High Secure Mobile Operating System Based on a New Mobile Internet Device Hardware Architecture



Similar documents
The Behavioral Analysis of Android Malware

Big Data Analytics of Multi-Relationship Online Social Network Based on Multi-Subnet Composited Complex Network

Lecture Embedded System Security A. R. Darmstadt, Introduction Mobile Security

Analysis of advanced issues in mobile security in android operating system

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security

The Design and Implementation of the Integrated Model of the Advertisement and Remote Control System for an Elevator

DETECTION OF CONTRAVENTION IN MOBILE CLOUD SERVICES

Core Syllabus. Version 2.6 C OPERATE KNOWLEDGE AREA: OPERATION AND SUPPORT OF INFORMATION SYSTEMS. June 2006

Huawei Network Edge Security Solution

Mobile Operating Systems. Week I

Research on Situation and Key Issues of Smart Mobile Terminal Security

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN:

Are free Android virus scanners any good?

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Alaa Alhamami, Avan Sabah Hamdi Amman Arab University Amman, Jordan

Development of Integrated Management System based on Mobile and Cloud Service for Preventing Various Hazards

International Journal of Advance Research in Computer Science and Management Studies

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis,

A Noble Integrated Management System based on Mobile and Cloud service for preventing various hazards

A Research Using Private Cloud with IP Camera and Smartphone Video Retrieval

Designing and Embodiment of Software that Creates Middle Ware for Resource Management in Embedded System

Tutorial on Smartphone Security

Internet of things (IOT) applications covering industrial domain. Dev Bhattacharya

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

Policy and Profile Reference Guide

CSIS CSIS 3230 Spring Networking, its all about the apps! Apps on the Edge. Application Architectures. Pure P2P Architecture

Toward Connected Vehicle with AGL

Eureka Technology. Understanding SD, SDIO and MMC Interface. by Eureka Technology Inc. May 26th, Copyright (C) All Rights Reserved

Junos Pulse for Google Android

networks Live & On-Demand Video Delivery without Interruption Wireless optimization the unsolved mystery WHITE PAPER

Index. 1-FLYPOS hardware/firmware Technology Overview 2-FLYPOS software architecture 3-Gateway/Acquirer Interface 4-Letters of Approval

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University

Dell Wyse Cloud Connect discussion card

Preliminary Investigation of Smartphone Usages in Kazakhstan

COMPUTER ENGINEERING PROGRAM DR. YAN LINDSAY SUN

CHAPTER 8: NETWORKING AND DIGITAL COMMUNICATION

How To Protect Your Network From Threats From Your Network (For A Mobile) And From Your Customers (For An Enterprise)

Chapter 3. Internet Applications and Network Programming

Mobile Operating Systems Lesson 05 Windows CE Part 1

Remote Desktop Access through Android Mobiles and Android Mobiles Access through Web Browser

Berlin Institute of Technology FG Security in Telecommunications

Traffic Analyzer Based on Data Flow Patterns

Monitoring mobile communication network, how does it work? How to prevent such thing about that?

Longmai Mobile PKI Solution

The Future of the ARM Processor in Military Operations

HP AppPulse Mobile. Whitepaper: Privacy, Security, and Overhead. Document Release Date: September 2014 (v1.0)

Modern Accounting Information System Security (AISS) Research Based on IT Technology

U.S. Cellular Mobile Data Security. User Guide Version 00.01

Implementation of Wireless Gateway for Smart Home

HUMAN INTERACTION WITH MOBILE APPLICATIONS

BlackVue Cloud App Overview...3. Getting Started...6. Basic Menu Screens BlackVue Cloud BlackVue Wi-Fi Internal Memory...

A Transport Protocol for Multimedia Wireless Sensor Networks

Multi-level Metadata Management Scheme for Cloud Storage System

ios Developer Program Information

Security Threats on National Defense ICT based on IoT

How To Protect Your Network From Attack From A Network Security Threat

Development of a Service Robot System for a Remote Child Monitoring Platform

Protecting Corporate Data from Mobile Threats. And the emerging role for microsd-based security Art Swift CEO, CUPP Computing

A Study on the Dos Prevention System for SPT-based Sync Flooding Protection

Codeproof Mobile Security & SaaS MDM Platform

8/27/2014. What is a computer network? Introduction. Business Applications (1) Uses of Computer Networks. Business Applications (2)

COMPUTERS ARE YOUR FUTURE CHAPTER 7 NETWORKS: COMMUNICATING AND SHARING RESOURCES

Performance Measuring in Smartphones Using MOSES Algorithm

Review and Evaluation of Performance Measures in the Mobile Operating Systems

SierraVMI Sizing Guide

Design of a NAND Flash Memory File System to Improve System Boot Time

An Intelligent Parking Guidance and Information System by using image processing technique

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Protecting against Mobile Attacks

Parallel Compression and Decompression of DNA Sequence Reads in FASTQ Format

General background on mobile devices and solutions including context awareness

Quick Installation Guide

ReadyNAS OS 6.2. Reviewer s Guide

Intelligent. Data Sheet

CSE597a - Cell Phone OS Security. Cellphone Hardware. William Enck Prof. Patrick McDaniel

Emerging IT and Energy Star PC Specification Version 4.0: Opportunities and Risks. ITI/EPA Energy Star Workshop June 21, 2005 Donna Sadowy, AMD

A Collaborative Network Security Management System in Metropolitan Area Network

A Review on Network Intrusion Detection System Using Open Source Snort

PROFILEDROID: MULTI-LAYER PROFILING OF ANDROID APPLICATIONS XUETAO WEI LORENZO GOMEZ UNIVERSITY OF CALIFORNIA, RIVERSIDE PROFESSOR IULIAN NEAMTIU

Review of Mobile Applications Testing with Automated Techniques

Agenda What can we do now? And 5 years from now we will still be current!

Mobile Devices and Systems Lesson 02 Handheld Pocket Computers and Mobile System Operating Systems

Preamble: Remote Storage in Android Using SCTP

Information and Digital Technology

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Teaching Embedded So0ware Concepts Using Android

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

Mobile Commerce and Ubiquitous Computing. Chapter 6

Putting Operators at the Centre of

Some important words and phrases:

IMPLEMENTATION OF FPGA CARD IN CONTENT FILTERING SOLUTIONS FOR SECURING COMPUTER NETWORKS. Received May 2010; accepted July 2010

Comparative Study of Different Mobile Operating Systems

Thingsquare Technology

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Endpoint protection for physical and virtual desktops

Introduction Chapter 1. Uses of Computer Networks

Studying Security Weaknesses of Android System

Republic Polytechnic School of Information and Communications Technology C226 Operating System Concepts. Module Curriculum

Cisco ASA 5500 Series IPS Solution

Module 1: Facilitated e-learning

Transcription:

, pp. 127-136 http://dx.doi.org/10.14257/ijfgcn.2015.8.1.14 High Secure Mobile Operating System Based on a New Mobile Internet Device Hardware Architecture Gengxin Sun and Sheng Bin International College of Qingdao University, Qingdao, China sungengxin@qdu.edu.cn Software Technical College of Qingdao University, Qingdao, China icewine@126.com Abstract Mobile Internet as a new information and communication technology is growing fast. The security challenges facing from the Mobile Internet come from the mobile devices and access networks. A new Mobile Internet device architecture is proposed in this paper. Focusing on the characteristics of the new architecture, a high secure operating system with internal network structure is designed. There are two sub-kernels in the secure operating system, an inter-kernel data transmission protocol is implemented for communicating between two subkernels, which is connection-oriented and can provide reliable peer-to-peer connectivity. In this paper, we proposed the data transmission protocol implementation procedure and analyze protocol transmission efficiency. Keywords: Mobile Internet, Operating System, Data transmission Protocol. 1. Introduction The Mobile Internet refers to access to the World Wide Web from a mobile internet device, such as a smartphone or a feature phone, connected to a mobile network or other wireless network [1]. A mobile internet device (MID) is a multimedia-capable mobile device providing wireless internet access. They are usually designed to provide communication, information, entertainment and location-based services for personal use. The function of mobile internet device is always inferior to general computer. The Mobile Internet device architecture is different from general computer. It usually uses MicroProcessor Unit (MPU), such as an ARM Cortex CPU, wireless radio and a touchscreen. Aiming to the special architecture, Mobile Operating System is needed. Mobile Operating System is an operating system that operates a smartphone, tablet, PDA, or other mobile device. Modern mobile operating systems combine the features of a personal computer operating system with other features, including a touchscreen, cellular, Bluetooth, Wi-Fi, GPS mobile navigation, camera, video camera, speech recognition, voice recorder, music player, near field communication and infrared blaster [2]. The class of mobile operating system mainly included Windows CE, IOS, Android, Ubuntu Touch OS and Windows 7. Due to the characteristics of the mobile internet device, security issues of Mobile Internet device compared to traditional general computer, there are some differences between them as following: (1) Due to the limited computing and storage capacity of Mobile Internet device, there is serious technology limitations for some security protection technique develop, for example, sophisticated encryption algorithm can not be used, large virus libraries cannot be stored. (2) Transmission method of malicious software is more diverse, whose concealment is ISSN: 2233-7857 IJFGCN Copyright c 2015 SERSC

higher. (3) Mobile Internet is wireless access to the Internet via a cellular telephone service provider, which causes more easily to eavesdropping, surveillance and aggressive behavior. Currently, malicious software (such as viruses, Trojans, etc.) has constituted a major threat to the security of Mobile Internet device, continuously enhance of memory and chip ing capabilities give malicious software more living space, open operating system and application programming interfaces greatly facilitate the development and intrusion of malicious software, at the same time, the increasing Mobile Internet users create the environment for the spread of malicious software, so how to detect and protect from malicious software is essential to ensure security and privacy protection of Mobile Internet device. A series of Mobile Internet security techniques have been used to protect the Mobile Internet device security. Bose [3] proposed a behavior detection framework to detect viruses, worms, Trojans and other malicious software on Mobile Internet device. Enck [4] proposed a lightweight application security verification method for android. Kim [5] proposed a detection method based energy monitoring, which can detect malware by finding energy exception. Cheng [6] proposed a virus detection and warning system based on collaboration between the Mobile Internet devices. Although above methods have enhanced the security of Mobile Internet device, they could not solve the fundamental security problem due to Mobile Internet device hardware architecture. 2. New Mobile Internet Device Architecture and Operating System A new high secure hardware architecture of Mobile Internet device has been proposed by Fengjing Shao [7]. There are a CPU and two physically isolated system buses in new high secure architecture, which can ensure only one bus to be connected to CPU at the same time through Bus Bridge [8]. Mobile Internet device system is divided into two subsystems according to local bus and network bus. All network devices mounted on the network bus form network subsystem which connects to Internet. All storage devices and peripheral mounted on the local bus make up local subsystem which is isolated from Internet. Hardware-level isolation can effectively ensure the security of privacy data in local subsystem. lcoal subsystem storge device audio/vidio devices other devices touchscreen shared bus CPU network subsystem other shared devices local bus bus bridge network bus network device cache other devices Internet Figure 1. The Secure Mobile Internet Device Hardware Architecture 128 Copyright c 2015 SERSC

The new secure Mobile Internet device hardware architecture is shown in Figure 1. In order to support the new hardware architecture, a high secure dual-kernel operating system with internal network structure is designed in this paper. There are two sub-kernels in the operating system, local kernel and network kernel run individually in two subsystems. The two sub-kernels communicate with each other by shared cache mounted on the shared bus. Inter- communication of operating system is similar to inter-computer of network [9]. A sub-kernel is like a local area network; in each sub-kernel there is only a gateway, which acts the role of gateway in local area network. The other es except gateway are named as. User can only communicate with user of another sub-kernel through gateway, which is the data transfer interface between the sub-kernels, of the same sub-kernel. The topological structure of dual-kernel operating system is shown in Figure 2. Gateway Gateway local kernel network kernel Figure 2. Topological Structure of Dual-kernel Operating System According to the characteristics of new Mobile Internet device hardware architecture, only one subsystem can use the CPU at any time, in other words, only one sub-kernel is active at the same time. So the two gateway can t directly communicate with each other, they must use the shared cache to transfer messages indirectly. The procedure of interkernel data transfer is shown in Figure 3. local kernel cache network kernel user user Gateway message message units units message message Gateway user Figure 3. The Procedure of Inter-kernel Data Transfer 3. Communication Mechanism of Dual-Kernel The new Mobile Internet device hardware architecture combined with the high secure mobile operating system can effectively prevent from malicious software intrusion to local subsystem, but it also prevents the data getting from Internet. Therefore, there should be a secure communication mechanism of dual-kernel, which not only can prevent from network intrusion, but also can implement communication between two kernels. An inter-kernel data Copyright c 2015 SERSC 129

transfer protocol is proposed and implemented for communicating between two sub-kernels securely. 3.1. Hardware Mechanism There is a cache mounted on the shared bus, it plays a role of bridge and can be operated by the two gateway es when transferring data between gateway es. The shared cache is divided into three parts: cache state, head area and area. The cache structure is shown in Figure 4. cache state head area area Transit cache state structure head 1 head 2 head n head 1 head 2 head n empty area n 2 1 n 2 1 low-end high-end Figure 4. Shared Cache Structure In the initialization, cache state is allocated in the low-end of shared cache, their corresponding are allocated in the high-end of shared cache, every head links its corresponding to form head area which is made up heads pointing to. A unit consists of a head and its. There into, head is used to descript unit attributes; is used to store data. There are two kinds of unit: unit and unit. All the same type of units is linked to be a doubly linked circular list. So there are network linked list and local linked list in the shared cache. Transit cache state contains a cache state structure which has three fields: network linked list head pointer, local linked list head pointer and residual count. Network and local linked list head pointer individually points to the first idle unit of the network and local doubly linked circular list, residual count indicates number of free unit in shared cache. Transit units which are divided into idle unit and unit are also linked in a doubly circular list. In the beginning, every unit is idle unit, when data transmission happens between sub-kernels, idle unit would be obtained from head of doubly circular list and become a unit, which would be inserted into tail of the list. Therefore, idle units would be in the front of the list while units would be in the end of the list. The doubly circular list of units is shown in the Figure 5. 130 Copyright c 2015 SERSC

linked list pointer Figure 5. The Doubly Circular List of Transit Units A pair of unites which have the same ID is needed to finish data transmission between sub-kernels. Network unit receives data which is sent by gateway of local sub-kernel. Similarly, Local unit receives data which is sent by gateway of network sub-kernel. When data transmission between sub-kernels finished, the two units would be released. 3.2. Data Transfer Protocol Between Dual-kernel In order to prevent from network intrusions via shared cache, a inter-subsystem data transfer protocol is designed. It is a connection-oriented protocol, which it can provide reliable peer-to-peer connectivity and ensure data transmission safely and inerrably between dual-kernel. In data transmission, data is in manner of packets stream. When data is written into or read from shared cache, data is in manner of file. The protocol format is shown in Figure 6.... FSI FBT FS FD FET ET... FSI:File Structure Information; FBT:Begin Token; FS:File Size; FD:File Data; FET:File End Token; ET Transfer End Token Figure 6. Data Transfer Protocol Format When using transfer protocol, gateway of one sub-kernel acts as sender, gateway of another sub-kernel acts as receiver at the same time. As a connection-oriented protocol, data transfer protocol between dual-kernel must set up peer-to-peer connection before beginning data transmission. For meeting the security needs of high secure mobile operating system, the data transfer protocol uses four-way handshake based on signature verification to establish connection. In data transfer connection, the data transfer which is used to send data is named sender gateway, and the which is used to receive data is called receiver gateway. Copyright c 2015 SERSC 131

Begin of creating a data transfer connection, the sender gateway obtains a private key, and then connection request message with signature through the private key is generated. Receiver gateway sends validation message with signature to sender gateway after receiving connection request message, sequence number of validation message is the sequence number of request message adds to 1. Thus, sender gateway would validate signature of validation message. Then, receiver gateway randomly generates a initial sequence number and sends connection request message with signature to sender gateway, sender gateway receives connection request message, which would also send validation message with signature to receiver gateway, sequence number of validation message is equal to the sequence number of request message adds to 1. The connection between two gateway es would be completely established if receiver gateway validates signature successfully. The above creating connection procedure of data transfer is shown in Figure 7. sender Router receiver Router open_sent connection request message(m)+signature open_wait established validation message(m+1)+signature connection request message(n)+signature open_rcvd validation message(n+1)+signature established Figure 7. The Creating Connection Procedure Connection of gateway in individual sub-kernel has been established, the dualkernel can communicate with each other, when communication completed, the connection needs to be closed, which also needs four-way handshake. For closing data transfer connection, the sender gateway sends a connection close message, whose sequence number is the next sequence number of sent message. After receiving connection close message, receiver gateway sends validation message to sender gateway, whose sequence number is that the sequence number of close message adds to 1. Then, receiver gateway sends connection close message to sender gateway, whose sequence number is also the next sequence number of sent message. Sender gateway receives connection close message, it would also send validation message to receiver gateway, whose close message sequence number is that receiver gateway adds to 1. After completion of these procedures, the connection can be closed licity. The procedure of closing connection is shown in Figure 8. 132 Copyright c 2015 SERSC

sender Router receiver Router close_sent connection close message H close_wait time_wait validation message H+1 connection close message I close_wait last_ack validation message I+1 closed Figure 3. The Closing Connection Procedure 4. Protocol Performance Evaluation According to concrete realization of data transfer protocol between dual-kernel, whose performance is analyzed in this Section. Protocol transmission efficiency E is the ratio of the requested effective data quantity and the total transfer data quantity. With increase or decrease of data transmission quantity, transmission efficiency E increases or decreases consequently. Supposing data transmission includes n files, and every file size is S bytes, thus, size of requested data D is D n S (1) Connection request message size is R 1 bytes, relevant validation message size is R 2 bytes. Data quantity of creating connection size Cmessage is defined as, Cmessage 2( R R ) (2) 1 2 Data stream prefix size is Pf, size of actual data transmission quantity through protocol Pdata is defined as, Pdata n( Pf S) (3) The total data transmission quantity Tdata is defined as, Tdata Cmessage Pdata (4) According to Equation (1) ~ Equation (4), Transfer efficiency E is defined as, Copyright c 2015 SERSC 133

D E Tdata 1 1 Pf 2 (R1 R 2) S n S (5) Because of connection request message size, relevant validation message, and value of Pf are constant, from Equation (5) we can know, transfer efficiency E would change along with data transmission quantity (file size S or number of file n ), and whose max is 1. 5. Conclusion In the Mobile Internet device hardware architecture, in order to prevent from network intrusions via shared cache, in the high secure mobile operating system, a intersubkernel data transmission protocol is implemented and used to control the inter-subkernel data transmission safety. The high secure mobile operating system can ensure security of the new Mobile Internet device architecture and be widely used other Mobile Internet device very well. References [1] N. Gupta, and S. Hilal, Role of Web Content Mining in Kids' based Mobile Search, International, Journal of Computer Applications, vol. 3, no. 62, (2013). [2] Y. Redda, Cross platform Mobile Applications Development: Mobile Apps Mobility, vol. 7, no. 51(2012). [3] A. Bose, X. Hu and K. Shin, Behavioral detection of malware on mobile handsets, Proceedings of the 6th international conference on Mobile systems, applications, and services, ACM, (2008). [4] W. Enck, M. Ongtang and P. McDaniel, On lightweight mobile phone application certification. Proceedings of the 16th ACM conference on Computer and communications security, ACM, (2009). [5] H. Kim, J. Smith and K. Shin, Detecting energy-greedy anomalies and mobile malware variants, Proceedings of the 6th international conference on Mobile systems, applications, and services, ACM, (2008). [6] J. Cheng, S. Wong and H. Yang, Smartsiren: virus detection and alert for smartphones, Proceedings of the 5th international conference on Mobile systems, applications and services, ACM, (2007). [7] W. Shuangbao, S. Fengjing and S. Ledley, Computer a framework of intrusion-free secure computer architecture, Security and Management, (2006), vol. 7, no. 22. [8] W. Tiedong, S. Fengjing, S. Rencheng and H. He, A hardware implement of bus bridge based on single CPU and dual bus architecture, Proceedings of International Symposium on Computer Science and Computational Technology, (2008); Shanghai, China. [9] S,S. Gengxin, Performance Test of An Embedded Real-Time Operating System Based on A New High- Security NetWork Computer, International Journal of Digital Content Technology and its Applications, vol. 4, no. 8, (2010). Authors Gengxin Sun received his Ph.D. degree in Computer Science from Qingdao University, China in 2013. He is currently an Associate Professor in the School of Computer Science and Engineering at Qingdao University. His main research interests include embedded system, operating system, complex networks, web information retrieval and data mining. 134 Copyright c 2015 SERSC

Sheng Bin received her Ph.D. degree in Computer Science from Shandong University of Science and Technology, China in 2009. She is currently a lecturer in the School of Software Technology at Qingdao University, China. Her main research interests include embedded system, operating system, complex networks, cloud computing and data mining. Copyright c 2015 SERSC 135

136 Copyright c 2015 SERSC

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information