Securing Smartphones: A Micro-TCB Approach
Abstract
As mobile phones have evolved into `smartphones', with complex operating systems running third- party software, they have become increasingly vulnerable to malicious applications (malware). We introduce a new design for mitigating malware attacks against smartphone users, based on a small trusted computing base module, denoted uTCB. The uTCB manages sensitive data and sensors, and provides core services to applications, independently of the operating system. The user invokes uTCB using a simple secure attention key, which is pressed in order to validate physical possession of the device and authorize a sensitive action; this protects private information even if the device is infected with malware. We present a proof-of-concept implementation of uTCB based on ARM's TrustZone, a secure execution environment increasingly found in smartphones, and evaluate our implementation using simulations.
Cite
@article{arxiv.1401.7444,
title = {Securing Smartphones: A Micro-TCB Approach},
author = {Yossi Gilad and Amir Herzberg and Ari Trachtenberg},
journal= {arXiv preprint arXiv:1401.7444},
year = {2014}
}