Bokdeuk Jeong scite author profile

In this paper we present a multi-layer mandatory access control mechanism (ACM) for mobile devices based on system virtualization technology. We discuss a detailed threat model to mobile devices in the real world to develop an ACM fitted to mobile devices. Then, we propose a novel multi-layer access control mechanism for mobile devices, which provides strong protection against the identified mobile threats as well as performance efficiency. Our Virtual Machine Monitor (VMM) and secure domain have independent access control modules to effectively control mobile device's resources. Access control module at VMM controls access requests from a domain to physical/virtual resources in order to confine sharing resources among domains for confidentiality. It also protects a mobile device against DoS attacks draining limited system resources such as battery and memory to guarantee availability. In addition, access control at secure domain enforces fine-grained control of resources (e.g., file system access control) in upper layer without degrading performance of a mobile device due to additional hypercall invocations. Furthermore, there is no bypass of our access control since our ACM is placed inside VMM which is simple and small enough to verify its safety and we eliminated the chance of VMM corruption by checking integrity of VMM including ACM during bootstrap time.

show abstract

A Virtual Window System for CE Devices Based on System Virtualization

Lee

Suh

et al. 2009

View full text Add to dashboard Cite

Owing to the benefits of system virtualization, even CE devices have come to take advantage of the technology. However, due to the lack of windowing system which fits virtualization-based CE devices, it is not only inefficient but also difficult for end users to utilize the CE devices running multiple domains. In this paper we present an effective virtual window system for CE devices based on system virtualization. Our approach has three major advantages: (1) by modifying X window system, it provides shared windowing services between domains without dependency of a specific network protocol; (2) by providing a unified graphical user interface which integrates icons of all the applications from every domain, it frees users from remembering which applications are located in which domain and from doing tedious operations for application launching and installation; (3) it provides efficiency in terms of size (storage and memory) and performance to CE devices. We have implemented a prototype of the virtual window system on the basis of Secure Xen on ARM. Our evaluation shows that our approach is usable and efficient enough to be practically adopted for CE devices based on system virtualization.

show abstract

Demonstration of the Secure VMM for Beyond 3G Mobile Terminal

Suh

Lee

et al. 2008

View full text Add to dashboard Cite

We will demonstrate a prototype of the beyond 3G mobile terminal based on system virtualization technology, which meets both security and flexibility requirements. In the proposed archecture, two domains, secure domain and normal domain, run on top of secure Virtual Machine Monitor (VMM) which includes mandatory access control and domain integrity check mechanisms. Only security critical applications and services (e.g., banking, trading, and DRM) can run on the secure domain, and malware is prohibited from accessing the secure domain. Both flexibility and rich user experiences are provided by allowing users to install and execute application software, which might be potentially vulnerable, on the normal domain. Even in the case of malware attack, it cannot cause security threats to the secure domain because of the isolation and our access control features. This demonstration will show how secure our mobile terminal is against malware attacks compared to conventional single OS based mobile terminal.

show abstract

UTopia: Automatic Generation of Fuzz Driver using Unit Tests

Jeong

Jang

et al. 2023

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Bokdeuk Jeong

Fine-grained I/O access control of the mobile devices based on the Xen architecture

A Multi-Layer Mandatory Access Control Mechanism for Mobile Devices Based on Virtualization

A Virtual Window System for CE Devices Based on System Virtualization

Demonstration of the Secure VMM for Beyond 3G Mobile Terminal

UTopia: Automatic Generation of Fuzz Driver using Unit Tests

Contact Info

Product

Resources

About