laying a secure foundation for mobile devices
play

Laying a Secure Foundation for Mobile Devices Stephen Smalley - PowerPoint PPT Presentation

Mar 13, 2024 •384 likes •775 views

Laying a Secure Foundation for Mobile Devices Stephen Smalley Trusted Systems Research National Security Agency Trusted Systems Research Trusted Systems Research Conduct and sponsor research to provide information assurance for national

  1. Laying a Secure Foundation for Mobile Devices Stephen Smalley Trusted Systems Research National Security Agency

  2. Trusted Systems Research Trusted Systems Research ● Conduct and sponsor research to provide information assurance for national security systems. ● Enabling safe operation in risky or compromised environments. ● Research into cryptographic algorithms and protocols, system analysis and design methods, trust mechanisms, and systems behavior. ● Creators of SE Linux, Xen Security Modules, Linux Kernel Integrity Monitor, and SE Android. 2

  3. Our Motivation Our Motivation ● Increasing demand to use mobile devices. ● NSA Mobility Program ● Desire to use commodity solutions. ● NSA Commercial Solutions for Classified (CSfC) ● Risks posed by currently available solutions. ● Exploitation over wireless, radio, NFC, ... ● Data Leakage ● Application privilege escalation 3

  4. Why It Matters for Everyone Why It Matters for Everyone ● Explosion in mobile malware. ● Rapid growth, increasing sophistication. ● Increasing market drivers for mobile device attacks. ● Payment, banking, remote control. ● BYOD trend for corporate/enterprise use. ● Increasing use of mobile platforms in non-traditional venues, including safety-critical. ● It isn't just a problem for government use. 4

  5. A Step in the Right Direction A Step in the Right Direction ● NSA Security Enhanced (SE) Android project. ● Identify and address critical gaps in the security of Android. ● Why Android? ● Open source platform: suitable for a reference implementation accessible to anyone. ● Broad market adoption: opportunity to improve the security of a widely used mobile platform. 5

  6. Android Security Concerns Android Security Concerns ● Weak separation. Apps ● Prone to privilege Browser Email Contacts Phone escalation. ● Lack of support for Android enforcing Linux organizational Hardware security goals. 6

  7. Secure Solutions on Android Secure Solutions on Android Security Concerns Apps ● Exposure of secrets. Thin VOIP VPN DAR ● Protection of app Client mechanisms and Android configurations. Linux ● No guaranteed Hardware invocation. 7

  8. Building on a Solid Foundation Building on a Solid Foundation ● Critical role of operating system protection mechanisms in supporting higher level security goals. The Inevitability of Failure: The Flawed Assumption of Security ● in Modern Computing Environments, 21 st NISSC, Oct 1998. Flexible Mandatory Access Control (MAC) as a key mechanism ● ● SE Linux as a well-established foundation for mitigating threats posed by flawed and malicious applications. 8

  9. SE Android Enhancements ● Kernel Mandatory Access Control (MAC). ● SELinux-based. ● Root exploits are no longer fatal. ● Apps can be strongly separated. ● Middleware Mandatory Access Control (MMAC). ● Taking Android permissions out of the hands of users and apps. 9

  10. Effective Against Root Exploits Vulnerable Apps ● GingerBreak ● Skype ● Exploid ● Lookout Mobile Security ● Zimperlich ● Opera Mobile ● RageAgainstTheCage ● Mempodroid ● KillingInTheNameOf 10

  11. SE Android: Security Benefits Apps ✔ Strong separation of apps. ✔ Prevents privilege Thin VOIP VPN DAR escalation by apps. Client ✔ Enforces organizational SEAndroid security goals. ✔ Protects app mechanisms SELinux & configurations. Hardware 11

  12. SE Android: Residual Risks ➢ Kernel vulnerability. Apps ➢ Platform component vulnerability. Thin VOIP VPN DAR ➢ Loading an Client unauthorized OS / SEAndroid configuration. SELinux Hardware 12

  13. Addressing the Risks ● Requires mechanisms outside the scope of what any operating system mechanism can provide. ● Cannot be addressed via SE Android. ● Also true for SE Linux (or any other secure OS). ● Two key enablers emerged in commodity PC hardware: ● Virtualization ● Trusted Computing 13

  14. Secure Virtual Platform (SVP) ● NSA research program dating back to circa 2002. ● Explored the use of emerging hardware support for virtualization and trusted computing to address these same kinds of concerns for SE Linux. ● Investigated application of virtualization and trusted computing to construct an overall secure system architecture. 14

  15. Basic Virtualization Apps Security Benefits Apps Thin ✔ Guest kernel vulnerability VPN Apps Client Thin VPN SEAndroid Client Thin contained to single VM. VPN Client SELinux SEAndroid ✔ Isolated environments via SEAndroid SELinux VM-1 SELinux separate VMs. VM-2 VM-3 VMM Hardware 15

  16. Secure Virtualization Apps Security Benefits Apps Thin ✔ Platform component VPN Apps Client Thin VPN vulnerability contained to SEAndroid Client Thin VPN Client SELinux SEAndroid single VM. SEAndroid SELinux VM-1 ✔ VM interactions and SELinux VM-2 VM-3 privileges controlled by MAC policy. VMM Hardware 16

  17. Virtualization for Security Security Benefits Storage Apps DAR Driver ✔ Driver isolation. Thin VM-4 VM-5 Client ✔ Protection of security SEAndroid services. Wireless SELinux VPN ✔ Assured invocation of Driver VM-1 VM-2 VM-3 security services. VMM Hardware 17

  18. Virtualization instead of SE Android? ● Virtualization does not eliminate the need for a secure OS. ● Unable to enforce security goals within guest OS. ● Does not address need for controlled sharing. ● Does not protect the data as it is being processed. ● Still need to protect shared services & control plane. ● Limited scalability and flexibility. 18

  19. Trusted Computing Security Benefits Apps ✔ Verifiable, trustworthy report of loaded software & Thin VOIP VPN DAR configuration. Client ✔ Protection of long term SEAndroid secrets from leakage or misuse by unauthorized SELinux software. Hardware TPM RTM ✔ Hardware roots of trust. 19

  20. Trusted Computing & Virtualization Security Benefits ✔ Extend same benefits to Apps each VM. LKIM SEAndroid ✔ Scalable measurement & SELinux VM-1 VM-2 vTPM attestation. vTPM ✔ Runtime integrity measurement of VMs. VMM RTM TPM Hardware 20

  21. Trusted Computing instead of SE Android? ● Trusted Computing ≠ Secure Computing. ● Does not remove vulnerabilities in design or implementation. ● Provides a way to validate system assumptions for secure computing. ● Did the device boot the expected secure OS? ● Is the secure OS running in the expected state? ● Not a substitute for a secure OS. 21

  22. SVP Technology Transfer ● Some SVP concepts and code contributed to open source. ● Xen Security Modules / Flask, vTPM, Linpicker ● openAttestation ● Partial realization in commercial products and solutions. ● XenClient XT product ● AFRL SecureView solution 22

  23. XenClient XT/SecureView XenClient XT/SecureView Guest OS Dom0 Guest OS (Linux, UIVM (Linux, Windows) Windows) Network NILFVM Driver Domain Xen with Xen Security Modules / Flask Hardware TPM RTM 23

  24. SVP: Going Mobile ● Originally implemented on PC hardware. ● Able to leverage PC hardware primitives for virtualization and trusted computing. ● Including TPM, RTM, IOMMU capabilities. ● Directly transferred to laptops. ● Being leveraged in real solutions. ● Successfully ported to x86-based tablets. 24

  25. Tablet (x86) Architecture Tablet (x86) Architecture Dom0 INE Wireless SE Android Driver Domain VPN VPN2 Xen with XSM RTM Hardware TPM 25

  26. SVP for ARM: Virtualization ● Leveraging OKL4 microvisor for para- virtualization. ● Looking ahead to ARM virtualization extensions. 26

  27. OKL4-based Architecture 27

  28. Concerns with ARM virtualization ● Lack of mature, deployed virtualization solutions for ARM. ● Need for OEM cooperation. ● Frequent lack of IOMMU support. ● Static configuration of VMs. 28

  29. SVP for ARM: Trusted Computing ● TrustZone as the likely foundation. ● Becoming more commonly available. ● Provides support for isolated execution and protected storage. ● Possible to tie to hardware root of trust. ● Possible place to host a MTM. 29

  30. TrustZone Source: www.arm.com/products/processors/technologies/trustzone.php 30

  31. Concerns with TrustZone ● No measured launch or attestation for secure monitor and secure world OS. ● Lack of widely available MTM implementations with standard APIs. ● Lack of / unclear state of separation of trusted applications. ● Lack of public details on many aspects of implementation important to security. ● Variability across hardware. 31

  32. TrustZone instead of SE Android? ● Cannot address all security concerns of interest. ● Cannot protect data as it is being processed within the normal world. ● Similar to discussion of virtualization. ● Trying to address all security concerns via TrustZone will only lead to functional and API bloat, making it less secure. ● Also requires secure OS functionality for the secure world. 32

  33. TrustZone instead of Virtualization? ● Only supports secure world vs non-secure world partitioning. ● Cannot support multiple VM architecture for security. ● Would likewise end up pushing too much functionality into TrustZone secure world. 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Push-Email And Mobile enforcement of company policies, secure access Devices In The Enterprise

Push-Email And Mobile enforcement of company policies, secure access Devices In The Enterprise

in case it gets lost or stolen, enterprises also require easy administration, patching, Push-Email And Mobile enforcement of company policies, secure access Devices In The Enterprise to corporate resources etc. These requirements become more

545 views • 9 slides
Localization ocalization of mobile devices of mobile devices L Seminar: Mobile Computing IFW

Localization ocalization of mobile devices of mobile devices L Seminar: Mobile Computing IFW

Localization ocalization of mobile devices of mobile devices L Seminar: Mobile Computing IFW C42 Tuesday, 29th May 2001 Roger Zimmermann Overview Overview Introduction Why Technologies Absolute Positioning Relative

314 views • 30 slides
MOBICEAL: TOWARDS SECURE AND PRACTICAL PLAUSIBLY DENIABLE ENCRYPTION ON MOBILE DEVICES Bing

MOBICEAL: TOWARDS SECURE AND PRACTICAL PLAUSIBLY DENIABLE ENCRYPTION ON MOBILE DEVICES Bing

MOBICEAL: TOWARDS SECURE AND PRACTICAL PLAUSIBLY DENIABLE ENCRYPTION ON MOBILE DEVICES Bing Chang, Fengwei Zhang, Bo Chen, Yingjiu Li, Wen- Tao Zhu, Yangguang Tian, Zhan Wang and Albert Ching OVERVIEW 1. What is Plausibly Deniable Encryption

657 views • 28 slides
AdHocPairing Spontaneous audio based secure device pairing for Android mobile devices Stephan

AdHocPairing Spontaneous audio based secure device pairing for Android mobile devices Stephan

Information Systems Architecture Science Research Division AdHocPairing Spontaneous audio based secure device pairing for Android mobile devices Stephan Sigg, Ngu Nguyen, An Huynh and Yusheng Ji iwssi 2012, 18.06.2012, Newcastle Motivation

349 views • 12 slides
Secure Architecture and Secure Architecture and Implementation of Xen Xen on ARM on ARM

Secure Architecture and Secure Architecture and Implementation of Xen Xen on ARM on ARM

Secure Architecture and Secure Architecture and Implementation of Xen Xen on ARM on ARM Implementation of for Mobile Devices for Mobile Devices Sang- -bum bum Suh Suh Sang sbuk.suh@samsung.com sbuk.suh@samsung.com SW Laboratories SW

598 views • 48 slides
Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users web browser on mobile device in WiFi communication to attack victims. Hackers send

464 views • 30 slides
A Lightweight Secure Cyber Foraging Infrastructure for Resource-Constrained Devices Sachin Goyal

A Lightweight Secure Cyber Foraging Infrastructure for Resource-Constrained Devices Sachin Goyal

A Lightweight Secure Cyber Foraging Infrastructure for Resource-Constrained Devices Sachin Goyal and John Carter School of Computing University of Utah 1 Todays Computing Environments Small, embedded, mobile devices Ubiquitous

245 views • 22 slides
A Community Where You Belong Laying The Foundation For The Next 100 Years Our First 100 Years

A Community Where You Belong Laying The Foundation For The Next 100 Years Our First 100 Years

A Community Where You Belong Laying The Foundation For The Next 100 Years Our First 100 Years The Indiana Masonic Home was established to care for widows and orphaned children of Masons in 1915. Through the years, the community grew and demand

402 views • 25 slides
Secure Mobile Mobile Gambling Gambling Secure RSA Conference 2001 San Francisco,

Secure Mobile Mobile Gambling Gambling Secure RSA Conference 2001 San Francisco,

Secure Mobile Mobile Gambling Gambling Secure RSA Conference 2001 San Francisco, California, April 2001 Markus Jakobsson David Pointcheval David Pointcheval Adam Young Dept dInformatique Lockheed Martin Bell Laboratories Lucent

429 views • 7 slides
Laying a Solid Foundation for Learning: Lessons from the Kom MLE Project in Cameroon Paul

Laying a Solid Foundation for Learning: Lessons from the Kom MLE Project in Cameroon Paul

Laying a Solid Foundation for Learning: Lessons from the Kom MLE Project in Cameroon Paul FrankSIL LEAD and SIL International What is MLE? Mother tongue-based multilingual education (MTB- MLE or just MLE) Using the childs

375 views • 19 slides
Thank you! Type on your phones: WWW.SLIDO.COM Join with Event Code #C419 Laying the Foundation:

Thank you! Type on your phones: WWW.SLIDO.COM Join with Event Code #C419 Laying the Foundation:

Questions for our Speakers Thank you! Type on your phones: WWW.SLIDO.COM Join with Event Code #C419 Laying the Foundation: Trends that will shape the future. PEGGY VAN DE PLASSCHE MANAGING PARTNER, 113 VENTURES 4 Digital

507 views • 22 slides
Laying the Foundation for the Future of Higher Education in Texas Higher Education Strategic

Laying the Foundation for the Future of Higher Education in Texas Higher Education Strategic

Laying the Foundation for the Future of Higher Education in Texas Higher Education Strategic Planning Committee Recommendations Closing the Gaps by 2015 Progress on the four broad goals Participation : On track for 2014 target. Need about

323 views • 17 slides
Mobile Devices Mobile Devices NAGTRI Webinar Series NCJRL / NAAG Objectives Objectives

Mobile Devices Mobile Devices NAGTRI Webinar Series NCJRL / NAAG Objectives Objectives

Mobile Devices Mobile Devices NAGTRI Webinar Series NCJRL / NAAG Objectives Objectives Identify mobile devices Identify mobile devices Learn how mobile devices obtain and transmit information transmit information Identify

863 views • 68 slides
devices Im going to be talking about how we hold and interact our mobile devices And how

devices Im going to be talking about how we hold and interact our mobile devices And how

Im going to be introducing you to ergonomics More specifically ergonomics in terms of designing touch interfaces for mobile devices Im going to be talking about how we hold and interact our mobile devices And how you can use

1.12k views • 62 slides
Laying the Foundation for Complete Streets, September 25, 2015 Complete Streets from NHDOTs

Laying the Foundation for Complete Streets, September 25, 2015 Complete Streets from NHDOTs

Laying the Foundation for Complete Streets, September 25, 2015 Complete Streets from NHDOTs Perspective: Big Projects Lane Space Re-allocation William Oldenburg, Asst. Director of Project Development US 302/NH 10, Littleton, NH

664 views • 35 slides
SECTORAL DEBATE PRESENTATION Laying the Foundation Providing the Solutions Preparing for

SECTORAL DEBATE PRESENTATION Laying the Foundation Providing the Solutions Preparing for

SECTORAL DEBATE PRESENTATION Laying the Foundation Providing the Solutions Preparing for the Future . THE HONOURABLE DR. MORAIS GUY, MP MINISTER WITHOUT PORTFOLIO (HOUSING) MINISTRY OF TRANSPORT, WORKS & HOUSING May 21, 2013 I

572 views • 32 slides
Chapter 1 Historical Elements how did we get here? Key Chapter Questions What are the

Chapter 1 Historical Elements how did we get here? Key Chapter Questions What are the

Game Development Essentials: An Introduction Third Edition Chapter 1 Historical Elements how did we get here? Key Chapter Questions What are the significant milestones in the history of electronic game development? Who are game

513 views • 29 slides
Department of Transportation State Highway Administration Report dated November 15, 2012

Department of Transportation State Highway Administration Report dated November 15, 2012

Department of Legislative Services Office of Legislative Audits Department of Transportation State Highway Administration Report dated November 15, 2012 Department of Legislative Services Office of Legislative Audits Audit Overview The

711 views • 14 slides
State Sales Tax in the Digital Economy: Navigating Electronic Taxability and the Factor Presence

State Sales Tax in the Digital Economy: Navigating Electronic Taxability and the Factor Presence

FOR LIVE POGRAM ONLY State Sales Tax in the Digital Economy: Navigating Electronic Taxability and the Factor Presence Rule Determining When and Where Your Services and Products Trigger Liability THURSDAY , JANUARY 26, 2017, 1:00-2:50 pm Eastern

1.03k views • 76 slides
Teacher Rewards Program 2018 - 2019 RITE Teacher Rewards 2018 2019 Auburn Career Center

Teacher Rewards Program 2018 - 2019 RITE Teacher Rewards 2018 2019 Auburn Career Center

Teacher Rewards Program 2018 - 2019 RITE Teacher Rewards 2018 2019 Auburn Career Center Laura Ciszewski Participated in: Mobile Applications/Technology World Wide Classroom Information High School Tech Camp (provided Student

425 views • 19 slides
The Ecosan Source Book, Tool Box and Data Sheet- GTZ Information Support for Ecological Sanitation

The Ecosan Source Book, Tool Box and Data Sheet- GTZ Information Support for Ecological Sanitation

The Ecosan Source Book, Tool Box and Data Sheet- GTZ Information Support for Ecological Sanitation Christine Werner, Florian Klingel, Patrick Bracken Deutsche Gesellschaft fr Technische Zusammenarbeit (GTZ) GmbH ecological sanitation

677 views • 16 slides
ENVIRONMENTALLY SUSTAINABLE TRANSPORT (EST) FORUM IN ASIA 2-5 OCTOBER 2018, ULAANBAATAR,

ENVIRONMENTALLY SUSTAINABLE TRANSPORT (EST) FORUM IN ASIA 2-5 OCTOBER 2018, ULAANBAATAR,

ELEVENTH REGIONAL ENVIRONMENTALLY SUSTAINABLE TRANSPORT (EST) FORUM IN ASIA 2-5 OCTOBER 2018, ULAANBAATAR, MONGOLIA PRESENTATION OF MALDIVES CONTENTS 1. MALDIVES PROFILE 2. TRANSPORTATION IN MALDIVES 3. WORK TOWARDS A SUSTAINABLE

910 views • 34 slides
Building Bridges to Success: Building Bridges to Success: Empowering American Indian Males

Building Bridges to Success: Building Bridges to Success: Empowering American Indian Males

Building Bridges to Success: Building Bridges to Success: Empowering American Indian Males Empowering American Indian Males Empowering American Indian Males Empowering American Indian Males Maricopa Community Colleges Maricopa Community Colleges

516 views • 32 slides
BACK IN TIME: BACK IN TIME: WHAT WOULD YOU DO? WHAT WOULD YOU DO? Gro Group 1: up 1: You are

BACK IN TIME: BACK IN TIME: WHAT WOULD YOU DO? WHAT WOULD YOU DO? Gro Group 1: up 1: You are

BACK IN TIME: BACK IN TIME: WHAT WOULD YOU DO? WHAT WOULD YOU DO? Gro Group 1: up 1: You are a group of people split equally between males and females that mostly descend from a common, recent, ancestor (great-great grandfather,

617 views • 13 slides

More recommend