TUM Logo

Fraunhofer-Gesellschaft A secure architecture for operating system-level virtualization on mobile devices

In this paper, we present a novel secure architecture for OS-level virtualization on mobile devices. OS-level virtualization allows to simultaneously operate multiple userland OS instances on one physical device. Compared to previous approaches, our main objective is the confidentiality of sensitive user data stored on the device. We isolate the OS instances by restricting them to a set of minimal, controlled functionality and allow communication between components exclusively through well-defined channels. With our secure architecture, we therefore go beyond the common deployment of Linux kernel mechanisms, such as namespaces or cgroups. We develop a specially tailored, stacked LSM concept using SELinux and a custom LSM, leverage Linux capabilities and the cgroups devices subsystem. Based on the architecture, we present secure device virtualization concepts allowing to dynamically assign device functionalities to different OS instances. Furthermore, we develop a mechanism for secure switching between the instances. We realize the architecture with a fully functional and performant implementation on the Samsung Galaxy S4 and Nexus 5 mobile devices, running Android 4.4.4 and 5.1.1, respectively. With a systematic security evaluation, we demonstrate that the secure isolation of OS instances provides confidentiality even when large parts of the system are compromised.

Fraunhofer-Gesellschaft A secure architecture for operating system-level virtualization on mobile devices

Information security and cryptology. 11th international conference, Inscrypt 2015

Authors: Manuel Huber, Julian Horsch, Michael Velten, Michael Weiss, and Sascha Wessel
Year/month: 2015/11
Booktitle: Information security and cryptology. 11th international conference, Inscrypt 2015
Pages: 430-450
Address: Beijing, China
Oranization: Springer International Publishing
Fulltext: click here

Abstract

In this paper, we present a novel secure architecture for OS-level virtualization on mobile devices. OS-level virtualization allows to simultaneously operate multiple userland OS instances on one physical device. Compared to previous approaches, our main objective is the confidentiality of sensitive user data stored on the device. We isolate the OS instances by restricting them to a set of minimal, controlled functionality and allow communication between components exclusively through well-defined channels. With our secure architecture, we therefore go beyond the common deployment of Linux kernel mechanisms, such as namespaces or cgroups. We develop a specially tailored, stacked LSM concept using SELinux and a custom LSM, leverage Linux capabilities and the cgroups devices subsystem. Based on the architecture, we present secure device virtualization concepts allowing to dynamically assign device functionalities to different OS instances. Furthermore, we develop a mechanism for secure switching between the instances. We realize the architecture with a fully functional and performant implementation on the Samsung Galaxy S4 and Nexus 5 mobile devices, running Android 4.4.4 and 5.1.1, respectively. With a systematic security evaluation, we demonstrate that the secure isolation of OS instances provides confidentiality even when large parts of the system are compromised.

Bibtex:

@inproceedings { Huber2015,
author = { Manuel Huber and Julian Horsch and Michael Velten and Michael Weiss and Sascha Wessel},
title = { Fraunhofer-Gesellschaft A secure architecture for operating system-level virtualization on mobile devices },
year = { 2015 },
month = { November },
booktitle = { Information security and cryptology. 11th international conference, Inscrypt 2015 },
address = { Beijing, China },
pages = { 430-450 },
organization = { Springer International Publishing },
url = { https://link.springer.com/chapter/10.1007%2F978-3-319-38898-4_25 },

}