ABSTRACT
Driven by the ever increasing information security demands in mobile devices, the Trusted Computing Group (TCG) formed a dedicated group - Mobile Phone Working Group (MPWG). to address the security needs of mobile platforms. Along this direction, the MPWG has recently released a Trusted Mobile Phone Reference Architecture Specification. In order to realize trusted mobile platforms, they adapt well-known concepts like TPM, isolation, integrity measurement, etc. from the trusted PC world - with slight modifications due to the characteristics and resource limitations of mobile devices - into generic mobile phone platforms. The business needs of mobile phone industry mandate 4 different stakeholders(platform owners): device manufacturer, cellular service provider, general service provider, and of course the end-user. The specification requires separate trusted and isolated operational domains, so called Trusted Engines, for each of these stakeholders. Although the TCG MPWG does not explicitly prescribe a specific technical realization of these Trusted Engines, a general perception suggests reusing the very well established (Trusted) Virtualization concept from corresponding PC architectures. However, despite of all its merits, the current "resource devourer" Virtualization is not very well suited for mobile devices. Thus, in this paper, we propose another isolation technique, which is specifically crafted for mobile phone platforms and respects its resource limitations. We achieve this goal by realizing the TCG's Trusted Mobile Phone specification by leveraging SELinux which provides a generic domain isolation concept at the kernel level. Additional to harnessing the potential of SELinux to realize mobile phone specific (isolated) operational domains, we are also able to seamlessly integrate the important integrity measurement and verification concept into our SELinux-based Trusted Mobile Phone architecture. This is achieved by defining some SELinux policy language extensions. Thus, the present paper provides a novel, efficient and inherently secure TCG-aware Mobile Phone reference architecture
- M. Alam, M. Hafner, J.-P. Seifert, and X. Zhang. Extending SELinux Policy Model and Enforcement Architecture for Trusted Platforms Paradigms. In Annual SELinux Symposium 2007.Google Scholar
- Apparmor. http://en.opensuse.org/AppArmor.Google Scholar
- J. Brizek, M. Khan, J.-P. Seifert, and D. A. Wheeler. A Platform-level Trust-Architecture for Hand-held Devices. In CRASH (2005).Google Scholar
- CDS Framework IDE. http://oss.tresys.com/projects/cdsframework.Google Scholar
- T. Eisenbarth, T. Güneysu, C. Paar, A. R. Sadeghi, D. Schellekens, and M. Wolf. Reconfigurable Trusted Computing in Hardware. In ACM STC '07. Google ScholarDigital Library
- HP NetTop: A technical overview. http://h20338.www2.hp.com/enterprise/downloads/ HP_NetTop_Whitepaper2.pdf.Google Scholar
- Limo foundation. https://www.limofoundation.org.Google Scholar
- NSA Security-Enhanced Linux Example Policy. http://www.nsa.gov/selinux/.Google Scholar
- Open Mobile Alliance. http://www.openmobilealliance.org.Google Scholar
- Open trusted computing (opentc) consortium. http://www.opentc.net/.Google Scholar
- SELinux Reference Policy. http://oss.tresys.com/projects/refpolicy.Google Scholar
- The Linux Intrusion Defence System (LIDS). http://www.lids.org/.Google Scholar
- Linux phone market opening up? http://www.linuxdevices.com/news/NS8591201260.html, 2007.Google Scholar
- TCG mobile reference architecture specification version 1.0. https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobilereference-architecture-1.0.pdf, June 2007Google Scholar
- TCG Mobile Trusted Module Specification Version 1.0. https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobiletrusted-module-1.0.pdf, June 2007.Google Scholar
- K. Adams and O. Agesen. A comparison of software and hardware techniques for x86 virtualization. In Proceedings of the Twelfth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 2--13, San Jose, CA, USA, October 21-25 2006. Google ScholarDigital Library
- D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations and model. Mitre Corp. Report No.M74--244, Bedford, Mass., 1975.Google Scholar
- K. J. Biba. Integrity considerations for secure computer systems. Technical Report TR-3153, The Mitre Corporation, Bedford, MA, April 1977.Google Scholar
- W. Boebert and R. Kain. A practical alternative to hierarchical integrity policies. In Proc. of the 8th National Computer Security Conference, 1985.Google Scholar
- D. D. Clark and D. R. Wilson. A comparison of commercial and military computer security policies. In Proceedings of IEEE Symposium on Security and Privacy, pages 184--194, Oakland, CA, May 1987.Google ScholarCross Ref
- Department of Defense National Computer Security Center. Department of Defense Trusted Computer Systems Evaluation Criteria, December 1985. DoD 5200.28-STD.Google Scholar
- T. Fraser. LOMAC: MAC you can live with. In Proc. of the 2001 Usenix Annual Technical Conference, Jun 2001. Google ScholarDigital Library
- T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A virtual machine-based platform for trusted computing. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, pages 193--206, Bolton Landing, New York, USA, October 19-22 2003. Google ScholarDigital Library
- T. Jaeger, R. Sailer, and U. Shankar. PRIMA: Policy-reduced integrity measurement architecture. In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, pages 19--28, June 2006. Google ScholarDigital Library
- N. L. Kelem and R. J. Feiertag. A separation model for virtual machine monitors. In IEEE Symposium on Research in Security and Privacy, 1991.Google ScholarCross Ref
- P. Loscocco and S. Smalley. Integrating flexible support for security policies into the linux operating system. In Proceedings of USENIX Annual Technical Conference, pages 29--42, June 25-30 2001. Google ScholarDigital Library
- K. MacMillan, S. Shimko, C. Sellers, F. Mayer, and A. Wilson. Lessons learned developing cross-domain solutions on selinux. In Proc. of SELinux Symposium, 2006.Google Scholar
- F. Mayer, K. MacMillan, and D. Caplan. SELinux by Example: Using Security Enhanced Linux. Prentice Hall, 2007. Google ScholarDigital Library
- OMTP. Application security framework. http://www.omtp.org/docs/OMTP_Application_Security_Framework_v2_0.pdf, 2007.Google Scholar
- C. J. PeBenito, F. Mayer, and K. MacMillan. Reference policy for security enhanced linux. In Proc. of SELinux Symposium, 2006.Google Scholar
- R. Sailer, T. Jaeger, E. Valdez, R. Perez, S. Berger, J. L. Griffin, and L. van Doorn. Building a mac-based security architecture for the xen opensource hypervisor. Technical report, IBM Research Report RC23629, 2005.Google Scholar
- J. M. Rushby. Proof of separability: A verification technique for a class of security kernels. In Computing Laboratory, University of Newcastle Upon Tyne, May 5 1981.Google Scholar
- A. Sadeghi and C. Stuble. Taming trusted platforms by operating system design. In Proceedings of the 4th International Workshop for Information Security Applications, LNCS 2908, pages 286--302, Berlin, Germany, August 2003.Google Scholar
- R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In USENIX Security Symposium, pages 223--238, 2004. Google ScholarDigital Library
- J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278--1308, 1975.Google Scholar
- A. Wilson. SEFramework: A new policy development framework and tool to support security engineering. In Proc. of SELinux Symposium, 2005.Google Scholar
Index Terms
- A trusted mobile phone reference architecturevia secure kernel
Recommendations
Trusted Computing Based Mobile DRM Authentication Scheme
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01Rapid development of mobile communications business leads to greater focus on effective mobile DRM (digital right management) for providing improved content protection. To be able to guarantee DRM policies enforcement, the trusted mobile working ...
Measuring integrity on mobile phone systems
SACMAT '08: Proceedings of the 13th ACM symposium on Access control models and technologiesMobile phone security is a relatively new field that is gathering momentum in the wake of rapid advancements in phone system technology. Mobile phones are now becoming sophisticated smart phones that provide services beyond basic telephony, such as ...
An Advanced Trusted Platform for mobile phone devices
The intent of trusted computing is to ensure that an information-processing device functions according to expectations. If the device has been designed to offer security protections, then it is reasonable for these expectations to include some assurance ...
Comments