Virtualisation on Mobile Devices · The 2 VPs are completely separated / Isolated VPs can be...
12
Virtualisation on Mobile Devices {Hugo Marques, Nuno Conceição, Luis Pereira}
Transcript of Virtualisation on Mobile Devices · The 2 VPs are completely separated / Isolated VPs can be...
Virtualisation on Mobile Devices{Hugo Marques, Nuno Conceição, Luis Pereira}
Security Approaches for the Mobile Platform
(Mobi)Trust is the “...expectation that a device will behave in a particular manner for a specific purpose”
In a nutshell
TPMTrusted Platform Module
SESecure Elements
Hypervisors & Virtualisation
TEETrusted Execution Environments
HCE +Host Card Emulation
E3Encrypted Execution Environment
Trust technologies, in designing & deploying secure computing
[source: Trusted Computing Group (TCG)]
Containerslightweight virtualization
Why Mobile Virtualisation?
▪ Mobile devices are used for different purposes, some conflicting, for example:
• Gaming and work
• Private use vs Professional use
▪ Mobile virtualization has the potential to allow users to run multiple virtual mobile instances on one physical device;
• Each instance dedicated for a different usage;
• Each instance customized and completely isolated from one another.
▪ So, why did large scale virtualization deployment on the mobile devices failed till now?
• The vast majority of virtualisation solutions followed server virtualization technologies;
• The result was a under performing device (high energy, CPU and memory consumption);
• Leading to an overall poor user experience.
Virtualization of the Mobile platform
▪ Type 1 hypervisor: The hypervisor runs directly on the hardware.
• Given there are enough resources, it has an outstanding performance , nevertheless it incurs in increased CPU, memory and energy consumption, since each virtual machine runs its own full kernel and operating system instance
▪ Type 2 hypervisor: the hypervisor runs on an operating system
• Very good performance with lower overhead (certain portions of the host kernel and operating system instance are shared)
The 2 main virtualisation approaches for Android
[source: Oren Laadan, “Multi-Persona Android”, Android Builders 2014]
Har
dw
are
Vir
tual
isat
ion
No
Vir
tual
isat
ion
OS
Vir
tual
isat
ion
Virtualization of the Mobile platform
▪ 1 virtual phone (VP) running in the Foreground
▪ 1 (for now) VP running in the background.
▪ The 2 VPs are completely separated / Isolated
▪ VPs can be configured tohave:
• No access
• Shared access
• Exclusive access
The Mobitrust approach
The results suggest no noticeable performance difference between the operation of the mobile device with multiple VPs when compared to native device operation
DEMO Video
Thank you for your attention
Backup slides
Virtualization of the Mobile platform
▪ Cells: Lightweight Virtual Smartphones / Columbia Uniersity
▪ Cellrox (based on Cells)
▪ Condroid
▪ Divide Enterproid / Google
▪ Kernel-based Virtual Machine (KVM)
▪ OKL4 Microvisor / OK Labs / General Dynamics
▪ Red Bend / Harman
▪ Trango
▪ VMware Horizon Mobile
▪ Xen Project
Virtualisation solutions tested on the mobile platform
Security Approaches for the Mobile Platform
Secure Element (SE)
Security Approaches for the Mobile Platform
▪ In a nutshell a Secure Element (SE) is a tamper-resistant storage area guarded by strong cryptography.
• It is resilient against physical attacks
• It is somewhat constrained in execution processing capabilities.
▪ In contrast to TPMs, SEs are able to execute secure code and not limited to performing only cryptographic operations.
▪ However: all apps must rely on the same OS services to present information on the screen or receive input from the keyboard.
• Malicious code can potentially intercept information as it’s presented on the screen or typed into the keyboard
Secure Element (SE)
Security Approaches for the Mobile Platform
▪ The TEE is a secure area of the main processor in a device (e.g., smartphone) and ensures that sensitive data is stored, processed and protected in an isolated, trusted environment.
▪ The TEE isolates the code execution from the rest of the system by using hardware capabilities of the platform and it protects the data stored within the TEE from attacks by an external software.
• However TEE is not tamper resistant
• The downside to the TEE (or firmware TPM) is that now the TPM is dependent on many additional aspects to keep it secure, including the TEE operating system, bugs in the application code running in the TEE, etc.
Trusted Execution Environments (TEE)
