Abstract
Both in the cloud and mobile environments, a large number of online services is daily accessed through smartphones and tablets. Since several security, safety and trust concerns may arise when using these services, providers may require a usage policy to be enforced on the devices while accessing these services. This kind of policy enforcements enables service providers to have assurance that remote devices are in an acceptable state when using the provided service, according to their terms and conditions.
In this paper, we propose a framework which allows service providers to have assurance about the enforcement of some functional policies directly on the device. The proposed framework inserts an enforcer into the client’s device, which is responsible for enforcing the provider’s policy to abide by the terms and conditions of the service. To assure the integrity of the enforcer and of the policy, the framework exploits Trusted Computing techniques to remotely attest the enforcer’s measurements. Preliminary experiments and a first prototype implementation for Android-based smartphones suggest that the approach is both viable and effective.
The research leading to these results has received funding from the EU Seventh Framework Programme (FP7/2007-2013) under grant n. 256980 (NESSoS), n. 257930 (Aniketos), from PRIN Security Horizons funded by MIUR with D.D. 23.10.2012 n. 719, and EIT ICT Labs activity 13077.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Pearson, S.: Trusted Computing Platforms, the Next Security Solution. Trusted Computing Group Administration, Beaverton (2002)
Wikipedia: Android operating system (2013), http://en.wikipedia.org/wiki/Android_operating_system
Trusted Computing Group: Mobile phone work group mobile trusted module specification, version 1.0, revision 7.02 (2013)
Trusted Computing Group: Mobile phone work group mobile reference architecture (2013)
Greci, P., Martinelli, F., Matteucci, I.: A framework for contract-policy matching based on symbolic simulations for securing mobile device application. In: Margaria, T., Steffen, B. (eds.) ISoLA 2008. CCIS, vol. 17, pp. 221–236. Springer, Heidelberg (2008)
Aktug, I., Naliuka, K.: Conspec – a formal language for policy specification. Electron. Notes Theor. Comput. Sci. 197(1), 45–58 (2008)
Bente, I., Dreo, G., Hellmann, B., Heuser, S., Vieweg, J., Von Helden, J., Westhuis, J.: Towards permission-based attestation for the android platform. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) TRUST 2011. LNCS, vol. 6740, pp. 108–115. Springer, Heidelberg (2011)
Sailer, R., Zhang, X., Jaeger, T.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th Conference on USENIX Security Symposium, vol. 13, p. 16 (2004)
Sailer, R., Jaeger, T., Zhang, X., van Doorn, L.: Attestation-based policy enforcement for remote access. In: CCS 2004: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 308–317. ACM, New York (2004)
Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: NSPW 2004: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 67–77. ACM, New York (2004)
Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A., Stüble, C.: A protocol for property-based attestation. In: Proceedings of the First ACM Workshop on Scalable Trusted Computing, pp. 7–16. ACM, New York (2006)
Petroni Jr., N., Fraser, T., Walters, A., Arbaugh, W.: An Architecture for Specification-Based Detection of Semantic Integrity Violations in Kernel Dynamic Data. In: Proc. of the 15th USENIX Security Symposium (2006)
Jaeger, T., Sailer, R., Shankar, U.: PRIMA: policy-reduced integrity measurement architecture. In: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, pp. 19–28. ACM, New York (2006)
Zhang, X., Parisi-Presicce, F., Sandhu, R.: Towards remote policy enforcement for runtime protection of mobile code using trusted computing. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 179–195. Springer, Heidelberg (2006)
Nauman, M., Khan, S., Zhang, X., Seifert, J.-P.: Beyond kernel-level integrity measurement: Enabling remote attestation for the android platform. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 1–15. Springer, Heidelberg (2010)
Bente, I., Dreo, G., Hellmann, B., Heuser, S., Vieweg, J., Von Helden, J., Westhuis, J.: Towards permission-based attestation for the android platform. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) TRUST 2011. LNCS, vol. 6740, pp. 108–115. Springer, Heidelberg (2011)
Ugus, O., Westhoff, D.: An mtm based watchdog for malware famishment in smartphones. In: Eichler, G., Küpper, A., Schau, V., Fouchal, H., Unger, H. (eds.) IICS. LNI, vol. P-186, pp. 251–262. GI (2011)
Joseph, A.: Mobile device management-brave new horizon or basic plumbing? (2013), http://www.devicemanagement.org/content/view/20754/152/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Martinelli, F., Matteucci, I., Saracino, A., Sgandurra, D. (2013). Remote Policy Enforcement for Trusted Application Execution in Mobile Environments. In: Bloem, R., Lipp, P. (eds) Trusted Systems. INTRUST 2013. Lecture Notes in Computer Science, vol 8292. Springer, Cham. https://doi.org/10.1007/978-3-319-03491-1_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-03491-1_5
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03490-4
Online ISBN: 978-3-319-03491-1
eBook Packages: Computer ScienceComputer Science (R0)