Securing Smartphones: A mu TCB Approach

As mobile phones have evolved into smartphones, with complex operating systems running third-party software, they have become increasingly vulnerable to malicious applications (malware). The authors introduce a new design for mitigating malware attacks against smartphone users based on a small trust...

Full description

Saved in:
Bibliographic Details
Published in:IEEE pervasive computing 2014-10, Vol.13 (4), p.72-79
Main Authors: Gilad, Yossi, Herzberg, Amir, Trachtenberg, Ari
Format: Article
Language:English
Subjects:
Computation
Computer programs
Design engineering
Devices
Malware
Running
Smartphones
Software
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:As mobile phones have evolved into smartphones, with complex operating systems running third-party software, they have become increasingly vulnerable to malicious applications (malware). The authors introduce a new design for mitigating malware attacks against smartphone users based on a small trusted computing base module, denoted mu TCB. The mu TCB manages sensitive data and sensors and provides core services to applications, independently of the operating system. The user invokes mu TCB by pressing a simple secure attention key that validates physical possession of the device and authorizes a sensitive action. This approach protects private information even if the device is infected with malware. This article presents a proof-of-concept implementation of mu TCB based on ARM's TrustZone, a secure execution environment increasingly found in smartphones. It also includes an evaluation of the implementation using simulations.
ISSN:1536-1268
DOI:10.1109/MPRV.2014.72