TinyVisor: An extensible secure framework on android platforms

Computers and Security

Volumn 72, Issue , 2018, Pages 145-162

  Shen, Dong ^a   Li, Zhoujun ^a   Su, Xiaojing ^b   Ma, Jinxin ^c   Deng, Robert ^d  

^a BEIHANG UNIVERSITY   (China)

^b INSTITUTE OF GEOLOGY AND GEOPHYSICS   (China)

^c CHINA INFORMATION TECHNOLOGY SECURITY EVALUATION CENTER   (China)

^d SINGAPORE MANAGEMENT UNIVERSITY   (Singapore)

Author keywords

Android; ARM; Hypervisor; System Security; Virtualization

Indexed keywords

ANDROID (OPERATING SYSTEM); BINDERS; BINS; MOBILE PHONES; NETWORK FUNCTION VIRTUALIZATION; VIRTUAL REALITY; VIRTUALIZATION;

ANDROID; ANDROID PLATFORMS; CODE MODIFICATIONS; GUEST OPERATING SYSTEMS; HYPERVISOR; MALICIOUS ACTIVITIES; SYSTEM SECURITY; VIRTUALIZATION TECHNOLOGIES;

MOBILE SECURITY;

EID: 85030787105     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2017.09.006     Document Type: Article

References (48)

1. Architecture Reference Manual (ARMv7-A and ARMv7-R edition). ARM DDI C, 2008.
2. Aroca, R.V., Gonçalves, L.M.G., Towards green data centers: a comparison of x86 and ARM architectures power efficiency. J Parall Distrib Comput 72:12 (2012), 1770–1780.
3. Artenstein, N., Revivo, I., Man in the binder: He who controls IPC, controls the droid, Black Hat. 2014.
4. Arzt, S., Huber, S., Rasthofer, S., Bodden, E., Denial-of-app attack: Inhibiting the installation of android apps on stock phones. in: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pp. 21–26, 2014.
5. ARM, Fast Models – ARM. Available from http://www.arm.com/products/tools/models/fast-models/, 2011 Accessed 30 August 2015.
6. Azab, A.M., Ning, P., Shah, J., Chen, Q., Bhutkar, R., Ganesh, G., et al. Hypervision across worlds: Real-time kernel protection from the ARM TrustZone secure world. in: Proceedings of the 21st ACM Conference on Computer and Communications Security, pp. 1028–1031, 2014.
7. Bartholomew, D., QEMU: a multihost multitarget emulator. Linux J 2006:145 (2006), 68–71.
8. Bellard, F., QEMU, a fast and portable dynamic translator. in: Conference on Usenix Technical Conference, pp. 41–46, 2005.
9. Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., et al. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. ACM SIGOPS Operat Syst Rev 42:2 (2010), 2–13.
10. Cheng, Y., Ding, X., Deng, R.H., Efficient virtualization-based application protection against untrusted operating system. in: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 345–356, 2015.
11. Chin, E., Felt, A.P., Greenwood, K., Wagner, D., Analyzing inter-application communication in android. in: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252, 2011.
12. Dall, C., Nieh, J., Kvm for arm. Proceedings of the Ottawa Linux Symposium, 2010.
13. Dall, C., Nieh, J., KVM/ARM: the design and implementation of the linux ARM hypervisor. ACM SIGARCH Comput Architect News 42:1 (2014), 333–348, 10.1145/2541940.2541946 Available from http://doi.acm.org/10.1145/2541940.2541946.
14. Ding, J.-H., Lin, C.-J., Chang, P.-H., Tsang, C.-H., Hsu, W.-C., Chung, Y.-C., ARMvisor: System virtualization for ARM. in: Proceedings of the Ottawa Linux Symposium, pp. 93–107, 2012.
15. Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., et al. Taintdroid: an information flow tracking system for real-time privacy monitoring on smartphones. Commun ACM 57:3 (2010), 99–106.
16. Heiser, G., Leslie, B., The okl4 microvisor: convergence point of microkernels and hypervisors. in: ACM SIGCOMM Asia-Pacific Workshop on Systems, Apsys 2010, New Delhi, India, pp. 19–24, August, 2010.
17. Hofmann, O.S., Kim, S., Dunn, A.M., Lee, M.Z., Witchel, E., Inktag: Secure applications on an untrusted operating system. in: Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 253–264. doi:10.1145/2451116.2451146; Available from http://doi.acm.org/10.1145/2451116.2451146, 2013.
18. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D., “These aren't the droids you're looking for”: Retrofitting android to protect data from imperious applications. in: ACM Conference on Computer and Communications Security, pp. 639–652, 2011.
19. Horsch, J., Wessel, S., Transparent page-based kernel and user space execution tracing from a custom minimal arm hypervsior. in: The IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 408–417, 2015.
20. Hwang, J.-Y., bum Suh, S., Heo, S.-K., Park, C.-J., Ryu, J.-M., Park, S.-Y., et al. Xen on ARM: System virtualization using xen hypervisor for ARM-Based secure mobile phones. in: Proceedings of the 5th IEEE Consumer Communications and Networking Conference, pp. 257–261. doi:10.1109/ccnc08.2007.64, 2008.
21. Lee, S.M., Suh, S.B., Jeong, B., Mo, S., A multi-layer mandatory access control mechanism for mobile devices based on virtualization. in: Consumer Communications and Networking Conference, 2008. CCNC 2008. 5th IEEE, pp. 251–256, 2008.
22. Lengyel, T.K., Kittel, T., Pfoh, J., Eckert, C., Multi-tiered security architecture for arm via the virtualization and security extensions. in: International Workshop on Database and Expert Systems Applications, pp. 308–312, 2014.
23. Li, D., Multi-platform extension of lightweight virtual machines. [Master's thesis]; Huazhong University of Science and Technology, 2011.
24. Mulliner, C., Robertson, W., Kirda, E., Virtualswindle: an automated attack against in-app billing on android. pp. 459–470, 2014.
25. Nordholz, J., Vetter, J., Peter, M., Junkerpetschick, M., Danisevskis, J., XNPro: low-impact hypervisor-based execution prevention on ARM. in: International Workshop on Trustworthy Embedded Devices, pp. 55–64, 2015.
26. Oh, S.C., Vimo (virtualization for mobile): A virtual machine monitor supporting full virtualization for arm mobile systems. 48–53, 2010.
27. Ou, Z., Pang, B., Deng, Y., Nurminen, J.K., Hui, P., Energy- and cost-efficiency analysis of ARM-based clusters. in: The IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, pp. 115–123, 2012.
28. Paolino, M., Rigo, A., Spyridakis, A., Fanguède, J., Lalov, P., Raho, D., T-KVM: A Trusted architecture for KVM ARM v7 and v8 Virtual Machines Securing Virtual Machines by means of KVM, TrustZone, TEE and SELinux. in: CLOUD COMPUTING 2015: The Sixth International Conference on Cloud Computing, GRIDs and Virtualization, 2015.
29. Park, M., Yoo, S.H., Yoo, C., Real-time operating system virtualization for xen-arm. 2008.
30. Pendragon Software Corporation, CaffeineMark 3.0. Available from http://www.benchmarkhq.ru/cm30/, 1997 Accessed 20 October 2015.
31. Pozo, R., Miller, B., Java SciMark 2.0. Available from http://math.nist.gov/scimark2, 2004 Accessed 18 March 2017.
32. Rosa, T., Android binder security note: On passing binder through another binder. 2011.
33. Rossier, D., EmbeddedXEN: A revisited architecture of the xen hypervisor to support ARM-based embedded virtualization. White paper, Switzerland, 2012.
34. Shen, D., Zhang, Z., Li, Z., Ding, X., Deng, R., H-Binder: a hardened binder framework on android systems. in: 12th EAI International Conference on Security and Privacy in Communication Networks, pp. 24–43, 2016.
35. Shneiderman, B., Designing the user interface: strategies for effective human-computer interaction. 3rd ed, 1998, Addison-Wesley.
36. Sites, R.L., Binary translation. Commun ACM 36:2 (1993), 69–81.
37. Smith, B., ARM and Intel battle over the mobile chip's future. Computer 41:5 (2008), 15–18.
38. Spaulding, J., Krauss, A., Srinivasan, A., Exploring an open wifi detection vulnerability as a malware attack vector on ios devices. in: International Conference on Malicious and Unwanted Software, pp. 87–93, 2012.
39. Suzuki, A., Oikawa, S., Implementing a simple trap and emulate vmm for the arm architecture. in: IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, pp. 371–379, 2011.
40. Uhlig, R., Neiger, G., Rodgers, D., Santoni, A.L., Martins, F.C.M., Anderson, A.V., et al. Intel virtualization technology. Computer 38:5 (2005), 48–56.
41. Varanasi, P., Implementing hardware-supported virtualization in okl4 on arm. [Ph.D. thesis]; The University of New South Wales, 2010.
42. Wen-Xin, L.I., Wang, J.B., De-Jun, M.U., Yuan, Y., Survey on android rootkit, Microprocessors. 2011.
43. XenProject, Supported Xen Project 4.4 series. Available from http://www.xenproject.org/downloads/xen-archives/xen-44-series.html, 2013 Accessed 7 May 2014.
44. Yang, Y., Qian, Z., Huang, H., A lightweight monitor for android kernel protection. Computer Engineering, 2014.
45. You, D.H., Noh, B.N., Android platform based linux kernel rootkit. in: International Conference on Malicious & Unwanted Software, 2011, 79–87.
46. Zhao, Y., Study of linux kernel virtual machine technology implemented on arm platform. [Master's thesis]; Huazhong University of Science and Technology, 2011.
47. Zhong, M., Study of embedded system security assurance based on virtualization technology. [Master's thesis]; Nankai University, 2013.
48. Zhou, Z., Gligor, V.D., Newsome, J., McCune, J.M., Building verifiable trusted path on commodity x86 computers. in: Proceedings of the 33rd IEEE Symposium on Security and Privacy, pp. 616–630, 2012.