Taming the Robot
Loading...
Files
Date
2011-07-21
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Smart phones contain a lot of private information, such as contact lists, email, SMS and the
browsing history. Their operating systems are based on traditional desktop operating systems and
have all the attack vectors known from desktop computers, but typically employ less means of
defence. As smart phones become more and more wide spread they are increasingly targeted by
attackers, setting private user data at risk [1]. A compromised smart phone may cost money if the
attacker is able to send premium SMS without the user's consent. The attacker may also target
the carrier with denial of service attacks through bot-nets built out of smart phones.
In our research we focus on a secure smart phone architecture. Our architecture allows the
reuse of existing software, and enables us to integrate components that require high security.
Challenges Smart phone operating systems such as iOS and Android are based on traditional
desktop operating system kernels. As such, any flaw in the kernel can allow an adversary to take
control of the phone. Due to the kernels complexity, such flaws are common. A recent study
found 88 exploitable bugs in the Android kernel [2]. Typical countermeasures known from desktop
computers such as virus scanners and firewalls are not applicable to smart phones due to their
limited performance and power envelope. Security updates are installed less frequently which
increases the time until a vulnerability is fixed. Securing the phone by disabling functionality, e.g.
disabling the camera or disallowing installation of custom applications, is not possible because it
would severely cut down on features, which appeal to the normal user.
Approach Our secure system is based on a microkernel, which provides fine grained resource
access control and strict isolation between components. However, due to timing and financial
constraints, creating a secure operating system and a healthy ecosystem (app store, developer
community) from scratch is not feasible. Thus, we employ virtualization technology to run Android
in a sand-box on top of the micro kernel. This enables us to run high-security applications such as
a cryptographic key store side-by-side with Android in a secure way. A compromised Android does
not allow an adversary to compromise high security applications to, for example, steal the user's
private keys. An interesting scenario features two instances of Android in parallel, in different
isolated partitions. One partition runs a hardened business Android that, for example, does not
allow the user to install applications. The other partition runs an unrestricted Android to be used
as the user's private environment.