A Perspective on the Evolution of Mobile Platform Security Architectures

Size: px
Start display at page:

Download "A Perspective on the Evolution of Mobile Platform Security Architectures"

Transcription

1 A Perspective on the Evolution of Mobile Platform Security Architectures Kari Kostiainen Nokia Research Center, Helsinki TIW, June 2011 Joint work with N. Asokan, Jan-Erik Ekberg and Elena Reshetova 1

2 Introduction Recent interest on smartphone security Smartphones Open software platforms Third party software Internet connectivity Packet data, WiFi Personal data Location, contacts, communication log Risk of monetary loss Premium calls Feature phones Yes (Java Me) Yes Yes Yes PCs Yes Yes Yes? Is smartphone platform security different? 2

3 Outline Background and requirements for smartphone security Basics on hardware security enablers Comparison of modern mobile (software) platform security architectures Discussion: open issues, applications and summary 3

4 Background 4

5 Security requirements for mobile phones Mobile network operators 1. Subsidy locks immutable ID 2. Copy protection device authentication, app. separation 3. Regulators 1. RF type approval secure storage 2. Theft deterrence immutable ID 3. End users 1. Reliability app. separation 2. Theft deterrence immutable ID 3. Privacy app. separation 4. Different from PC world: Closed Open 5

6 Early adoption of security mechanisms Operators Regulators End users ~2002 ~2001 ~2005 ~2008 Hardware-based mechanisms Software-based mechanisms 6

7 Hardware security enablers 7

8 Hardware support for platform security Public key hash E.g., serial number Trust root Base identity Crypto Library Boot sequence (ROM) TCB for platform software Start of boot code Basic elements in immutable storage 8

9 Secure bootstrapping Code certificate Boot code hash Trust root Base identity Validate and execute Crypto Library Secure boot Boot sequence (ROM) TCB for platform software Ensure only authorized boot image can be loaded Launch platform boot code 9

10 Identity binding Identity certificate Base identity Code certificate Boot code hash Assigned identity E.g., IMEI, link-layer addresses, Trust root Base identity Secure boot Crypto Library Boot sequence (ROM) TCB for platform software Validate and accept assigned ID Securely assign different identities to the device Launch platform boot code 10

11 Trusted execution Identity certificate Base identity Assigned identity Code certificate Boot code hash Code certificate Validate and execute TrEE code hash Isolated execution Trust root Base identity TrEE Crypto Library Device key Basis for secure external storage Secure boot Boot sequence (ROM) TrEE code TCB for platform software 11 Launch platform boot code TrEE API Authorized code execution, isolated from the OS

12 Secure state Identity certificate Base identity Assigned identity Code certificate Boot code hash Code certificate TrEE code hash Securing TrEE sessions, authenticated boot Trust root Secure boot Base identity Crypto Library Boot sequence (ROM) TCB for platform software Launch platform boot code Configuration register(s) Device key TrEE code TrEE API TrEE Non-vol. memory or counter Rollback protection for persistent secure storage 12 Integrity-protected state within the TrEE

13 Device authentication Identity certificate Code certificate Base identity Assigned identity Boot code hash Code certificate TrEE code hash External trust root Device certificate Identity Public device key Trust root Secure boot Base identity Crypto Library Boot sequence (ROM) TCB for platform software Configuration register(s) Device key TrEE code Device authentication, secure provisioning, attestation TrEE Non-vol. memory or counter 13 Launch platform boot code TrEE API Prove device identity or properties to external verifier

14 Summary of hardware mechanisms Secure boot: Ensure only authorized boot image can be loaded Authenticated boot: Measure and remember loaded image Identity binding: Securely assign identities to the device Secure storage: Protect confidentiality and integrity of data Isolated execution: Run authorized code isolated from OS Device authentication: Prove device identity to external verifier Remote attestation: Prove device configuration to verifier 14

15 Hardware security architectures (mobile) TI M-Shield and ARM TrustZone Augments central processing unit Secure processor mode Isolated execution with on-chip RAM Very limited (<10kB) Secure storage Typically with write-once E-fuses Usually no counters or non-volatile memory Cost issue 15

16 Hardware security architectures (TCG) Trusted Platform Module (TPM) Standalone processor on PCs Isolated execution for pre-defined algorithms Arbitrary isolated execution with DRTM Platform Configuration Registers (PCRs) Monotonic counters Mobile Trusted Module (MTM) Mobile variant of TPM Defines interface Can be implemented using e.g. TrustZone or M-Shield 16

17 Uses of hardware security Recap from features Secure/authenticated boot Identity binding/device authentication Secure storage Remote attestation Uses of hardware security (device manufacturer) Device initialization DRM Subsidy lock How can developers make use of hardware security? 17

18 Software platform security 18

19 Open mobile platforms Java ME ~2001 For feature phones 3 billion devices! Not supported by the latest smartphones Symbian ~2004 First smartphone OS App development in C++ (Qt) Android ~2007 Linux-based OS App development in Java MeeGo ~2010 Linux-based OS App development in C (Qt) MSSF We exclude iphone, Windows Phone, Blackberry, webos 19

20 Mobile platform security model Three phases 1. Distribution 2. Installation 3. Run-time enforcement Common techniques Code signing Permission-based access control architecture 20

21 Distribution Software package Developer produces a software package Code Manifest May submit to a signer for a trusted signature Distributed to device via on-line stores (typically) Developer Software package Signed software package 21

22 Installation Installer consults local policy and trusted signature Identify application Grant requested privileges Installer may prompt user Software package Installer Signed software package Policy 22

23 Run-time enforcement Monitor checks if subject has privileges for requested access Monitor resource Resource may perform additional checks principal User may be prompted to authorize access 23

24 Platform security design choices (TOP 10) 1. Is hardware security used to secure OS bootstrapping? 2. How are applications identified at install and runtime? 3. How is a new version of an existing application verified? 4. How finely is access control defined? 5. What is the basis for granting permissions? 6. What is shown to the user? 7. When are permissions assigned to a principal? 8. How is the integrity of installed applications protected? 9. How does a resource declare the policy for accessing it, and how is it enforced? 10.How can applications protect the confidentiality and integrity of their data? 24

25 1. OS bootstrapping Is hardware security used to secure OS bootstrapping? Symbian Java ME Android MSSF Secure boot Not applicable No? Authenticated boot: Normal mode vs Developer mode 25

26 2. Application identification How are applications identified at install and runtime? Symbian Java ME Android MSSF Install and run-time: Protected range SID and VID (managed) UID (unmanaged) Install: Signing key Midlet attributes Install: Signing key Runtime: Unix UID Package name (locally unique) Install: Software source (signing key) Package name Runtime: Software source Package name Application ID 26

27 3. Application update How is a new version of an existing application verified? Symbian Java ME Android MSSF Protected SID, VID: trusted signature Signed midlets: same-origin policy Same origin policy Same or higher origin policy Rest: no controls Unsigned midlets: user prompt 27

28 4. Permission granularity How finely is access control defined? Symbian Java ME Android MSSF Fixed set of capabilities (21) Fine-grained permissions (many) Fine-grained permissions (112) Fine-grained resource-tokens Linux access control Linux access control Android and MSSF: Each application is installed under a separate Linux UID 28

29 5. Permission assignment (basis) What is the basis for granting permissions? Symbian Java ME Android MSSF 4 categories Trusted signature (also user prompts) Trusted signatures for protection domains 4 permission modes 4 protection levels Trusted signatures Local policy file User System, Restricted, Manufacturer Blanket, Session, One-shot, No Normal (automatic) Dangerous (user-granted) Signature (developer-controlled) SystemOrSignature (Google-controlled) 29

30 6. Permission assignment (user prompting) Symbian Java ME Android MSSF Capability description 21 capabilities Function group description 15 groups Permission group description 11 groups E.g.,Read user data, Use network, Access positioning, E.g., NetAccess PhoneCall Location, E.g., LOCATION, NETWORK, ACCOUNTS, What is shown to the user? 30

31 7. Permission assignment (timing) When are permissions assigned to a principal? Symbian Java ME Android MSSF Install-time assignment Run-time prompts Install-time assignment Install-time assignment Run-time privilege shedding possible Symbian and MSSF: Permissions of app loading a DLL is a subset of permissions of DLL 31

32 8. Application integrity How is the integrity of installed applications protected? Symbian Java ME Android MSSF Dedicated directory Java sandboxing Java sandboxing IMA, Smack Linux access control Offline protection with EVM and TrEE Integrity Measurement Architecture (IMA) Store hash of file (in extended attribute security.ima) and verify on launch Extended Validation Module (EVM) Store MAC of all extended attributes (in security.evm) and verify on access 32

33 9. Access control policy How does a resource declare the policy for accessing it? How is it enforced? Symbian Java ME Android MSSF Declare in code Enforced by IPC framework or code [System resources] Enforced by VM Declare in manifest Enforced by VM Declare in manifest Enforced by Smack or via libcreds 33

34 10. Application data protection How can applications protect the confidentiality and integrity of their data? Symbian Java ME Android MSSF Runtime: private directory Off-line: private secure storage Runtime: private record stores Runtime: dedicated UID file system Runtime: fine-grained data caging Off-line: private secure storage 34

35 Discussion 35

36 Recurring themes (hardware enablers) Hardware-support for platform security Cambridge CAP etc. (~1970s) Extended to Trusted Execution Environments Hardware-assisted secure storage Secure and authenticated boot TCPA and TCG (late 1990s) Academic research projects (mid 1990s) Extended (private secure storage for applications) Adapted (normal vs. developer mode in MSSF) 36

37 Recurring themes (software platforms) Permission-based platform security architectures VAX /VMS privileges for user (~1970s) Adapted for applications Code signing (mid 1990s) Borrowed for application installation 37

38 Open issues Permission granularity Coarse-grained permissions vs. principle of least privilege Fine-grained permissions vs. user/developer confusion Permission assignment Is it sensible to let end users make policy assignment decisions? Centralized vetting for appropriateness Can central authority decide what is offensive? Can there be crowd-sourced or clique-sourced alternatives? [Chia et al] Colluding applications How to detect/prevent applications from pooling their privileges? [Capkun et al] 38

39 On-board Credentials Nokia Research Center

40 On-board Credentials architecture Credential issuer Credential issuer OS Application Credentials Manager TrEE Credential program Credential program Available for experimentation! Interpreter Kostiainen, Asokan, Ekberg and Rantala. On-board Credentials with Open Provisioning. ASIACCS

41 Summary Mobile phone security Requirements, regulations, user expectations Early adaptation of hardware security mechanisms Platform security architecture Many features borrow or adapted Permission based access control and code signing Open issues Permission granularity and assignment Kostiainen, Reshetova, Ekberg and Asokan. Old, New, Borrowed, Blue: A Perspective on Evolution of Mobile Platform Security Architectures. CODASPY

A Perspective on the Evolution of Mobile Platform Security Architectures

A Perspective on the Evolution of Mobile Platform Security Architectures A Perspective on the Evolution of Mobile Platform Security Architectures N. Asokan Nokia Research Center Joint work with Kari Kostiainen, Jan-Erik Ekberg, Elena Reshetova (Intel) Padova, July 2012 1 Introduction

More information

Mobile Platform Security Architectures A perspective on their evolution

Mobile Platform Security Architectures A perspective on their evolution Mobile Platform Security Architectures A perspective on their evolution N. Asokan Kari Kostiainen 1 NA, KKo, JEE, Nokia Resarch Center 2011-2012 Introduction Recent interest in smartphone security 2 NA,

More information

Lecture 17: Mobile Computing Platforms: Android. Mythili Vutukuru CS 653 Spring 2014 March 24, Monday

Lecture 17: Mobile Computing Platforms: Android. Mythili Vutukuru CS 653 Spring 2014 March 24, Monday Lecture 17: Mobile Computing Platforms: Android Mythili Vutukuru CS 653 Spring 2014 March 24, Monday Mobile applications vs. traditional applications Traditional model of computing: an OS (Linux / Windows),

More information

Building Blocks Towards a Trustworthy NFV Infrastructure

Building Blocks Towards a Trustworthy NFV Infrastructure Building Blocks Towards a Trustworthy NFV Infrastructure IRTF NFVRG Adrian L. Shaw Hewlett-Packard Laboratories / July 22 nd, 2015 1 Why security and trust? Big requirement for critical

More information

Acronym Term Description

Acronym Term Description This glossary contains definitions of terms created by TCG, or terms that have a particular meaning in trusted computing, or terms that cause particular confusion in trusted computing. Acronym Term Description

More information

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing Stefan Berger Joint work with: Kenneth Goldman, Dimitrios Pendarakis, David Safford, Mimi Zohar IBM T.J. Watson Research Center 09/21/2011

More information

M-Shield mobile security technology

M-Shield mobile security technology Technology for Innovators TM M-Shield mobile security technology making wireless secure Overview As 3G networks are successfully deployed worldwide, opportunities are arising to deliver to end-users a

More information

Lecture Embedded System Security A. R. Sadeghi, @TU Darmstadt, 2011 2012 Introduction Mobile Security

Lecture Embedded System Security A. R. Sadeghi, @TU Darmstadt, 2011 2012 Introduction Mobile Security Smartphones and their applications have become an integral part of information society Security and privacy protection technology is an enabler for innovative business models Recent research on mobile

More information

Analysis of advanced issues in mobile security in android operating system

Analysis of advanced issues in mobile security in android operating system Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of

More information

User. Role. Privilege. Environment. Checkpoint. System

User. Role. Privilege. Environment. Checkpoint. System 8. Security Features Motivation Viruses, spam, trojan horses have become increasingly common in PC environment In mobile environment, new kinds of opportunities offered for malicious software Potentially

More information

Trustworthy Computing

Trustworthy Computing Stefan Thom Senior Software Development Engineer and Security Architect for IEB, Microsoft Rob Spiger, Senior Security Strategist Trustworthy Computing Agenda Windows 8 TPM Scenarios Hardware Choices with

More information

Mobile Simplified Security Framework

Mobile Simplified Security Framework Mobile Simplified Security Framework Dmitry Kasatkin Nokia Corporation dmitry.kasatkin@nokia.com Abstract Linux kernel has already several security frameworks such SELinux, AppArmor, Tomoyo and Smack.

More information

Example of Standard API

Example of Standard API 16 Example of Standard API System Call Implementation Typically, a number associated with each system call System call interface maintains a table indexed according to these numbers The system call interface

More information

Mobile Operating Systems. Week I

Mobile Operating Systems. Week I Mobile Operating Systems Week I Overview Introduction Mobile Operating System Structure Mobile Operating System Platforms Java ME Platform Palm OS Symbian OS Linux OS Windows Mobile OS BlackBerry OS iphone

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Android Security. Device Management and Security. by Stephan Linzner & Benjamin Reimold

Android Security. Device Management and Security. by Stephan Linzner & Benjamin Reimold Android Security Device Management and Security by Stephan Linzner & Benjamin Reimold Introducing Stephan Linzner Benjamin Reimold Consultant, Software Engineer Mobile Developer Founder of Stuttgart GTUG

More information

Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006

Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006 Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006 April 12th, 2006 1 Synopsis Background Trusted boot Security enhancements to boot loader Necessary code U-Boot Kernel

More information

Opal SSDs Integrated with TPMs

Opal SSDs Integrated with TPMs Opal SSDs Integrated with TPMs August 21, 2012 Robert Thibadeau, Ph.D. U.S. Army SSDs Must be Opal s We also Studied using the TPM (Trusted Platform Module) with an Opal SSD (Self-Encrypting Drive) 2 Security

More information

Adobe Flash Player and Adobe AIR security

Adobe Flash Player and Adobe AIR security Adobe Flash Player and Adobe AIR security Both Adobe Flash Platform runtimes Flash Player and AIR include built-in security and privacy features to provide strong protection for your data and privacy,

More information

QUIRE: : Lightweight Provenance for Smart Phone Operating Systems

QUIRE: : Lightweight Provenance for Smart Phone Operating Systems QUIRE: : Lightweight Provenance for Smart Phone Operating Systems Dan S. Wallach Rice University Joint work with Mike Dietz, Yuliy Pisetsky, Shashi Shekhar, and Anhei Shu Android's security is awesome

More information

Network Licensing. White Paper 0-15Apr014ks(WP02_Network) Network Licensing with the CRYPTO-BOX. White Paper

Network Licensing. White Paper 0-15Apr014ks(WP02_Network) Network Licensing with the CRYPTO-BOX. White Paper WP2 Subject: with the CRYPTO-BOX Version: Smarx OS PPK 5.90 and higher 0-15Apr014ks(WP02_Network).odt Last Update: 28 April 2014 Target Operating Systems: Windows 8/7/Vista (32 & 64 bit), XP, Linux, OS

More information

Security challenges for internet technologies on mobile devices

Security challenges for internet technologies on mobile devices Security challenges for internet technologies on mobile devices - Geir Olsen [geiro@microsoft.com], Senior Program Manager for Security Windows Mobile, Microsoft Corp. - Anil Dhawan [anild@microsoft.com],

More information

SA Series SSL VPN Virtual Appliances

SA Series SSL VPN Virtual Appliances SA Series SSL VPN Virtual Appliances Data Sheet Published Date July 2015 Product Overview The world s mobile worker population passed the 1 billion mark in 2010 and will grow to more than 1.3 billion by

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

Secure Wireless Application Platform

Secure Wireless Application Platform Texas Instruments SW@P Secure Wireless Application Platform New Challenges for Wireless Handsets Open Environment Multi-application, Interoperability Multiple Access Data Paths GSM/GPRS, EDGE, 802.11,

More information

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES Contents Introduction... 3 DRM Threat Model... 3 DRM Flow... 4 DRM Assets... 5 Threat Model... 5 Protection of

More information

Secure Data Management in Trusted Computing

Secure Data Management in Trusted Computing 1 Secure Data Management in Trusted Computing Ulrich Kühn Deutsche Telekom Laboratories, TU Berlin Klaus Kursawe (KU Leuven) Stefan Lucks (U Mannheim) Ahmad-Reza Sadeghi (RU Bochum) Christian Stüble (RU

More information

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

A framework for on-device privilege escalation exploit execution on Android

A framework for on-device privilege escalation exploit execution on Android 1 A framework for on-device privilege escalation exploit execution on Android IWSSI/SPMU 2011 at Pervasive 2011 12. June 2011, San Francisco, CA, US Sebastian Höbarth, Rene Mayrhofer Fachhochschule Hagenberg,

More information

CSE543 - Introduction to Computer and Network Security. Module: Reference Monitor

CSE543 - Introduction to Computer and Network Security. Module: Reference Monitor CSE543 - Introduction to Computer and Network Security Module: Reference Monitor Professor Trent Jaeger 1 Living with Vulnerabilities So, software is potentially vulnerable In a variety of ways So, how

More information

Introducing etoken. What is etoken?

Introducing etoken. What is etoken? Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant

More information

BlackBerry 10.3 Work and Personal Corporate

BlackBerry 10.3 Work and Personal Corporate GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network

More information

BUSINESS PROTECTION. PERSONAL PRIVACY. ONE DEVICE.

BUSINESS PROTECTION. PERSONAL PRIVACY. ONE DEVICE. BUSINESS PROTECTION. PERSONAL PRIVACY. ONE DEVICE. Enhanced Security for Your Network and Business Intelligence. Work Hard. Rest Easy. Today, employees are always on, which for you means always vulnerable.

More information

Research and Design of Universal and Open Software Development Platform for Digital Home

Research and Design of Universal and Open Software Development Platform for Digital Home Research and Design of Universal and Open Software Development Platform for Digital Home CaiFeng Cao School of Computer Wuyi University, Jiangmen 529020, China cfcao@126.com Abstract. With the development

More information

Remote Application Server Version 14. Last updated: 25-02-15

Remote Application Server Version 14. Last updated: 25-02-15 Remote Application Server Version 14 Last updated: 25-02-15 Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise

More information

2. An Operating System, What For?

2. An Operating System, What For? 2. An Operating System, What For? 2. An Operating System, What For? Operating System Tasks Survey of Operating System Principles 14 / 352 2. An Operating System, What For? Batch Processing Punched Cards

More information

Kernel Types System Calls. Operating Systems. Autumn 2013 CS4023

Kernel Types System Calls. Operating Systems. Autumn 2013 CS4023 Operating Systems Autumn 2013 Outline 1 2 Types of 2.4, SGG The OS Kernel The kernel is the central component of an OS It has complete control over everything that occurs in the system Kernel overview

More information

OMAP platform security features

OMAP platform security features SWPT008 - July 2003 White Paper OMAP platform security features By Harini Sundaresan Applications Engineer, OMAP Security Texas Instruments, Wireless Terminal Business Unit This white paper introduces

More information

Software-based TPM Emulator for Linux

Software-based TPM Emulator for Linux Software-based TPM Emulator for Linux Semester Thesis Mario Strasser Department of Computer Science Swiss Federal Institute of Technology Zurich Summer Semester 2004 Mario Strasser: Software-based TPM

More information

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions AMD DAS (DASH, AMD Virtualization (AMD-V ) Technology, and Security) 1.0 is a term used to describe the various

More information

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2 BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution

More information

Remote Application Server Version 14. Last updated: 06-02-15

Remote Application Server Version 14. Last updated: 06-02-15 Remote Application Server Version 14 Last updated: 06-02-15 Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise

More information

Android Operating System

Android Operating System Prajakta S.Adsule Student-M.B.A.[I.T.] BharatiVidyapeeth Deemed University,Pune(india) praju_hiramani@yahoo.co.in Mob. No. 9850685985 Android Operating System Abstract- Android operating system is one

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

Embedded Trusted Computing on ARM-based systems

Embedded Trusted Computing on ARM-based systems 1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014 Agenda 2 of 26 martin.schramm@th-deg.de Embedded computing platforms have become omnipresent intend to alleviate

More information

The TCG Dynamic Root for Trusted Measurement

The TCG Dynamic Root for Trusted Measurement Copyright Trusted Computing Group 1 The TCG Dynamic Root for Trusted Measurement Author: Lee Wilson TCG D-RTM Subgroup Chair PureFlex Security Architect, IBM Corporation BASIC CONCEPTS Copyright 2013 Trusted

More information

CEN 559 Selected Topics in Computer Engineering. Dr. Mostafa H. Dahshan KSU CCIS mdahshan@ccis.ksu.edu.sa

CEN 559 Selected Topics in Computer Engineering. Dr. Mostafa H. Dahshan KSU CCIS mdahshan@ccis.ksu.edu.sa CEN 559 Selected Topics in Computer Engineering Dr. Mostafa H. Dahshan KSU CCIS mdahshan@ccis.ksu.edu.sa Access Control Access Control Which principals have access to which resources files they can read

More information

Software Execution Protection in the Cloud

Software Execution Protection in the Cloud Software Execution Protection in the Cloud Miguel Correia 1st European Workshop on Dependable Cloud Computing Sibiu, Romania, May 8 th 2012 Motivation clouds fail 2 1 Motivation accidental arbitrary faults

More information

Kaspersky Security 10 for Mobile Implementation Guide

Kaspersky Security 10 for Mobile Implementation Guide Kaspersky Security 10 for Mobile Implementation Guide APPLICATION VERSION: 10.0 MAINTENANCE RELEASE 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful

More information

Kaspersky Lab Mobile Device Management Deployment Guide

Kaspersky Lab Mobile Device Management Deployment Guide Kaspersky Lab Mobile Device Management Deployment Guide Introduction With the release of Kaspersky Security Center 10.0 a new functionality has been implemented which allows centralized management of mobile

More information

Android Fundamentals 1

Android Fundamentals 1 Android Fundamentals 1 What is Android? Android is a lightweight OS aimed at mobile devices. It is essentially a software stack built on top of the Linux kernel. Libraries have been provided to make tasks

More information

Net 2. NetApp Electronic Library. User Guide for Net 2 Client Version 6.0a

Net 2. NetApp Electronic Library. User Guide for Net 2 Client Version 6.0a Net 2 NetApp Electronic Library User Guide for Net 2 Client Version 6.0a Table of Contents 1 INTRODUCTION AND KEY FEATURES... 3 SOME OF THE KEY FEATURES INCLUDE:... 3 INSTALLATION PREREQUISITES:... 3 2

More information

Symbian phone Security

Symbian phone Security ITSX Overview Symbian OS. Risks and Features. Taking it apart. Conclusions. Symbian History Psion owner of EPOC OS, originally from 1989, released EPOC32 in 1996 EPOC32 was designed with OO in C++ 1998:

More information

BYOD Guidance: BlackBerry Secure Work Space

BYOD Guidance: BlackBerry Secure Work Space GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.

More information

OVAL+TPM. A Case Study in Enterprise Trusted Computing. Ariel Segall. June 21, 2011

OVAL+TPM. A Case Study in Enterprise Trusted Computing. Ariel Segall. June 21, 2011 OVAL+TPM A Case Study in Enterprise Trusted Computing Ariel Segall June 21, 2011 Approved for Public Release: 11-0144. Distribution Unlimited. c 2011. All Rights Reserved. (1/15) Motivation Goal: Demonstrate

More information

Duissit vent volorper si endre erat. mobility made simple. White Paper SPLITWARE MOBILITY PLATFORM: SECURE ENTERPRISE MOBILITY

Duissit vent volorper si endre erat. mobility made simple. White Paper SPLITWARE MOBILITY PLATFORM: SECURE ENTERPRISE MOBILITY S E Q U O I A C L U B Duissit vent volorper si endre erat mobility made simple. White Paper SPLITWARE MOBILITY PLATFORM: SECURE ENTERPRISE MOBILITY Mobile Reach +1 919 336 2500 www.mobilereach.com splitware

More information

Chapter 14 Virtual Machines

Chapter 14 Virtual Machines Operating Systems: Internals and Design Principles Chapter 14 Virtual Machines Eighth Edition By William Stallings Virtual Machines (VM) Virtualization technology enables a single PC or server to simultaneously

More information

Using ARM TrustZone Technology for Securing Embedded Devices Running Applications of Mixed Criticality Presenter: Felix Baum, Mentor

Using ARM TrustZone Technology for Securing Embedded Devices Running Applications of Mixed Criticality Presenter: Felix Baum, Mentor Using ARM TrustZone Technology for Securing Embedded Devices Running Applications of Mixed Criticality Presenter: Felix Baum, Mentor Agenda Objectives Describe the need for hardware enforced security Outline

More information

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing Driving Productivity Without Compromising Protection Brian Duckering Mobile Trend Marketing Mobile Device Explosion Paves Way for BYOD 39% 69% 340% 2,170% 2010 177M corp PCs 2015 246M corp PCs 2010 173

More information

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0 White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative

More information

IBM Endpoint Manager for Mobile Devices

IBM Endpoint Manager for Mobile Devices IBM Endpoint Manager for Mobile Devices A unified platform for managing mobile devices together with your traditional endpoints Highlights Address business and technology issues of security, complexity

More information

Index. BIOS rootkit, 119 Broad network access, 107

Index. BIOS rootkit, 119 Broad network access, 107 Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,

More information

CSE343/443 Lehigh University Fall Mobile Security. Presenter: Yinzhi Cao Lehigh University

CSE343/443 Lehigh University Fall Mobile Security. Presenter: Yinzhi Cao Lehigh University CSE343/443 Lehigh University Fall 2015 Mobile Security Presenter: Yinzhi Cao Lehigh University Some contents are borrowed from the following sources. http://siis.cse.psu.edu/slides/android-sec-tutorial.pdf

More information

ONBOARD CREDENTIALS: HARDWARE ASSISTED SECURE STORAGE OF CREDENTIALS

ONBOARD CREDENTIALS: HARDWARE ASSISTED SECURE STORAGE OF CREDENTIALS HELSINKI UNIVERSITY OF TECHNOLOGY Department of Computer Science and Engineering Telecommunications Software and Multimedia Laboratory ONBOARD CREDENTIALS: HARDWARE ASSISTED SECURE STORAGE OF CREDENTIALS

More information

M-Shield Mobile Security Technology: making wireless secure

M-Shield Mobile Security Technology: making wireless secure WHITE PAPER Jerome Azema Distinquished Member of Technical Staff WTBU Chief Technology Office - Security Texas Instruments Gilles Fayad Worldwide Strategic Marketing Manager, Mobile Platform Security and

More information

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Will Fiveash presenter, Darren Moffat author Staff Engineer Solaris Kerberos Development Safe Harbor Statement The following

More information

End User Devices Security Guidance: Apple ios 8

End User Devices Security Guidance: Apple ios 8 GOV.UK Guidance End User Devices Security Guidance: Apple ios 8 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best satisfy

More information

Lecture 2 PLATFORM SECURITY IN ANDROID OS

Lecture 2 PLATFORM SECURITY IN ANDROID OS Lecture 2 PLATFORM SECURITY IN ANDROID OS You will be learning: Android as a software platform Internals and surrounding ecosystem Security techniques in Android: Application signing Application isolation

More information

Hardware Security Modules for Protecting Embedded Systems

Hardware Security Modules for Protecting Embedded Systems Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &

More information

Securely Yours LLC We secure your information world. www. SecurelyYoursllc.com

Securely Yours LLC We secure your information world. www. SecurelyYoursllc.com We secure your information world www. Mobile Security Features What are the new security features in Android KitKat 4.4 and IOS 7?. IOS Feature 1 Single Sign-on Previously available for multiple apps developed

More information

Trusted Platforms for Homeland Security

Trusted Platforms for Homeland Security Trusted Platforms for Homeland Security By Kevin Schutz, Product Manager Secure Products Summary Ongoing threats from hackers, viruses, and worms continue to make security a top priority for IT and business

More information

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives Main Line / Date / Etc. June May 2008 2nd Line 80-11-01583 xx-xx-xxxx Revision 1.0 Tagline Here Table of Contents

More information

Securing Critical Corporate Data in a Mobile World

Securing Critical Corporate Data in a Mobile World Page 2 of 14 Securing Critical Corporate Data in a Mobile World Page 3 of 14 Table of Contents 1 Mobile is the New Normal... 4 1.1 The Critical Importance of Mobile Security... 4 1.2 Mobile Security Challenges...

More information

Security Technology for Smartphones

Security Technology for Smartphones Security Technology for Smartphones Yasuhiko Abe Hitoshi Ikeda Masafumi Emura Service functions are implemented on smartphones by storing on them personal information, network-operator information, corporate

More information

Secure Elements for You and Me: A Model for Programmable Secure Hardware in Mobile Ecosystems

Secure Elements for You and Me: A Model for Programmable Secure Hardware in Mobile Ecosystems Android Security Symposium, Vienna, 9-11 September 2015 Secure Elements for You and Me: A Model for Programmable Secure Hardware in Mobile Ecosystems Marcos da Silva Ramos, Andre Rein Fraunhofer SIT, Darmstadt,

More information

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013 Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust Dan Griffin DefCon 2013 Time-Bound Keys Announcements New tool: TimedKey.exe New whitepaper: Trusted Tamperproof Time on Mobile

More information

Programming Android Smart Phones. Tom Chothia Internet Computing Workshop

Programming Android Smart Phones. Tom Chothia Internet Computing Workshop Programming Android Smart Phones Tom Chothia Internet Computing Workshop What is Android? A mobile phone operating system. Best selling smart phone OS. Runs on a range of hardware Based on Linux and Java

More information

Android Architecture For Beginners

Android Architecture For Beginners Leon Romanovsky leon@leon.nu www.leon.nu April 22, 2013 Introduction Linux-based operating system with market share - 69.70% in smartphones, 42% in tablets, available on smart TVs and mini PC. History

More information

Using the TPM to Solve Today s Most Urgent Cybersecurity Problems

Using the TPM to Solve Today s Most Urgent Cybersecurity Problems Using the to Solve Today s Most Urgent Cybersecurity Problems May 20, 2014 10:00AM PDT 2 Stacy Cannady, Technical Marketing Trustworthy Computing, Cisco Stacy Cannady, CISSP, is technical marketing - Trustworthy

More information

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded

More information

Fairsail REST API: Guide for Developers

Fairsail REST API: Guide for Developers Fairsail REST API: Guide for Developers Version 1.02 FS-API-REST-PG-201509--R001.02 Fairsail 2015. All rights reserved. This document contains information proprietary to Fairsail and may not be reproduced,

More information

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed

More information

Reminders. Lab opens from today. Many students want to use the extra I/O pins on

Reminders. Lab opens from today. Many students want to use the extra I/O pins on Reminders Lab opens from today Wednesday 4:00-5:30pm, Friday 1:00-2:30pm Location: MK228 Each student checks out one sensor mote for your Lab 1 The TA will be there to help your lab work Many students

More information

Security Enhanced Linux on Embedded Systems: a Hardware-accelerated Implementation

Security Enhanced Linux on Embedded Systems: a Hardware-accelerated Implementation Security Enhanced Linux on Embedded Systems: a Hardware-accelerated Implementation Leandro Fiorin, Alberto Ferrante Konstantinos Padarnitsas, Francesco Regazzoni University of Lugano Lugano, Switzerland

More information

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution? MaaS360 FAQs This guide is meant to help answer some of the initial frequently asked questions businesses ask as they try to figure out the who, what, when, why and how of managing their smartphone devices,

More information

vsphere Upgrade vsphere 6.0 EN-001721-03

vsphere Upgrade vsphere 6.0 EN-001721-03 vsphere 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,

More information

Guidance End User Devices Security Guidance: Apple OS X 10.9

Guidance End User Devices Security Guidance: Apple OS X 10.9 GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.9 Published 23 January 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform

More information

WatchDox Administrator's Guide. Application Version 3.7.5

WatchDox Administrator's Guide. Application Version 3.7.5 Application Version 3.7.5 Confidentiality This document contains confidential material that is proprietary WatchDox. The information and ideas herein may not be disclosed to any unauthorized individuals

More information

BlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide

BlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide BlackBerry Enterprise Service 10 Universal Service Version: 10.2 Administration Guide Published: 2015-02-24 SWD-20150223125016631 Contents 1 Introduction...9 About this guide...10 What is BlackBerry

More information

Secure web transactions system

Secure web transactions system Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends

More information

Bell Mobile Device Management (MDM)

Bell Mobile Device Management (MDM) Bell MDM Business FAQs 1 Bell Mobile Device Management (MDM) Frequently Asked Questions INTRODUCTION Bell Mobile Device Management provides business customers an all in one device administration tool to

More information

Instructions for use the VPN at the Warsaw School of Economics

Instructions for use the VPN at the Warsaw School of Economics Instructions for use the VPN at the Warsaw School of Economics Dariusz Jaruga. ver. 1.1 (19-01-2011) Introduction VPN is the abbreviation for Virtual Personal Network which allows you to connect your computer

More information

Windows Security. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger. www.cse.psu.edu/~tjaeger/cse497b-s07/

Windows Security. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger. www.cse.psu.edu/~tjaeger/cse497b-s07/ Windows Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ Windows Security 0 to full speed No protection system in early versions

More information

Property Based TPM Virtualization

Property Based TPM Virtualization Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix

More information

Social Media & Mobile Handheld Devices: The Platforms, Operating Systems, devices& Applications. The wireless last mile & User Interface choices

Social Media & Mobile Handheld Devices: The Platforms, Operating Systems, devices& Applications. The wireless last mile & User Interface choices The wireless last mile & User Interface choices Manoj Pant CEO, Shankh Inc, Mumbai ( Social transformation via technology innovation ) manoj.pant@shankhinc.com Mob : +91 9820018300 Social Media & Mobile

More information

http://docs.trendmicro.com

http://docs.trendmicro.com Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,

More information

Can you trust me now? The Current State of Mobile Security

Can you trust me now? The Current State of Mobile Security Can you trust me now? The Current State of Mobile Security Black Hat USA August 2016 Atredis Partners Overview Bene Diagnoscitur, Bene Curatur That which is well diagnosed is well cured. Research Driven

More information

Rights Management Services

Rights Management Services www.css-security.com 425.216.0720 WHITE PAPER Microsoft Windows (RMS) provides authors and owners the ability to control how they use and distribute their digital content when using rights-enabled applications,

More information

Desktop Virtualization. The back-end

Desktop Virtualization. The back-end Desktop Virtualization The back-end Will desktop virtualization really fit every user? Cost? Scalability? User Experience? Beyond VDI with FlexCast Mobile users Guest workers Office workers Remote workers

More information

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution 1 Lecture Embedded System Security Dynamic Root of Trust and Execution Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2014 Dynamic Root

More information