Mobile phones have evolved into indispensable devices that run many exciting applications that users can download from phone vendor's application stores. However, as it is not practical to fully vet all application code, users may download malware-infected applications, which may steal or modify security-critical data. In this paper, we propose a security architecture for phone systems that protects trusted applications from such downloaded code. Our architecture uses reference monitors in the operating system and user-space services to enforce mandatory access control policies that express an approximation of Clark-Wilson integrity. In addition, we show how to justify the integrity of mobile phone applications by using the Policy Reduced Integrity Measurement Architecture (PRIMA), which enables a remote party to verify the integrity of applications running on a phone. We have implemented a prototype on the Openmoko Linux Platform, using an SELinux kernel with a PRIMA module and user-space services that leverage the SELinux user-level policy server. We find that the performance of enforcement and integrity measurement is satisfactory, and the SELinux reference policy can be reduced in size by 90% (although more reduction should be possible), enabling practical system integrity with a desirable usability model.
All Science Journal Classification (ASJC) codes
- Information Systems
- Computer Networks and Communications