Software errors and complexity: an empirical investigation0
Communications of the ACM
A bibliography of windowing systems and security
ACM SIGSAC Review
Communications of the ACM
A Nitpicker's guide to a minimal-complexity secure GUI
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Design of the EROS trusted window system
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Towards trustworthy computing systems: taking microkernels to the next level
ACM SIGOPS Operating Systems Review
An efficient implementation of trusted channels based on openssl
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Implementation Aspects of Mobile and Embedded Trusted Computing
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Trust in a small package: minimized MRTM software implementation for mobile secure environments
Proceedings of the 2009 ACM workshop on Scalable trusted computing
A Pattern for Secure Graphical User Interface Systems
DEXA '09 Proceedings of the 2009 20th International Workshop on Database and Expert Systems Application
µTSS: a simplified trusted software stack
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Extending IPsec for efficient remote attestation
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Towards user-friendly credential transfer on open credential platforms
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Trusted virtual domains on OKL4: secure information sharing on smartphones
Proceedings of the sixth ACM workshop on Scalable trusted computing
Practical and lightweight domain isolation on Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
TruWalletM: secure web authentication on mobile platforms
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Secure enrollment and practical migration for mobile trusted execution environments
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Proceedings of the 29th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
Today's mobile phone platforms are powerful enough to be used as personal assistants that render and edit even complex document formats. However, short development cycles in combination with high complexity and extendability make these devices not secure enough for security-critical tasks. Therefore, end-users either have to use another secure device, or to accept the risk of losing sensitive information in the case of a loss of the device or a successful attack against it. We propose a security architecture to operate on security-critical documents using a commercial off-the-shelf (COTS) mobile phone hardware platform offering two working environments. The first one is under full control of the user while the second is isolated and restricted by additional security and mobile trusted computing services. The realizability of such an architecture has been proven based on a 'TrustedSMS' prototype developed on top of an OMAP-35xx development board, a hardware platform similar to many actual mobile phone platforms. The prototype includes nearly all components required to securely isolate the two compartments and implements use cases such as SMS writing, signing, receiving, verification, and key management.