SEIP: simple and efficient integrity protection for open mobile platforms

Authors:
Xinwen Zhang;Jean-Pierre Seifert;Onur Acıiçmez
Affiliations:
Samsung Information Systems America, San Jose, CA;Deutsche Telekom Laboratories and Technical University of Berlin;Samsung Information Systems America, San Jose, CA
Venue:
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Year:
2010

Citing 13
Cited 3

The SeaView Security Model

IEEE Transactions on Software Engineering
LOMAC: MAC You Can Live With

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Integrating Flexible Support for Security Policies into the Linux Operating System

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Symbian OS Platform Security

Symbian OS Platform Security
PRIMA: policy-reduced integrity measurement architecture

Proceedings of the eleventh ACM symposium on Access control models and technologies
Proactive security for mobile messaging networks

WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
SmartSiren: virus detection and alert for smartphones

Proceedings of the 5th international conference on Mobile systems, applications and services
Usable Mandatory Integrity Protection for Operating Systems

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Measuring integrity on mobile phone systems

Proceedings of the 13th ACM symposium on Access control models and technologies
Detecting energy-greedy anomalies and mobile malware variants

Proceedings of the 6th international conference on Mobile systems, applications, and services
Intelligent virus detection on mobile devices

Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Understanding Android Security

IEEE Security and Privacy
Using labeling to prevent cross-service attacks against smart phones

DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment

L4Android: a generic operating system framework for secure smartphones

Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Practical and lightweight domain isolation on Android

Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies

SEC'13 Proceedings of the 22nd USENIX conference on Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

SEIP is a simple and efficient but yet effective solution for the integrity protection of real-world cellular phone platforms, which is motivated by the disadvantages of applying traditional integrity models on these performance and user experience constrained devices. The major security objective of SEIP is to protect trusted services and resources (e.g., those belonging to cellular service providers and device manufacturers) from third party code. We propose a set of simple integrity protection rules based upon open mobile operating system environments and respective application behaviors. Our design leverages the unique features of mobile devices, such as service convergence and limited permissions of user installed applications, and easily identifies the borderline between trusted and untrusted domains on mobile platform. Our approach thus significantly simplifies policy specifications while still achieves a high assurance of platform integrity. SEIP is deployed within a commercially available Linux-based smartphone and demonstrates that it can effectively prevent certain malware. The security policy of our implementation is less than 20kB, and a performance study shows that it is lightweight.