Taming the Robots - Enhancing Security of Mobile Devices with Multiple Personalities

Presented at ToorCon San Diego 14 (2012), Oct. 20, 2012, 5 p.m. (50 minutes).

Smartphones and tablet devices became many people's primary hub to manage their digital life. There is a recent trend to use privately owned mobile devices in corporate environments which poses (BYOD) serious threats on the security of corporate data. Previous research has shown that current mobile operating systems are not secure. However, a secure platform is mandatory for future BYOD and other emerging applications such as micropayment.

Instead of trying to harden Android, we developed a secure system architecture to run trusted and non-trusted software side-by-side. We apply an efficient sandboxing mechanism to the Android software stack that allows us to run multiple instances of Android in strictly isolated partitions. This architecture enables us to introduce powerful security features to Android such as out-of-band security analysis or mandatory transparent data encryption.

In this talk we present our microkernel based security architecture. We will give details on how we sandboxed Android while retaining good performance. Special attention is given on how our architecture enforces strict resource isolation and access control. Finally we will present some examples how this architecture is used to improve Android security.


Presenters:

  • Matthias Lange
    - graduated from university with Master in computer science in 2007 - worked in the industry for two years in the area of embedded systems software - security researcher at TU Berlin, Germany since 2009 with emphasis on secure system architectures on embedded systems and mobile virtualization

Similar Presentations: