Integrity Management on Linux for Mobile Devices

Award #: N/A
Amount Awarded: $92,717
Sponsoring Organization: Samsung
Grant Period: 2007
Primary Investigator(s): Trent Jaeger (PI)

Abstract

Over the past few years mobile phones have grown into Smart phones supporting diverse functionality and services and integrating different networking technologies such as IEEE 802.11, Bluetooth, CDMA and GSM. The personal nature of mobile phones results in users storing important information like passwords, security codes and other private data on the handsets. Untrusted code and data can penetrate the system via games and applications downloaded by the users. As the phones begin to support advanced applications for Internet banking and personal data storage, the integrity of data on the phones become critical.

Our goal in this project is to preserve the integrity of phone-critical applications from untrusted code and data.

We are leveraging PRIMA, SELinux and Information flow analysis on the phone system in order to achieve this goal. The SELinux module enables enforcement of multilevel security (MLS) and type enforcement (TE). Policy reduced integrity measurement architecture (PRIMA) is an extension to Linux IMA and is used to measure integrity. We are working on exporting a PRIMA enabled kernel into a Linux based phone system and have it work in tandem with the SELinux module. The PRIMA measurements enable a remote to prove that all trusted subjects run acceptable code and that all information flows to trusted subjects are from other trusted subjects or via trusted interfaces. We are also working on creating an SELinux policy for a key phone application that enables PRIMA to measure the above guarantees.

Related Research Projects

Related Publications