Abstract
Due to the increasing security demands in mobile devices, the Trusted Computing Group (TCG) formed a dedicated Mobile Phone Working Group (MPWG) to address these security needs. MPWG recently released a Trusted Mobile Phone Reference Architecture (TCG-MPRA) specification that integrates well-known security concepts (TPM, isolation, Integrity Measurement and Verification (IMV), etc.) from the trusted" PC universe, tailored for mobile phones. The business needs of the mobile phone industry mandate 4 different stakeholders (platform owners): device "manufacturer, cellular service provider, general service provider, and the end-user. The specification requires separate trusted and isolated operational domains (Trusted Engines) for each stakeholder. Although the TCG MPWG does not explicitly prescribe a specific technical realization of these trusted engines, a general consensus is use of established (Trusted) Virtualization concepts from corresponding PC architectures. However, we will demo another isolation technique specifically crafted for mobile platforms that respects their resource limitations. We achieve this goal by realizing the MPWG specification by leveraging SELinux which provides a generic domain isolation concept at the kernel level. In addition to utilizing SELinux to realize mobile phone specific (isolated) operational domains, we are also able to seamlessly integrate the important IMV concept into our SELinux-based Trusted Mobile Phone architecture. In our demo we will present a hardware prototvpe, representing a generic mobile phone, implementing the TCG MPWG specification. First, we will "Securely Boot" our TC-aware SELinux kernel out of a hardware Mobile Trusted Module (MTM). Next, we will show how easy and efficient we can realize the 4 isolated Trusted Engines. The value of the Trusted Engines and the fundamental IMV principle will be demonstrated through successful mitigation of two automatic Linux cell-phone worms. The prototype in this demo is in effect, the world's first novel, efficient and inherently secure implementation of MPWG specification.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
