Protecting the integrity of trusted applications in mobile phone systems

Divya Muthukumaran, Joshua Schiffman, Mohamed Hassan, Anuj Sawani, Vikhyath Rao, Trent Jaeger

Research output: Contribution to journalArticle

7 Citations (Scopus)

Abstract

Mobile phones have evolved into indispensable devices that run many exciting applications that users can download from phone vendor's application stores. However, as it is not practical to fully vet all application code, users may download malware-infected applications, which may steal or modify security-critical data. In this paper, we propose a security architecture for phone systems that protects trusted applications from such downloaded code. Our architecture uses reference monitors in the operating system and user-space services to enforce mandatory access control policies that express an approximation of Clark-Wilson integrity. In addition, we show how to justify the integrity of mobile phone applications by using the Policy Reduced Integrity Measurement Architecture (PRIMA), which enables a remote party to verify the integrity of applications running on a phone. We have implemented a prototype on the Openmoko Linux Platform, using an SELinux kernel with a PRIMA module and user-space services that leverage the SELinux user-level policy server. We find that the performance of enforcement and integrity measurement is satisfactory, and the SELinux reference policy can be reduced in size by 90% (although more reduction should be possible), enabling practical system integrity with a desirable usability model.

Original languageEnglish (US)
Pages (from-to)633-650
Number of pages18
JournalSecurity and Communication Networks
Volume4
Issue number6
DOIs
StatePublished - Jun 2011

Fingerprint

Mobile phones
Access control
Servers

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Networks and Communications

Cite this

Muthukumaran, Divya ; Schiffman, Joshua ; Hassan, Mohamed ; Sawani, Anuj ; Rao, Vikhyath ; Jaeger, Trent. / Protecting the integrity of trusted applications in mobile phone systems. In: Security and Communication Networks. 2011 ; Vol. 4, No. 6. pp. 633-650.
@article{8c263e8011b24b6092e342990296e07a,
title = "Protecting the integrity of trusted applications in mobile phone systems",
abstract = "Mobile phones have evolved into indispensable devices that run many exciting applications that users can download from phone vendor's application stores. However, as it is not practical to fully vet all application code, users may download malware-infected applications, which may steal or modify security-critical data. In this paper, we propose a security architecture for phone systems that protects trusted applications from such downloaded code. Our architecture uses reference monitors in the operating system and user-space services to enforce mandatory access control policies that express an approximation of Clark-Wilson integrity. In addition, we show how to justify the integrity of mobile phone applications by using the Policy Reduced Integrity Measurement Architecture (PRIMA), which enables a remote party to verify the integrity of applications running on a phone. We have implemented a prototype on the Openmoko Linux Platform, using an SELinux kernel with a PRIMA module and user-space services that leverage the SELinux user-level policy server. We find that the performance of enforcement and integrity measurement is satisfactory, and the SELinux reference policy can be reduced in size by 90{\%} (although more reduction should be possible), enabling practical system integrity with a desirable usability model.",
author = "Divya Muthukumaran and Joshua Schiffman and Mohamed Hassan and Anuj Sawani and Vikhyath Rao and Trent Jaeger",
year = "2011",
month = "6",
doi = "10.1002/sec.194",
language = "English (US)",
volume = "4",
pages = "633--650",
journal = "Security and Communication Networks",
issn = "1939-0122",
publisher = "John Wiley and Sons Inc.",
number = "6",

}

Muthukumaran, D, Schiffman, J, Hassan, M, Sawani, A, Rao, V & Jaeger, T 2011, 'Protecting the integrity of trusted applications in mobile phone systems', Security and Communication Networks, vol. 4, no. 6, pp. 633-650. https://doi.org/10.1002/sec.194

Protecting the integrity of trusted applications in mobile phone systems. / Muthukumaran, Divya; Schiffman, Joshua; Hassan, Mohamed; Sawani, Anuj; Rao, Vikhyath; Jaeger, Trent.

In: Security and Communication Networks, Vol. 4, No. 6, 06.2011, p. 633-650.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Protecting the integrity of trusted applications in mobile phone systems

AU - Muthukumaran, Divya

AU - Schiffman, Joshua

AU - Hassan, Mohamed

AU - Sawani, Anuj

AU - Rao, Vikhyath

AU - Jaeger, Trent

PY - 2011/6

Y1 - 2011/6

N2 - Mobile phones have evolved into indispensable devices that run many exciting applications that users can download from phone vendor's application stores. However, as it is not practical to fully vet all application code, users may download malware-infected applications, which may steal or modify security-critical data. In this paper, we propose a security architecture for phone systems that protects trusted applications from such downloaded code. Our architecture uses reference monitors in the operating system and user-space services to enforce mandatory access control policies that express an approximation of Clark-Wilson integrity. In addition, we show how to justify the integrity of mobile phone applications by using the Policy Reduced Integrity Measurement Architecture (PRIMA), which enables a remote party to verify the integrity of applications running on a phone. We have implemented a prototype on the Openmoko Linux Platform, using an SELinux kernel with a PRIMA module and user-space services that leverage the SELinux user-level policy server. We find that the performance of enforcement and integrity measurement is satisfactory, and the SELinux reference policy can be reduced in size by 90% (although more reduction should be possible), enabling practical system integrity with a desirable usability model.

AB - Mobile phones have evolved into indispensable devices that run many exciting applications that users can download from phone vendor's application stores. However, as it is not practical to fully vet all application code, users may download malware-infected applications, which may steal or modify security-critical data. In this paper, we propose a security architecture for phone systems that protects trusted applications from such downloaded code. Our architecture uses reference monitors in the operating system and user-space services to enforce mandatory access control policies that express an approximation of Clark-Wilson integrity. In addition, we show how to justify the integrity of mobile phone applications by using the Policy Reduced Integrity Measurement Architecture (PRIMA), which enables a remote party to verify the integrity of applications running on a phone. We have implemented a prototype on the Openmoko Linux Platform, using an SELinux kernel with a PRIMA module and user-space services that leverage the SELinux user-level policy server. We find that the performance of enforcement and integrity measurement is satisfactory, and the SELinux reference policy can be reduced in size by 90% (although more reduction should be possible), enabling practical system integrity with a desirable usability model.

UR - http://www.scopus.com/inward/record.url?scp=79955780166&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79955780166&partnerID=8YFLogxK

U2 - 10.1002/sec.194

DO - 10.1002/sec.194

M3 - Article

AN - SCOPUS:79955780166

VL - 4

SP - 633

EP - 650

JO - Security and Communication Networks

JF - Security and Communication Networks

SN - 1939-0122

IS - 6

ER -