The Journal of Supercomputing

, Volume 72, Issue 7, pp 2682–2702 | Cite as

SecureDom: secure mobile-sensitive information protection with domain separation

Article

Abstract

The virtualization techniques are receiving more attention lately in mobile device security. In this study, we present SecureDom which is the device security of data-centric that aims to protect private, enterprise or sensitive data from various attacks and threats. To achieve it, we provide the mobile device security platform based on domain separation and suggests three essential secure functions which should be offered for secure domain: authentication/access control (AAC) module, secure storage (STR) module and encryption/key management (EKM) module. In secure functions, the AAC module applies two-factor authentication by user and app to access SD, the STR module introduces the enhanced abilities of secure filesystem and EKM module is in charge of security algorithms for data encryption, integrity validation or key generation. Here, EKM module can utilize the existing encryption module that is certified by cryptographic validation program. In the experiment, it demonstrates that some notable overheads are caused in the performance of virtualization engine and inter-domain communication (IDC) performance based on hypervisor, while it provides the strong isolation in domain, IDC, filesystem and resource and the separation of processes.

Keywords

Secure mobile platform Mobile virtualization Domain separation Secure storage 

Notes

Acknowledgments

This work was supported by the ICT R&D program of MSIP/IITP. [R0101-15-0195(10043959), Development of EAL 4 level military fusion security solution for protecting against unauthorized accesses and ensuring a trusted execution environment in mobile devices].

References

  1. 1.
    Singh R, Singh P, Duhan M (2014) An effective implementation of security based algorithmic approach in mobile adhoc networks. Human-Centric Comput Inf Sci 4(7):1–4Google Scholar
  2. 2.
    Eslahi M, Naseri MV, Hashim H, Tahir NM, Saad EHM (2014) BYOD: current state and security challenges. In: IEEE Symposium on Computer Applications & Industrial Electronics, pp 189–192Google Scholar
  3. 3.
    Rhee K, Jeon W, Won D (2012) Security requirements of a mobile device management system. Int J Secur Appl 6(2):353–358Google Scholar
  4. 4.
    Oh D, Kim I, Kim K, Lee S-M, Ro WW (2015) Highly secure mobile devices assisted with trusted cloud computing environments. ETRI J 37(2):348–358CrossRefGoogle Scholar
  5. 5.
    Ongtang M, McLaughlin S, Enck W, McDaniel P (2009) Semantically rich application-centric security in android. In: Proceedings of Annual Computer Security Applications Conference (ACSAC ’09), pp 73–82Google Scholar
  6. 6.
    Villate Y, Illarramendi A, Pitoura E (2000) Data lockers: mobile-agent based middleware for the security and availability of roaming users data. Lecture notes in computer science, vol 1901, pp 275–286Google Scholar
  7. 7.
    Hwang J, Wood T (2012) Adaptive dynamic priority scheduling for virtual desktop infrastructures. In: Proceedings of IWQoS, pp 1–9Google Scholar
  8. 8.
    Crowell A, Ng BH, Fernandes E, Prakash A (2013) The confinement problem: 40 years later. J Inf Process Syst 9(2):189–204CrossRefGoogle Scholar
  9. 9.
    Cho M, Lee HJ, Kim M, Kim SW (2013) AndroScope: an insightful performance analyzer for all software layers of the android-based systems. ETRI J 35(2):259–269MathSciNetCrossRefGoogle Scholar
  10. 10.
    Nauman M, Khan S, Zhang X (2010) Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of Fifth ACM Symposium on Information, Computer and Communication Security (ASIACCS ’10), pp 328–332Google Scholar
  11. 11.
    Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, McDaniel P (2014) Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings PLDI. ACMGoogle Scholar
  12. 12.
    Enck W, Gilbert P, Chun B-G, Cox LP, Jung J, McDaniel P, Sheth AN (2010) Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: OSDI. USENIXGoogle Scholar
  13. 13.
    Hornyack P, Han S, Jung J, Schechter S, Wetherall D (2011) These aren’t the droids you’re looking for’: retroffiting androidto protect data from imperious applications. In: Proceedings of 18th ACM conference on computer and communication security (CCS ’11), pp 639–652Google Scholar
  14. 14.
    Conti M, Fernandes E, Paupore J, Prakash A, Simionato D (2014) Oasis: operational access sandboxes for information security. In: Proceedings of the 4th ACM workshop on security and privacy in smartphones & mobile devices, SPSM ’14. ACM, pp 105–110Google Scholar
  15. 15.
    Xu R, Saïdi H, Anderson R (2012) Aurasium: practical policy enforcement for android applications. In: USENIX security symposiumGoogle Scholar
  16. 16.
    Heuser S, Nadkarni A, Enck W, Sadeghi AR (2014) ASM: a programmable interface for extending android security. In: Proceedings of the 23rd USENIX conference on Security Symposium, August 20–22, pp 1005–1019Google Scholar
  17. 17.
    Backes M, Bugiel S, Gerling S, von Styp-Rekowsky P (2014) Android security framework: extensible multi-layered access control on android. In: Proceedings of the 30th annual computer security applications conference, pp 46–55Google Scholar
  18. 18.
    Sufatrio Tan DJJ, Chua T-W, Thing VLL (2015) Securing android: a survey, taxonomy, and challenges. J ACM Comput Surv 47(58):58–102Google Scholar
  19. 19.
    Heiser G (2008) The role of virtualization in embedded systems. In: IIES ’08: Proceedings of the 1st workshop on Isolation and integration in embedded systems, pp 11–16Google Scholar
  20. 20.
    Aguiar A, Hessel F (2010) Embedded systems’ virtualization: the next challenge? In: 2010 21st IEEE international symposium on rapid system prototyping (RSP), pp 1–7Google Scholar
  21. 21.
    Mahajan K, Makroo A, Dahiya D (2013) Round robin with server affinity: a VM load balancing algorithm for cloud based infrastructure. J Inf Process Syst 9(3):379–394CrossRefGoogle Scholar
  22. 22.
    Rosenblum M (2004) The reincarnation of virtual machines. ACM Queue 2(5):34–40CrossRefGoogle Scholar
  23. 23.
    Tuch H, Laplace C, Barr KC, Wu B (2012) Block storage virtualization with commodity secure digital cards. In: ACM SIGPLAN Notices, VEE ’12, vol 47, no 7, pp 191–202Google Scholar
  24. 24.
    Catuogno L, Löhr H, Manulis M, Sadeghi A, Winandy M (2009) Transparent mobile storage protection in trusted virtual domains. In: Proceedings of the 23rd conference on large installation system administration, pp 1–14Google Scholar
  25. 25.
    Catuogno L, Löhr H, Winandy M, Sadeghi A (2014) A trusted versioning file system for passive mobile storage devices. J Netw Computer Appl 38:65–75CrossRefGoogle Scholar
  26. 26.
    Shu J, Shen Z, Xue W (2014) Shield: a stackable secure storage system for file sharing in public storage. J Parallel Distrib Comput 74(9):2872–2883CrossRefGoogle Scholar
  27. 27.
    Catuogno L, Dmitrienko A, Eriksson K, Kuhlmann D, Ramunno G, Sadeghi A, Schulz S, Schunter M, Winandy M, Zhan J (2009) Trusted virtual domains–design, implementation and lessons learned. In: Proceedings of the first international conference on trusted systems, pp 1–24Google Scholar
  28. 28.
    Russello G, Conti M, Crispo B, Fernandes E (2012) MOSES: supporting operation modes on smartphones. In: Proceedings of the 17th ACM symposium on access control models and technologies, pp 3–12Google Scholar
  29. 29.
    Andrus J, Dall C, Hof AV, Laadan O, Nieh J (2011) Cells: a virtual mobile smartphone architecture. In: Proceedings of the twenty-third ACM symposium on operating systems principles, pp 173–187Google Scholar
  30. 30.
    Zhauniarovich Y, Russello G, Conti M, Crispo B, Fernandes E (2014) MOSES: supporting and enforcing security profiles on smartphones. IEEE Trans Dependable Secure Comput 11(3):211–223CrossRefGoogle Scholar
  31. 31.
    Bugiel S, Davi L, Dmitrienko A, Heuser S, Sadeghi A-R, Shastry B (2011) Practical and lightweight domain isolation on android. In: 1st ACM CCS workshop on security and privacy in mobile devices (SPSM’11)Google Scholar
  32. 32.
    Sun Q, Qi T, Yang T, Cui Y (2013) An android dynamic data protection model based on light virtualization. In: Conference on communication technology, pp 65–69Google Scholar
  33. 33.
    Lange M, Liebergeld S, Lackorzynski A, Warg A, Peter M (2011) L4Android: a generic operating system framework for secure smartphones. In: SPSM. ACMGoogle Scholar
  34. 34.
    Labrosse J (1992) \(\mu \)C/OS the real-time kernel. R&D publications, LawrenceGoogle Scholar
  35. 35.
    Reshetova E, Karhunen J, Nyman T, Asokan N (2014) Security of OS-level virtualization technologies: Technical report. Cornell Univ. Library, pp 1–20. arXiv:1407.4245v1
  36. 36.
    Park S-W, Lim JD, Kim JN (2015) A secure storage system for sensitive data protection based on mobile virtualization. Int J Distrib Sensor Netw 8Google Scholar
  37. 37.
    Truong T, Tran M, Duong A (2012) Improvement of the more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. J Converg 3(2):1–10Google Scholar
  38. 38.
    Albayram Y, Khan MMH, Bamis A, Kentros S, Nguyen N, Jiang R (2015) Designing challenge questions for location-based authentication systems: a real-life study. Human-Centric Comput Inf Sci 5:5–21CrossRefGoogle Scholar
  39. 39.
    Diesburg SM, Wang A-IA (2010) A survey of confidential data storage and deletion methods. ACM Comput Surv 43(1):1–37CrossRefGoogle Scholar
  40. 40.
    Qin Y, Tong W, Liu J, Zhu Z (2013) SmSD: a smart secure deletion scheme for SSDs. J Converg 4(4):30–35Google Scholar
  41. 41.
    Hong D, Sung J, Hong S, Lim J, Lee S, Koo B, Lee C, Chang D, Lee J, Jeong K, Kim H, Kim J, Chee S (2006) HIGHT: a new block cipher suitable for low-resource device. LNCS 4249:46–59MATHGoogle Scholar
  42. 42.
    Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) PRESENT: an ultra-lightweight block cipher. LNCS 4727:450–466MATHGoogle Scholar
  43. 43.
    Oh S-C, Kim KH, Koh KW, Ahn C-W (2010) ViMo (virtualization for mobile): a virtual machine monitor supporting full virtualization for arm mobile systems. In: The first international conference on cloud computing, grids, and virtualization, pp 48–53Google Scholar
  44. 44.
    Weiss Alan R (2002) Dhrystone benchmark, white paperGoogle Scholar
  45. 45.
    (2011) Dhrystone benchmarking for ARM cortex processors, application note 273Google Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.Cyber Security Research DepartmentElectronics and Telecommunications Research InstituteDaejeonRepublic of Korea
  2. 2.Department of Information SecuritySeowon UniversityCheongjuRepublic of Korea

Personalised recommendations