Berlin Institute of Technology FG Security in Telecommunications Weiss L4Android: A Generic Operating System Framework for Secure Smartphones Workshop on Security and Privacy in Smartphones and Mobile Devices Matthias Lange, S. Liebergeld, A. Lackorzynski, A. Warg, M. Peter, October 17th, 2011 mlange@sec.t-labs.tu-berlin.de
This talk is not about mobile virtualization. 2
Motivation Near field communication Secure text and voice communication BYOD policies 3
Motivation Near field communication Secure text and voice communication BYOD policies The NSA Wants Its Own Smartphone (Uberreview [1], 9/27/2011) 3
Motivation Near field communication Secure text and voice communication BYOD policies The NSA Wants Its Own Smartphone (Uberreview [1], 9/27/2011) AT&T toggle taps Enterproid for Android device management (eweek [5], 10/12/2011) 3
Emerging threats Existing OS not a secure foundation 4
Emerging threats Existing OS not a secure foundation QR code infects Android phones with Trojan malware (Android community [4], 9/30/2011) 4
Emerging threats Existing OS not a secure foundation QR code infects Android phones with Trojan malware (Android community [4], 9/30/2011) Android vulnerability renders antivirus products ineffective (The Inquirer [3], 10/4/2011) 4
Emerging threats Existing OS not a secure foundation QR code infects Android phones with Trojan malware (Android community [4], 9/30/2011) Android vulnerability renders antivirus products ineffective (The Inquirer [3], 10/4/2011) HTC Android Handsets spew private data to ANY app (The Register [2], 10/3/2011) 4
Outline Framework architecture Results 5
Berlin Institute of Technology FG Security in Telecommunications Weiss Framework Architecture
Instead of this... Applications Browser VPN Secure Voice Phone Home Contacts Calendar Email Application Framework Notification Manager Activity Manager Window Manager Resource Manager Package Manager Telephony Manager Location Manager Media Manager Surface Manager Crypto Manager User Linux Kernel Kernel Display Driver Camera Driver Flash Driver NFC Driver Power Mgmt Audio Driver... Keypad Driver Wifi Driver Smartcard 7
... we want that Applications Browser VPN Secure Voice Phone Home Contacts Calendar Email Application Framework Notification Manager Activity Manager Window Manager Resource Manager Package Manager Telephony Manager Location Manager Media Manager Surface Manager Crypto Manager Platform support Display Driver Camera Driver Flash Driver NFC Driver Power Mgmt Audio Driver... Keypad Driver Wifi Driver Smartcard User Kernel Kernel 8
Building blocks Microkernel Runtime environment Virtual machines 9
Architecture 10
Architecture VM (private) VM (business) Android userlevel software stack (unmodified) Virtual Smartcard Virtual Smartcard Crypto Android userlevel software stack (unmodified) L4Android Kernel Smartcard Multiplexer L4Android Kernel Platform support & device drivers Display Touch Sensors Smartcard Storage I2C SPI GPIO Timer Clocks Runtime Environment Memory Mgr IO Mgr Roottask Microkernel Loader User Kernel 10
Berlin Institute of Technology FG Security in Telecommunications Weiss Results
Results Framework does not require hardware modifcations or extensions Microkernel and runtime environment running on x86 and ARM L4Android on x86 and ARM generic HW interface for both architectures Prototypes running on Freescale imx.51 (ARM) Aava Moorestown Smartphone (x86) Samsung Galaxy S2 (ARM) Odroid-A tablet (ARM) 12
Check l4android.org 13
Berlin Institute of Technology FG Security in Telecommunications Questions? Thank you!
[1] http://www.uberreview.com/2011/09/the-nsawants-its-own-smartphone.htm [2] http://www.theregister.co.uk/2011/10/03/ htc_android_security/ [3] http://www.theinquirer.net/inquirer/news/ 2114308/android-vulnerability-renders-antivirusproducts-ineffective [4] http://androidcommunity.com/qr-code-infectsandroid-phones-with-trojan-malware-20110930/ [5] http://www.eweek.com/c/a/mobile-and-wireless/ ATT-Toggle-Taps-Enterproid-for-Android-Device- Management-863216/ 15