Property-based attestation for computing platforms: caring about properties, not mechanisms
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
A Software-Based Trusted Platform Module Emulator
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Stealthy video capturer: a new video-based spyware in 3G smartphones
Proceedings of the second ACM conference on Wireless network security
Defending against sensor-sniffing attacks on mobile phones
Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
A flexible software development and emulation framework for ARM trustzone
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Hi-index | 0.00 |
We propose a new attestation approach for the Android platform that integrates Trusted Computing concepts and Android's permission-based access control features. Recent research in the field of mobile security has shown that malware is a real threat. Trusted Computing in general and especially the concept of remote attestation can be leveraged to counter both the dissemination and the potential impact of such malware. However, current attestation approaches are not well suited for mobile platforms and crucial Trusted Computing components are still missing for them. Our approach introduces the necessary Trusted Computing building blocks for the Android platform. Furthermore, we detail how the permissions that are used by an Android phone's installed apps can be attested to a remote party at runtime. Additionally, we highlight areas that are subject of future work.