Cleanos: Limiting mobile data exposure with idle eviction

Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012

Volumn , Issue , 2012, Pages 77-91

  Tang, Yang ^a   Ames, Phillip ^a   Bhamidipati, Sravan ^a   Bijlani, Ashish ^a   Geambasu, Roxana ^a   Sarda, Nikhil ^a  

^a Howard Hughes Medical Institute   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANDROID (OPERATING SYSTEM); MOBILE TELECOMMUNICATION SYSTEMS; RANDOM ACCESS STORAGE; SYSTEMS ANALYSIS;

CLEAN ENVIRONMENT; CLOUD-BASED; MOBILE APPLICATIONS; MOBILE DATA; SENSITIVE DATAS; SENSITIVE INFORMATIONS; STABLE STORAGE; TRACKING SYSTEM;

MOBILE SECURITY;

EID: 84889034552     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (42)

1. R. Anderson and M. Kuhn. Tamper resistance: A cautionary note. In Proc. of the USENIX Workshop on Electronics Commerce, 1996.
2. Android Developers Blog. Avoiding memory leaks. android-developers.blogspot.com/2009/01/avoiding-memory-leaks.html, 2009.
3. Apple iCloud. Find my iPhone, iPad, and Mac. www.apple.com/icloud/features/find-my-iphone.html, 2012.
4. D. Boneh and R. Lipton. A revocable backup system. In Proc. of USENIX Security, 1996.
5. S. Chen, M. Kozuch, T. Strigkos, and et.al. Flexible hardware acceleration for instruction-grain program monitoring. In Proc. of the Annual International Symposium on Computer Architecture (ISCA), 2008.
6. J. Chow, B. Pfaff, T. Garfinkel, and M. Rosenblum. Shredding your garbage: Reducing data lifetime through secure deallocation. In Proc. of USENIX Security, 2005.
7. M. D. Corner and B. D. Noble. Zero-interaction authentication. In Proc. of the ACM Annual International Conference on Mobile Computing and Networking, 2002.
8. M. D. Corner and B. D. Noble. Protecting applications with transient authentication. In Proc. of the International Conference on Mobile Systems, Applications, and Services (MobiSys), 2003.
9. L. P. Cox and P. Gilbert. Redflag: Reducing inadvertent leaks by personal machines. Technical Report TR-2009-02, Duke University, 2009.
10. A. M. Dunn, M. Z. Lee, S. Jana, S. Kim, M. Silberstein, Y. Xu, V. Shmatikov, and E. Witchel. Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels. In Proc. of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2012.
11. EncFS. www.arg0.net/encfs, 2010.
12. W. Enck, P. Gilbert, B. gon Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proc. of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2010.
13. Federal Communications Commission. Announcement of new initiatives to combat smartphone and data theft. www.fcc.gov/document/announcement-new-initiativescombat-smartphone-and-data-theft, 2012.
14. Future of Privacy Forum, Center for Democracy & Technology. Best practices for mobile applications developers. www.futureofprivacy.org/wp-content/uploads/Apps-Best-Practices-v-beta.pdf, 2011.
15. R. Geambasu, J. P. John, S. D. Gribble, T. Kohno, and H. M. Levy. Keypad: An auditing file system for theft-prone devices. In Proc. of the ACM European Conference on Computer Systems (EuroSys), 2011.
16. R. Geambasu, T. Kohno, A. Levy, and H. M. Levy. Vanish: Increasing data privacy with self-destructing data. In Proc. of USENIX Security, 2009.
17. Google Inc. MonkeyRunner. developer.android.com/tools/ help/monkeyrunner_concepts.html, 2012.
18. Google Inc. Two-step verification. support.google.com/ accounts/bin/topic.py?hl=en&topic=28786, 2012.
19. J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest we remember: Cold boot attacks on encryption keys. In Proc. of USENIX Security, 2008.
20. Imperva. Consumer password practices. www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf, 2010.
21. Intel Corporation. Laptop security with Intel Anti-Theft technology. www.intel.com/content/www/us/en/architecture- and-technology/anti-theft/anti-theft-general-technology.html, 2012.
22. H. Krawczyk and P. Eronen. HMAC-based extract-and-expand key derivation function (HKDF). tools.ietf.org/html/ rfc5869, 2010.
23. D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. In Proc. of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2000.
24. Lookout Mobile Security. Lost and found: The challenges of finding your lost or stolen phone. blog.mylookout.com/ blog/2011/07/12/lost-and-found-the-challenges-of-finding-your-lost-or-stolen-phone, 2011.
25. P. MacKenzie and M. Reiter. Networked cryptographic devices resilient to capture. In Proc. of USENIX Security, 2001.
26. Microsoft Corporation. Windows 7 BitLocker executive overview. technet.microsoft.com/en-us/library/dd548341(WS.10) .aspx, 2009.
27. Microsoft Corporation. Create strong passwords. www.microsoft.com/security/online-privacy/passwordscreate.aspx, 2012.
28. M. Milian. U.S. government, military to get secure Android phones. www.cnn.com/2012/02/03/tech/mobile/government-android-phones/index.html, 2012.
29. J. Nielsen. Usability Engineering. Morgan Kaufmann, 1994.
30. R. Perlman. File system design with assured delete. In Proc. of the Annual Network and Distributed System Security Symposium (NDSS), 2007.
31. P. A. H. Peterson. Cryptkeeper: Improving security with encrypted RAM. In Proc. of the IEEE International Conference on Technologies for Homeland Security (HST), 2010.
32. Ponemon Institute. The lost smartphone problem. www.mcafee.com/us/resources/reports/rp-ponemonlost-smartphone-problem.pdf, 2011.
33. R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan. CryptDB: Protecting confidentiality with encrypted query processing. In Proc. of the ACM Symposium on Operating Systems Principles (SOSP), 2011.
34. N. Provos. Encrypting virtual memory. In Proc. of USENIX Security, 2000.
35. J. Robertson. Security chip that does encryption in PCs hacked. www.usatoday.com/tech/news/computersecurity/2010-02-08-security-chip-pc-hacked_N.htm, 2010.
36. M. Savage. NHS 'loses' thousands of medical records. www.independent.co.uk/news/uk/politics/nhs-losesthousands-of-medical-records-1690398.html, 2009.
37. A. Studer and A. Perrig. Mobile user location-specific encryption (MULE): Using your office as your password. In Proc. of the ACM Conference on Wireless Network Security (WiSec), 2010.
38. Symantec Corporation. PGP whole disk encryption. www.symantec.com/whole-disk-encryption, 2012.
39. Y. Tang, P. P. C. Lee, J. C. S. Lui, and R. Perlman. FADE: Secure overlay cloud storage for file assured deletion. In Proc. of the International ICST Conference on Security and Privacy in Communication Networks (SecureComm), 2010.
40. W3C. Mobile app best practices. www.w3.org/TR/mwabp, 2010.
41. A. Whitten and J. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In Proc. of USENIX Security, 1999.
42. L. Zhang, B. Tiwana, Z. Qian, Z. Wang, R. Dick, Z. M. Mao, and L. Yang. Accurate online power estimation and automatic battery behavior based power model generation for smartphones. In Proc. of the IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis, 2000.