Crossover: secure and usable user interface for mobile devices with multiple isolated OS personalities

Authors:
Matthias Lange;Steffen Liebergeld
Affiliations:
Technische Universität Berlin;Technische Universität Berlin
Venue:
Proceedings of the 29th Annual Computer Security Applications Conference
Year:
2013

Citing 10
Cited 0

Rootkits on smart phones: attacks, implications and opportunities

Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications
A methodology for empirical analysis of permission-based security models and its application to android

Proceedings of the 17th ACM conference on Computer and communications security
Towards a trusted mobile desktop

TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
The VMware mobile virtualization platform: is that a hypervisor in your pocket?

ACM SIGOPS Operating Systems Review
Virtualizing embedded systems: why bother?

Proceedings of the 48th Design Automation Conference
A study of android application security

SEC'11 Proceedings of the 20th USENIX conference on Security
Cells: a virtual mobile smartphone architecture

SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Delivering secure applications on commercial mobile devices: the case for bare metal hypervisors

Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
L4Android: a generic operating system framework for secure smartphones

Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Practical and lightweight domain isolation on Android

Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices

Quantified Score

Hi-index	0.00

Visualization

Abstract

Bring your own device policies allow private phones to be used in corporate environments. Solutions with multiple operating system personalities aim at solving the tension between the user's needs and the corporate's security policies. These solutions succeed at isolating personal and corporate information at the data level. But thorough research of the security requirements on the user interface to handle different environments on one device is missing. In this work we define a threat model and derive the pre-requisites for a practical and secure user interface for mobile devices. We designed an UI framework which provides the mechanisms to handle multiple environments on a mobile device. Our design is applicable to several different virtualization solutions. We implemented a prototype that runs on a real device and evaluated it in terms of usability and security.