Measuring integrity on mobile phone systems

Divya Muthukumaran, Anuj Sawani, Joshua Schiffman, Brian M. Jung, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

49 Scopus citations

Abstract

Mobile phone security is a relatively new field that is gathering momentum in the wake of rapid advancements in phone system technology. Mobile phones are now becoming sophisticated smart phones that provide services beyond basic telephony, such as supporting third-party applications. Such third-party applications may be security-critical, such as mobile banking, or may be untrusted applications, such as downloaded games. Our goal is to protect the integrity of such critical applications from potentially untrusted functionality, but we find that existing mandatory access control approaches are too complex and do not provide formal integrity guarantees. In this work, we leverage the simplicity inherent to phone system environments to develop a compact SELinux policy that can be used to justify the integrity of a phone system using the Policy Reduced Integrity Measurement Architecture (PRIMA) approach. We show that the resultant policy enables systems to be proven secure to remote parties, enables the desired functionality for installing and running trusted programs, and the resultant SELinux policy is over 90% smaller in size. We envision that this approach can provide an outline for how to build high integrity phone systems.

Original languageEnglish (US)
Title of host publicationSACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies
Pages155-164
Number of pages10
DOIs
StatePublished - Dec 15 2008
Event13th ACM Symposium on Access Control Models and Technologies, SACMAT'08 - Estes Park, CO, United States
Duration: Jun 11 2008Jun 13 2008

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Other

Other13th ACM Symposium on Access Control Models and Technologies, SACMAT'08
CountryUnited States
CityEstes Park, CO
Period6/11/086/13/08

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Fingerprint Dive into the research topics of 'Measuring integrity on mobile phone systems'. Together they form a unique fingerprint.

Cite this