Fig 1 - uploaded by Onur Acıçmez
Content may be subject to copyright.
Information flows are allowed between high and low integrity entities, directly or indirectly via trusted subjects.
Contexts in source publication
Context 1
... rule is applied to Type III trusted subjects as aforementioned. As Figure 1(a) shows, these two rules indi- cate that there is no restriction on information flow within trusted entities, and within untrusted enti- ties, respectively. However, these also imply that information flow is only allowed from high in- tegrity entities to low integrity entities, which are, fundamentally, BIBA-like integrity policies. ...
Context 2
... Figure 1(b) shows, this rule allows a trusted subject to behave as a commu- nication or service channel between untrusted entities. This rule is particularly for the Type III trusted subjects, which can read/receive inputs from low integrity entities while maintaining its integrity level, under the condition that the low integrity data or requests are separated from high integrity data and handled over to a low integrity entity by the trusted subject. ...
Similar publications
Citations
... In the past years a lot of effort has gone into securing smartphones. There are academic contributions [20], [8], [35] and work performed by smartphone operating system (OS) vendors such as Apple, Google, Symbian, RIM or Microsoft. However, the efforts concentrated on the OS, to protect users from attacks and to mitigate malware such as Trojans. ...
... Mulliner et al. [20] build a label based tracking system that tracks a process' access to network interfaces to limit future access to other network resources such as the cellular modem. The SEIP [35] architecture uses D-Bus in combination with SELinux to enforce access policies for applications accessing various system resources on a smartphone. Selhorst et al. [26] describe a Trusted Mobile Desktop prototype that, similar to our approach, uses a micro kernel together with multiple virtualized Linux instances. ...
Malicious injection of cellular signaling traffic from mobile phones is an emerging security issue. The respective attacks can be performed by hijacked smartphones and by malware resident on mobile phones. Until today there are no protection mechanisms in place to prevent signaling based attacks other than implementing expensive additions to the cellular core network. In this work we present a protection system that resides on the mobile phone. Our solution works by partitioning the phone software stack into the application operating system and the communication partition. The application system is a standard fully featured Android system. On the other side, communication to the cellular network is mediated by a flexible monitoring and enforcement system running on the communication partition. We implemented and evaluated our protection system on a real smartphone. Our evaluation shows that it can mitigate all currently known signaling based attacks and in addition can protect users from cellular Trojans.
... To improve on Android's security, a number of solutions were proposed by the academic research community. These range from extensive taint tracking [46], behavioral analysis [33] , mocking inter- faces [7], application of mandatory access control [47, 17], analysis of remote duplicates [22], label based tracking [36], to an implementation of a custom privacy mode [49]. These solutions rely on the integrity of the Android kernel. ...
... In fact we allow rooting of this partition, as it has no consequences for the corporate partition . The corporate partition can be hardened according to the business' security policies e.g. with SELinux [47]. Isolation has to be enforced not only between the two Android instances but at the user interface as well. ...
... Beresford et al. [7] mocked hardware resources to revoke application's access to particular resources at run-time. Zhang et al. [47] applied mandatory access control to Android with SELinux. Zhou et al. [49] implemented a custom privacy mode to enable fine-grained control over application's access on private information. ...
Smartphones became many people's primary means of com-munication. Emerging applications such as Near Field Com-munication require new levels of security that cannot be en-forced by current smartphone operating systems. Therefore vendors resort to hardware extensions that have limitations in flexibility and increase the bill of materials. In this work we present a generic operating system framework that does away with the need for such hardware extensions. We encap-sulate the original smartphone operating system in a virtual machine. Our framework allows for highly secure applica-tions to run side-by-side with the virtual machine. It is based on a state-of-the-art microkernel that ensures isola-tion between the virtual machine and secure applications. We evaluate our framework by sketching how it can be used to solve four problems in current smartphone security.
