Advertisement

Remote Policy Enforcement for Trusted Application Execution in Mobile Environments

  • Fabio Martinelli
  • Ilaria Matteucci
  • Andrea Saracino
  • Daniele Sgandurra
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8292)

Abstract

Both in the cloud and mobile environments, a large number of online services is daily accessed through smartphones and tablets. Since several security, safety and trust concerns may arise when using these services, providers may require a usage policy to be enforced on the devices while accessing these services. This kind of policy enforcements enables service providers to have assurance that remote devices are in an acceptable state when using the provided service, according to their terms and conditions.

In this paper, we propose a framework which allows service providers to have assurance about the enforcement of some functional policies directly on the device. The proposed framework inserts an enforcer into the client’s device, which is responsible for enforcing the provider’s policy to abide by the terms and conditions of the service. To assure the integrity of the enforcer and of the policy, the framework exploits Trusted Computing techniques to remotely attest the enforcer’s measurements. Preliminary experiments and a first prototype implementation for Android-based smartphones suggest that the approach is both viable and effective.

Keywords

Mobile Device Trusted Platform Module Policy Enforcement Provider Policy Trust Computing 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Pearson, S.: Trusted Computing Platforms, the Next Security Solution. Trusted Computing Group Administration, Beaverton (2002)Google Scholar
  2. 2.
    Wikipedia: Android operating system (2013), http://en.wikipedia.org/wiki/Android_operating_system
  3. 3.
    Trusted Computing Group: Mobile phone work group mobile trusted module specification, version 1.0, revision 7.02 (2013)Google Scholar
  4. 4.
    Trusted Computing Group: Mobile phone work group mobile reference architecture (2013)Google Scholar
  5. 5.
    Greci, P., Martinelli, F., Matteucci, I.: A framework for contract-policy matching based on symbolic simulations for securing mobile device application. In: Margaria, T., Steffen, B. (eds.) ISoLA 2008. CCIS, vol. 17, pp. 221–236. Springer, Heidelberg (2008)Google Scholar
  6. 6.
    Aktug, I., Naliuka, K.: Conspec – a formal language for policy specification. Electron. Notes Theor. Comput. Sci. 197(1), 45–58 (2008)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Bente, I., Dreo, G., Hellmann, B., Heuser, S., Vieweg, J., Von Helden, J., Westhuis, J.: Towards permission-based attestation for the android platform. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) TRUST 2011. LNCS, vol. 6740, pp. 108–115. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  8. 8.
    Sailer, R., Zhang, X., Jaeger, T.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th Conference on USENIX Security Symposium, vol. 13, p. 16 (2004)Google Scholar
  9. 9.
    Sailer, R., Jaeger, T., Zhang, X., van Doorn, L.: Attestation-based policy enforcement for remote access. In: CCS 2004: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 308–317. ACM, New York (2004)Google Scholar
  10. 10.
    Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: NSPW 2004: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 67–77. ACM, New York (2004)Google Scholar
  11. 11.
    Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A., Stüble, C.: A protocol for property-based attestation. In: Proceedings of the First ACM Workshop on Scalable Trusted Computing, pp. 7–16. ACM, New York (2006)CrossRefGoogle Scholar
  12. 12.
    Petroni Jr., N., Fraser, T., Walters, A., Arbaugh, W.: An Architecture for Specification-Based Detection of Semantic Integrity Violations in Kernel Dynamic Data. In: Proc. of the 15th USENIX Security Symposium (2006)Google Scholar
  13. 13.
    Jaeger, T., Sailer, R., Shankar, U.: PRIMA: policy-reduced integrity measurement architecture. In: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, pp. 19–28. ACM, New York (2006)CrossRefGoogle Scholar
  14. 14.
    Zhang, X., Parisi-Presicce, F., Sandhu, R.: Towards remote policy enforcement for runtime protection of mobile code using trusted computing. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 179–195. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Nauman, M., Khan, S., Zhang, X., Seifert, J.-P.: Beyond kernel-level integrity measurement: Enabling remote attestation for the android platform. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 1–15. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Bente, I., Dreo, G., Hellmann, B., Heuser, S., Vieweg, J., Von Helden, J., Westhuis, J.: Towards permission-based attestation for the android platform. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) TRUST 2011. LNCS, vol. 6740, pp. 108–115. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  17. 17.
    Ugus, O., Westhoff, D.: An mtm based watchdog for malware famishment in smartphones. In: Eichler, G., Küpper, A., Schau, V., Fouchal, H., Unger, H. (eds.) IICS. LNI, vol. P-186, pp. 251–262. GI (2011)Google Scholar
  18. 18.
    Joseph, A.: Mobile device management-brave new horizon or basic plumbing? (2013), http://www.devicemanagement.org/content/view/20754/152/

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Fabio Martinelli
    • 2
  • Ilaria Matteucci
    • 2
  • Andrea Saracino
    • 1
    • 2
  • Daniele Sgandurra
    • 2
  1. 1.Dipartimento di Ingegneria dell’InformazioneUniversità di PisaPisaItaly
  2. 2.Istituto di Informatica e TelematicaConsiglio Nazionale delle RicerchePisaItaly

Personalised recommendations