Download: PDF.

“Measuring Integrity in Mobile Phone Systems” by Divya Muthukumaran, Anuj Sawani, Joshua Schiffman, Brian M. Jung, and Trent Jaeger. In Proceedings of the 13^th ACM Symposium on Access Control Models and Technologies, June 2008, pp. 155-164.

Abstract

Mobile phone security is a relatively new field that is gathering momentum in the wake of rapid advancements in phone system technology. Mobile phones are now becoming sophisticated smart phones that provide services beyond basic telephony, such as supporting third-party applications. Such third-party applications may be security-critical, such as mobile banking, or may be untrusted applications, such as downloaded games. Our goal is to protect the integrity of such critical applications from potentially untrusted functionality, but we find that existing mandatory access control approaches are too complex and do not provide formal integrity guarantees. In this work, we leverage the simplicity inherent to phone system environments to develop a compact SELinux policy that can be used to justify the integrity of a phone system using the Policy Reduced Integrity Measurement Architecture (PRIMA) approach. We show that the resultant policy enables systems to be proven secure to remote parties, enables the desired functionality for installing and running trusted programs, and the resultant SELinux policy is over 90% smaller in size. We envision that this approach can provide an outline for how to build high integrity phone systems.

Download: PDF.

BibTeX entry:

@inproceedings{sacmat08,
   author = {Divya Muthukumaran and Anuj Sawani and Joshua Schiffman and
	Brian M. Jung and Trent Jaeger},
   title = {Measuring Integrity in Mobile Phone Systems},
   booktitle = {Proceedings of the {\it 13^{th}} ACM Symposium on Access
	Control Models and Technologies},
   pages = {155--164},
   month = jun,
   year = {2008}
}

(This webpage was created with bibtex2web.)

Back to Trent Jaeger's Publications.