Providing Verifiable Integrity on Mobile Platforms
Open Access
- Author:
- Sawani, Anuj
- Graduate Program:
- Electrical Engineering
- Degree:
- Master of Science
- Document Type:
- Master Thesis
- Date of Defense:
- July 07, 2008
- Committee Members:
- Trent Ray Jaeger, Thesis Advisor/Co-Advisor
George Kesidis, Thesis Advisor/Co-Advisor - Keywords:
- openmoko
attacks
mobile phone
integrity
security
selinux - Abstract:
- Mobile phone systems are becoming as advanced and powerful as desktop computers. They now provide services beyond telephony, such as browsing the internet, personal information management or even playing games. However, third-party applications, such as mobile games, could execute malware on the phone and threaten to affect the integrity of trusted software like mobile banking clients. The goal is to prevent trusted data or code from being affected by untrusted software with minimum overhead. The phone has limited processing power and we aim to show that an optimized security framework running on the phone does not affect the performance significantly. We use the Security Enhanced Linux (SELinux) framework combined with Policy Reduced Integirty Measurement Architecture (PRIMA) to provide integrity guarantees to remote parties. Each of these components have been ported to work with an ARM-based platform. Further, the SELinux policy loaded at boot time also ensures that the trusted software is not compromised at any time. On average, we found that the phone takes approximately 0.03 seconds to perform an integrity measurement on a 150KB file. This negligible overhead does not affect performance significantly while assuring integrity of the phone. Our work shows that the approach is practical and will provide a basis for the future development of a standard security framework for mobile phone systems.