A Multi-Layer Mandatory Access Control Mechanism for Mobile Devices Based on Virtualization

Lee, Sung-Min; Suh, Sang-Bum; Jeong, Bokdeuk; Mo, Sangdok

doi:10.1109/ccnc08.2007.63

Cited by 14 publications

(9 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To enhance the security of this virtualized environment, access control mechanism has been deployed in the VMM or hypervisor to authorize the permission of an access to the hardware resource. The main difference between this approach and ours is that we leverage the virtualization to offer secure service not to confine the compromised system to the infected domain [7,8].…”

Section: Standalone Modementioning

confidence: 98%

Building Secure Execution Environment for Mobile Platform

Kim¹,

Kim²

2011

2011 First ACIS/JNU International Conference on Computers, Networks, Systems and Industrial Engineering

View full text Add to dashboard Cite

With the advent of smart devices and the predominance of open platforms, security problems have been complicated and pivotal to security critical services such as mobile payment and banking, etc. While hardware technologies have been suggested to tackle this problem, we focus on the software-based approach. In this paper, we propose a secure execution environment that is designed to offer security service from a closed domain. We take advantage of virtualization to create two separate domains with different security policies. Specifically, we describe the major design principles and the important aspect of service model. We expect that our framework will motivate the research for improving the secure execution environment and expand the extent which the smart device can be utilized.

show abstract

Section: Standalone Modementioning

confidence: 98%

Building Secure Execution Environment for Mobile Platform

Kim¹,

Kim²

2011

2011 First ACIS/JNU International Conference on Computers, Networks, Systems and Industrial Engineering

View full text Add to dashboard Cite

show abstract

“…The SRM first decompresses the software package and verifies it. In [2,5], the Domain0 was not allowed to install unauthorized software to be kept secure. In this situation, our software installer verifies the digital signature of the downloaded software.…”

Section: B Proposed Architecturementioning

confidence: 99%

“…Currently, Xen [8,9], one of popular virtualization technologies, has been adopted for CE devices. Secure Xen on ARM [1,2,3,4,5] made a large contribution toward supporting secure computing environment for mobile devices by executing multiple domains on the basis of strong isolation of Virtual Machine Monitor (VMM) on ARM processor. However, there have been no efforts to provide an effective windowing system for CE devices running multiple domains by using VMM.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Virtual Window System for CE Devices Based on System Virtualization

Lee

Suh

et al. 2009

2009 6th IEEE Consumer Communications and Networking Conference

Self Cite

View full text Add to dashboard Cite

Owing to the benefits of system virtualization, even CE devices have come to take advantage of the technology. However, due to the lack of windowing system which fits virtualization-based CE devices, it is not only inefficient but also difficult for end users to utilize the CE devices running multiple domains. In this paper we present an effective virtual window system for CE devices based on system virtualization. Our approach has three major advantages: (1) by modifying X window system, it provides shared windowing services between domains without dependency of a specific network protocol; (2) by providing a unified graphical user interface which integrates icons of all the applications from every domain, it frees users from remembering which applications are located in which domain and from doing tedious operations for application launching and installation; (3) it provides efficiency in terms of size (storage and memory) and performance to CE devices. We have implemented a prototype of the virtual window system on the basis of Secure Xen on ARM. Our evaluation shows that our approach is usable and efficient enough to be practically adopted for CE devices based on system virtualization.

show abstract

“…Some work has been done on smartphone access control [8]. But their focus is on the security of applications installed on smartphones.…”

Section: Related Workmentioning

confidence: 99%

DiffUser: Differentiated user access control on smartphones

Yang

Bai

et al. 2009

2009 IEEE 6th International Conference on Mobile Adhoc and Sensor Systems

View full text Add to dashboard Cite

Smartphones have been widely used in recent years due to their capabilities of supporting many applications from simple Short Message Service messages to complicated Location-based services. It is challenging for smartphones to enable their end users to manage all applications in all possible use cases to protect privacy or sensitive data. However, the security model for smartphone users is still a two-state model in which they can do anything or absolutely nothing, and it is no longer suitable. In this paper, we propose DiffUser, a differentiated user access control model to enhance smartphone security and user privacy. DiffUser classifies smartphone users based on certain sets of user access privileges. We implement a prototype of DiffUser on real-world T-Mobile G1 smartphones. The evaluation results show that our system is lightweight and flexible.

show abstract

A Multi-Layer Mandatory Access Control Mechanism for Mobile Devices Based on Virtualization

Cited by 14 publications

References 15 publications

Building Secure Execution Environment for Mobile Platform

Building Secure Execution Environment for Mobile Platform

A Virtual Window System for CE Devices Based on System Virtualization

DiffUser: Differentiated user access control on smartphones

Contact Info

Product

Resources

About