A Secure Architecture for Operating System-Level Virtualization on Mobile Devices

  • Manuel HuberEmail author
  • Julian Horsch
  • Michael Velten
  • Michael Weiss
  • Sascha Wessel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9589)


In this paper, we present a novel secure architecture for OS-level virtualization on mobile devices. OS-level virtualization allows to simultaneously operate multiple userland OS instances on one physical device. Compared to previous approaches, our main objective is the confidentiality of sensitive user data stored on the device. We isolate the OS instances by restricting them to a set of minimal, controlled functionality and allow communication between components exclusively through well-defined channels. With our secure architecture, we therefore go beyond the common deployment of Linux kernel mechanisms, such as namespaces or cgroups. We develop a specially tailored, stacked LSM concept using SELinux and a custom LSM, leverage Linux capabilities and the cgroups devices subsystem. Based on the architecture, we present secure device virtualization concepts allowing to dynamically assign device functionalities to different OS instances. Furthermore, we develop a mechanism for secure switching between the instances. We realize the architecture with a fully functional and performant implementation on the Samsung Galaxy S4 and Nexus 5 mobile devices, running Android 4.4.4 and 5.1.1, respectively. With a systematic security evaluation, we demonstrate that the secure isolation of OS instances provides confidentiality even when large parts of the system are compromised.


Mobile device security Security architecture Data confidentiality Operating System security 


  1. 1.
    Almohri, H.M., Yao, D.D., Kafura, D.: DroidBarrier: know what is executing on your Android. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014, pp. 257–264. ACM (2014)Google Scholar
  2. 2.
    Andrus, J., Dall, C., Hof, A.V., Laadan, O., Nieh, J.: Cells: a virtual mobile smartphone architecture. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, SOSP 2011, pp. 173–187. ACM (2011)Google Scholar
  3. 3.
    Backes, M., Gerling, S., Hammer, C., Maffei, M., von Styp-Rekowsky, P.: AppGuard – fine-grained policy enforcement for untrusted Android applications. In: Garcia-Alfaro, J., Lioudakis, G., Cuppens-Boulahia, N., Foley, S., Fitzgerald, W.M. (eds.) DPM 2013 and SETOP 2013. LNCS, vol. 8247, pp. 213–231. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  4. 4.
    Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, SOSP 2003, pp. 164–177. ACM (2003)Google Scholar
  5. 5.
    Becher, M., Freiling, F., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices. In: 2011 IEEE Symposium on Security and Privacy (SP), pp. 96–111 (2011)Google Scholar
  6. 6.
    Brakensiek, J., Dröge, A., Botteck, M., Härtig, H., Lackorzynski, A.: Virtualization as an enabler for security in mobile devices. In: Proceedings of the 1st Workshop on Isolation and Integration in Embedded Systems, IIES 2008, pp. 17–22. ACM (2008)Google Scholar
  7. 7.
    Bugiel, S., Davi, L., Dmitrienko, A., Heuser, S., Sadeghi, A.R., Shastry, B.: Practical and lightweight domain isolation on Android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2011, pp. 51–62. ACM (2011)Google Scholar
  8. 8.
    Bugiel, S., Heuser, S., Sadeghi, A.R.: Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies. In: Proceedings of the 22nd USENIX Conference on Security, SEC 2013, pp. 131–146. USENIX Association (2013)Google Scholar
  9. 9.
    Chen, W., Xu, L., Li, G., Xiang, Y.: A lightweight virtualization solution for Android devices. IEEE Trans. Comput. 64, 2741–2751 (2015)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, MobiSys 2011, pp. 239–252. ACM (2011)Google Scholar
  11. 11.
    Dall, C., Nieh, J.: KVM/ARM: the design and implementation of the Linux ARM hypervisor. In: Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2014, pp. 333–348. ACM (2014)Google Scholar
  12. 12.
    Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proceedings of the 22nd Annual Symposium on Foundations of Computer Science, SFCS 1981, pp. 350–357. IEEE Computer Society (1981)Google Scholar
  13. 13.
    Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones, pp. 1–6 (2010)Google Scholar
  14. 14.
    Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 235–245. ACM (2009)Google Scholar
  15. 15.
    Feizollah, A., Anuar, N.B., Salleh, R., Wahab, A.W.A.: A review on feature selection in mobile malware detection. Digit. Invest. 13, 22–37 (2015). Elsevier Science Publishers B. VGoogle Scholar
  16. 16.
    Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2011, pp. 3–14. ACM (2011)Google Scholar
  17. 17.
    Hwang, J.Y., bum Suh, S., Heo, S.K., Park, C.J., Ryu, J.M., Park, S.Y., Kim, C.R.: Xen on ARM: system virtualization using Xen hypervisor for ARM-based secure mobile phones. In: 5th IEEE Consumer Communications and Networking Conference, CCNC 2008, pp. 257–261 (2008)Google Scholar
  18. 18.
    Kamp, P.H., Watson, R.N.: Jails: confining the omnipotent root. In: Proceedings of the 2nd International SANE Conference, vol. 43 (2000)Google Scholar
  19. 19.
    Laadan, O., Nieh, J.: Operating system virtualization: practice and experience. In: Proceedings of the 3rd Annual Haifa Experimental Systems Conference, SYSTOR 2010, pp. 17:1–17:12. ACM (2010)Google Scholar
  20. 20.
    Merkel, D.: Docker: lightweight Linux containers for consistent development and deployment. Linux J. 2014(239), 2 (2014)Google Scholar
  21. 21.
    Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in Android. In: Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC, pp. 340–349. IEEE Computer Society (2009)Google Scholar
  22. 22.
    Peng, S., Yu, S., Yang, A.: Smartphone malware and its propagation modeling: a survey. IEEE Commun. Surv. Tutorials 16, 925–941 (2014)CrossRefGoogle Scholar
  23. 23.
    Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! Analyzing unsafe and malicious dynamic code loading in Android applications. In: Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS) (2014)Google Scholar
  24. 24.
    Reshetova, E., Karhunen, J., Nyman, T., Asokan, N.: Security of OS-level virtualization technologies. In: Bernsmed, K., Fischer-Hübner, S. (eds.) NordSec 2014. LNCS, vol. 8788, pp. 77–93. Springer, Heidelberg (2014)Google Scholar
  25. 25.
    Rossier, D.: EmbeddedXEN: a revisited architecture of the XEN hypervisor to support ARM-based embedded virtualization. White Paper, Switzerland (2012)Google Scholar
  26. 26.
    Russello, G., Conti, M., Crispo, B., Fernandes, E.: MOSES: supporting operation modes on smartphones. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, SACMAT, pp. 3–12. ACM (2012)Google Scholar
  27. 27.
    Wessel, S., Huber, M., Stumpf, F., Eckert, C.: Improving mobile device security with operating system-level virtualization. Comput. Secur. (2015).
  28. 28.
    Wessel, S., Stumpf, F., Herdt, I., Eckert, C.: Improving mobile device security with operating system-level virtualization. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IFIP AICT, vol. 405, pp. 148–161. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  29. 29.
    Wu, C., Zhou, Y., Patel, K., Liang, Z., Jiang, X.: AirBag: boosting smartphone resistance to malware infection. In: Proceedings of the Network and Distributed System Security Symposium (2014)Google Scholar
  30. 30.
    Xavier, M.G., Neves, M.V., Rossi, F.D., Ferreto, T.C., Lange, T., De Rose, C.A.F.: Performance evaluation of container-based virtualization for high performance computing environments. In: Proceedings of the 2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing, PDP 2013, pp. 233–240. IEEE Computer Society (2013)Google Scholar
  31. 31.
    Zhou, Y., Jiang, X.: Dissecting Android malware: characterization and evolution. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP 2012, pp. 95–109. IEEE Computer Society (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Manuel Huber
    • 1
    Email author
  • Julian Horsch
    • 1
  • Michael Velten
    • 1
  • Michael Weiss
    • 1
  • Sascha Wessel
    • 1
  1. 1.Fraunhofer AISECGarching Near MunichGermany

Personalised recommendations