LOMAC: Low Water-Mark Integrity Protection for COTS Environments
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
SubDomain: Parsimonious Server Security
LISA '00 Proceedings of the 14th USENIX conference on System administration
SELinux: NSA's Open Source Security Enhanced Linux
SELinux: NSA's Open Source Security Enhanced Linux
Hi-index | 0.00 |
Recently, it becomes increasingly important to secure user private data in mobile devices. To protect user private data, one possible approach is to implement a secure file storage in the mobile devices based on mandatory access control (MAC), but the device manufacturers seldom implement it because of high pressure of time-to-market, frequent version upgrade of the operating system, and no unanimous agreement in the MAC standard software. In this paper, we propose an implementation study of a secure file storage, called a ghost drive, which can facilitate the implementation of MAC in the mobile devices by unburdening the manufacturers from aggressive instrumentation of the whole operating system. Since our implementation is in form of a loadable kernel module, separated from the main kernel, it can be deployed even to commercial mobile devices already in use by installing it over the air. Our experiments show that the performance of our secure storage implementation is not worse than the original unmodified implementation.