ABSTRACT
Modern mobile devices serve as platforms that consume services from multiple service providers. It is vital for such an open cell phone environment to secure the information flows of the stakeholders on the platform. Recent emergence of trusted computing technologies provides a root of trust in hardware, which can be used to construct a chain of trust. This chain of trust can be used to remotely verify that the platform is capable to manage information flows in a trusted manner. This work highlights how trusted computing technologies can be complemented with existing Mandatory Access Control mechanisms to verify the runtime and dynamic behaviors of a platform by using a high level, managerial policy - hence enabling a trustworthy platform with dynamic behavior management.
- IMA Sourceforge Site. http://linux-ima.sourceforge.net/.Google Scholar
- MPRA Specs. https://www.trustedcomputinggroup.org/specs/mobilephone/Revision\_5-tcg-mobile-reference-architecture-1\_0.pdf.Google Scholar
- MTM Specs. https://www.trustedcomputinggroup.org/specs/mobilephone/Revision\_6-tcg-mobile-trusted-module-1\_0.pdf.Google Scholar
- OMTP Advance Trusted TR1 Specifications. http://www.omtp.org/Publications/Display.aspx?Id= 48608b5d-ddeb-4c7e-bb90-a409d119f9a4.Google Scholar
- OMTP website. http://www.omtp.org/.Google Scholar
- OpenMoko Community Wiki. http://www.openmoko.org/.Google Scholar
- SE-LAPP, journal = Available at: http://wiki.postgresql.org/wiki/SEPostgreSQL\#LAPP.2FSELinux, year = 2009.Google Scholar
- SELinuxSecMod. http://www.nsa.gov/research/files/selinux/papers/policy2/x86.shtml.Google Scholar
- TI MShield. Available at: http://focus.ti.com/general/docs/wtbu/wtbugencontent.tsp?templateId=6123&navigationId=12316&contentId=4629.Google Scholar
- Trusted Computing Group (TCG). https://www.trustedcomputinggroup.org/.Google Scholar
- TCG Specification Architecture Overview v 1.2, page 11--12. Technical report, Trusted Computing Group, April 2004.Google Scholar
- SELinux Policy Management Infrastructure. Available at: http://oss.tresys.com/projects/policy-server, 2009.Google Scholar
- SELinux Userspace Management Tools. Available at: http://userspace.selinuxproject.org/trac/wiki/SelinuxTools, 2009.Google Scholar
- Trent Jaeger, Reiner Sailer, and Umesh Shankar. PRIMA: Policy-Reduced Integrity Measurement Architecture. In SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologies, pages 19--28, New York, NY, USA, 2006. ACM Press. Google ScholarDigital Library
- P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turner, and J. F. Farrell. The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments. Proceedings of the 21st National Information Systems Security Conference, 10:303--314, 1998.Google Scholar
- D. Muthukumaran, A. Sawani, J. Schiffman, B. M. Jung, and T. Jaeger. Measuring integrity on mobile phone systems. In Proceedings of the 13th ACM symposium on Access control models and technologies, pages 155--164. ACM New York, NY, USA, 2008. Google ScholarDigital Library
- V. Rao and T. Jaeger. Dynamic mandatory access control for multiple stakeholders. In Proceedings of the 14th ACM symposium on Access control models and technologies, pages 53--62. ACM New York, NY, USA, 2009. Google ScholarDigital Library
- R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and Implementation of a TCG-based Integrity Measurement Architecture. Proceedings of the 13th USENIX Security Symposium, pages 223--238, 2004. Google ScholarDigital Library
- Onur Aciicmez Xinwen Zhang and Jean-Pierre Seifert. Building Efficient Integrity Measurement and Attestation for Mobile Phone Platforms. In The First International Conference on Security and Privacy in Mobile Information and Communication Systems. MobiSec, 2009.Google Scholar
- X. Zhang, O. Aciiçmez, and J. P. Seifert. A trusted mobile phone reference architecturevia secure kernel. In Proceedings of the 2007 ACM workshop on Scalable trusted computing, pages 7--14. ACM New York, NY, USA, 2007. Google ScholarDigital Library
Index Terms
- Realizing dynamic behavior attestation for mobile platforms
Recommendations
Using mobile phones to enhance computing platform trust
This paper presents a new method to enhance the trust of traditional computing device by using the popular mobile phone. We first propose a formal method to analyze the platform trust establishment process based on trusted computing technology, and the ...
Access Authority Based Remote Attestation for Trusted Computing Platform
ICEICE '12: Proceedings of the 2012 Second International Conference on Electric Information and Control Engineering - Volume 01how to protect the information security becomes more important in this rapid development of information, the traditional security guard system is difficult to cope with the increasingly complex malicious attacks. Trusted Computing brings new vigor and ...
Do different kinds of trust matter? An examination of the three trusting beliefs on satisfaction and purchase behavior in the buyer-seller context
The three trusting beliefs have different effects on satisfaction and purchase.Benevolence belief is a stronger predictor of satisfaction than competence belief.Competence is a stronger predictor of purchase than integrity and benevolence.Future trust ...
Comments