SoC revolution : experiences in real design , 2003 .

[4]  Srivaths Ravi,et al.  Tamper resistance mechanisms for secure embedded systems , 2004, 17th International Conference on VLSI Design. Proceedings..

[5]  Aaron Weiss Trusted computing , 2006, NTWK.

[6]  Peter Lipp,et al.  A Practical Approach for Establishing Trust Relationships between Remote Platforms Using Trusted Computing , 2007, TGC.

[7]  Nicolai Kuntze,et al.  On the Deployment of Mobile Trusted Modules , 2007, 2008 IEEE Wireless Communications and Networking Conference.

[8]  Johannes Winter,et al.  Trusted computing building blocks for embedded linux-based ARM trustzone platforms , 2008, STC '08.

[9]  Patrick D. McDaniel,et al.  Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[10]  Yuval Elovici,et al.  Google Android: A Comprehensive Security Assessment , 2010, IEEE Security & Privacy.

[11]  Ahmad-Reza Sadeghi,et al.  Trusted Computing , 2010, Handbook of Financial Cryptography and Security.