Mobile Execution Environment Research Articles

IFlask: Isolate flask security system from dangerous execution environment by using ARM TrustZone

Security is essential in mobile computing. And, therefore, various access control modules have been introduced. However, the complicated mobile runtime environment may directly impact on the integrity of these security modules, or even compels them to make wrong access control decisions. Therefore, for a trusted Flask based security system, it needs to be isolated from the dangerous mobile execution environment at runtime. In this paper, we propose an isolated Flask security architecture called iFlask to solve this problem for the Flask-based mandatory access control (MAC) system. iFlask puts its security server subsystem into the enclave provided by the ARM TrustZone so as to avert the negative impacts of the malicious environment. In the meanwhile, iFlask’s object manager subsystems which run in the mobile system kernel use a built-in supplicant proxy to effectively lookup policy decisions made by the back-end security server residing in the enclave, and to enforce these rules on the system with trustworthy behaviors. Moreover, to protect iFlask’s components which are not protected by the enclave, we not only provide an exception trap mechanism that enables TrustZone to enlarge its protection scope to protect selected memory regions from the malicious system, but also establish a secure communication channel to the enclave as well. The prototype is implemented on SELinux, which is the widely used Flask-based MAC system, and the base of SEAndroid. The experimental results show that SELinux receives reliable protection, because it resists all known vulnerabilities (e.g., CVE-2015-1815) and remains unaffected by the attacks in the test set. The propose architecture have very slight impact on the performance, it shows a performance degradation ranges between 0.53% to 6.49% compared to the naked system.

A secure portable execution environment to support teleworking

Purpose – This paper presents the design, development and trialling of the mobile execution environment (MEE), a secure portable execution environment designed to support secure teleworking. Teleworking is an established work practice, yet often the information security controls in the teleworking location are weaker than those in a corporate office. Security concerns also prevent organisations allowing personnel to telework. Design/methodology/approach – The design science research methodology was applied to develop the MEE, and this paper is structured using the process elements of the methodology. Findings – In this paper, the problem addressed and the design objectives are defined. The design and implementation is discussed, and the testing and trialling approach adopted to demonstrate the MEE is summarised. An evaluation of the demonstration results against the design objectives is presented. Research limitations/implications – The MEE is part of an ongoing research project using open source software; the structure and functionality of the software can limit or influence the direction of the research. Practical implications – The MEE provides a secure portable execution environment suitable for transaction-oriented work performed remotely; e.g. teleworkers performing customer support work. Social implications – The paper contributes to encouraging the implementation of teleworking. Originality/value – The MEE builds on the concept of a portable executable operating system that uploads onto a PC through an external port. The MEE extends this concept by providing a hardened secure computing environment that is uploaded from a secure storage device or a standard thumb drive (USB flash drive).

Mobile execution environment for non-intermediated content distribution

Despite the availability of various mobile features and the ability to stay always connected, there are very few applications that truly take advantage of the mobile platform. Frequently, mobile applications are just reduced versions of or thin interfaces to existing personal computer (PC)-based applications, and therefore do not support specific mobile features. Moreover, Web-based applications are seldom rendered appropriately on mobile devices. Finally, mobile applications are designed for the exclusive use of the mobile owner, interacting with the network using a client/server approach. This paper presents the concept of distributed mobile applications, focusing on the use of mobile capabilities that allow users to generate content and to access that content using a mobile-to-mobile interaction approach. It provides a blueprint for a new multi provider/multi consumer decentralized platform which will provide users with access to content that may have been previously unavailable via dedicated applications.

OdinTelehealth: A Mobile Service Platform for Telehealth

In this paper we present our experience with developing telehealth applications using smartphones in conjunction with a mobile service provisioning middleware platform named Odin. Common requirements for mobile telehealth applications include the need to support multiple stakeholders, high levels of connectivity between users, real-time interaction, bidirectional communication channels for exchanging diverse data types, computationally intensive processing and security. Meeting these needs is a non-trivial task in mobile execution environments given the limitations of mobile devices and wireless and mobile networks. Odin enables a separation of concerns between application functionality and resource management governing mobile devices and wireless networking. Using Odin, application developers can rapidly develop telehealth applications without needing to address underlying complexity. We describe development of an Odin-based monitoring application that meets many of the aforementioned requirements associated with mobile telehealth. Based on evaluation, results for smartphone power consumption, network bandwidth usage, and communication latency suggest that Odin is an appropriate platform for general telehealth applications.

Designing an XML-based context-aware transformation framework for mobile execution environments using CC/PP and XSLT

Mobile and embedded devices provide the function of surfing the Internet anytime and anywhere. There are several kinds of mobile execution environments (MExE) built on these appliances, such as WAP, J2ME, PJava, and Microsoft CLI. It is difficult for programmers to write a program only once and then execute it on these mobile devices. The primary reason is there are a variety of devices with different runtime environments and diverse hardware/software capabilities. Therefore, in order to accomplish the following: (1) applications can be designed regardless of what kind of the target mobile device belongs to; (2) the program of an application can be automatically adapted to the target MExE environments. We propose an XML-based Context- Aware transformation Framework (X-CAF). In this framework, we design an XML-based programming model to divide programmers into two roles, user interface (UI) designer and logic programmer, so as to efficiently develop an application in separation-of-concern way. Besides, we exploit the XSLT/XPath transformation mechanism to transform documents of XML User-interface Language (XUL) and LoGic Markup Language (LGML) into others of the target MExE languages by means of the context information, device capabilities and user preferences. Moreover, to generate codes of the applications flexibly and efficiently, we divide the code processing of an application into that of the user interface occurring at runtime and that of the event-handling logic occurring at static time. In brief, our paper contributes an XML-based application development environment and transformation framework to the access to device independence.