Article

A trusted mobile phone reference architecturevia secure kernel

Authors:

Xinwen Zhang,

Onur Acıiçmez,

Jean-Pierre SeifertAuthors Info & Claims

STC '07: Proceedings of the 2007 ACM workshop on Scalable trusted computing

Pages 7 - 14

https://doi.org/10.1145/1314354.1314359

Published: 02 November 2007 Publication History

Get Access

Abstract

Driven by the ever increasing information security demands in mobile devices, the Trusted Computing Group (TCG) formed a dedicated group - Mobile Phone Working Group (MPWG). to address the security needs of mobile platforms. Along this direction, the MPWG has recently released a Trusted Mobile Phone Reference Architecture Specification. In order to realize trusted mobile platforms, they adapt well-known concepts like TPM, isolation, integrity measurement, etc. from the trusted PC world - with slight modifications due to the characteristics and resource limitations of mobile devices - into generic mobile phone platforms. The business needs of mobile phone industry mandate 4 different stakeholders(platform owners): device manufacturer, cellular service provider, general service provider, and of course the end-user. The specification requires separate trusted and isolated operational domains, so called Trusted Engines, for each of these stakeholders. Although the TCG MPWG does not explicitly prescribe a specific technical realization of these Trusted Engines, a general perception suggests reusing the very well established (Trusted) Virtualization concept from corresponding PC architectures. However, despite of all its merits, the current "resource devourer" Virtualization is not very well suited for mobile devices. Thus, in this paper, we propose another isolation technique, which is specifically crafted for mobile phone platforms and respects its resource limitations. We achieve this goal by realizing the TCG's Trusted Mobile Phone specification by leveraging SELinux which provides a generic domain isolation concept at the kernel level. Additional to harnessing the potential of SELinux to realize mobile phone specific (isolated) operational domains, we are also able to seamlessly integrate the important integrity measurement and verification concept into our SELinux-based Trusted Mobile Phone architecture. This is achieved by defining some SELinux policy language extensions. Thus, the present paper provides a novel, efficient and inherently secure TCG-aware Mobile Phone reference architecture

References

[1]

M. Alam, M. Hafner, J.-P. Seifert, and X. Zhang. Extending SELinux Policy Model and Enforcement Architecture for Trusted Platforms Paradigms. In Annual SELinux Symposium 2007.

Abstract

References

Cited By

Index Terms

Recommendations

Trusted Computing Based Mobile DRM Authentication Scheme

Measuring integrity on mobile phone systems

An Advanced Trusted Platform for mobile phone devices

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations