Securing display path for security-sensitive applications on mobile devices

Computers, Materials and Continua

Volumn 55, Issue 1, 2018, Pages 17-35

  Cui, Jinhua ^a,b   Zhang, Yuanyuan ^c   Cai, Zhiping ^a   Liu, Anfeng ^d   Li, Yangyang ^e  

^a NATIONAL UNIVERSITY OF DEFENSE TECHNOLOGY   (China)

^b SINGAPORE MANAGEMENT UNIVERSITY   (Singapore)

^c FUJIAN NORMAL UNIVERSITY   (China)

^d CENTRAL SOUTH UNIVERSITY   (China)

^e China Academy of Electronics and Information Technology   (China)

Author keywords

Display path; Mobile device; Secure display; Trust anchor; Trusted computing base; Virtualization

Indexed keywords

ARM PROCESSORS; MOBILE DEVICES; MOBILE SECURITY; NETWORK SECURITY; VIRTUALIZATION;

HARDWARE VISUALIZATION; LINES OF CODE; SECURE DISPLAY; SENSITIVE APPLICATION; SENSITIVE DATAS; SMART DEVICES; SOFTWARE VULNERABILITIES; TRUSTED COMPUTING BASE;

DISPLAY DEVICES;

EID: 85046683449     PISSN: 15462218     EISSN: 15462226     Source Type: Journal    
DOI: 10.3970/cmc.2018.055.017     Document Type: Article

References (56)

1. Alves, T. (2004): Trustzone: Integrated hardware and software security. White Paper.
2. ARM (2010): Cortex-a9 technical reference manual. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0388f/DDI0388F-cortex-a9-r2p2-trm.pdf.
3. Azab, A. M.; Ning, P.; Shah, J.; Chen, Q. (2014): Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 90-102.
4. Bianchi, A.; Corbetta, J.; Invernizzi, L.; Fratantonio, Y. (2015): What the app is that? Deception and countermeasures in the android user interface. Security and Privacy, pp. 931-948.
5. Chen, Q.; Qian, Z.; Mao, Z. (2014): Peeking into your app without actually seeing it: Ui state inference and novel android attacks. USENIX Security Symposium, pp. 1037-1052.
6. Chen, X.; Garfinkel, T.; Lewis, E. C.; Subrahmanyam, P. (2008): Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. ACM SIGOPS Operating Systems Review, vol. 42, no. 2, pp. 2-13.
7. Cheng, Y.; Ding, X. (2013): Guardian: Hypervisor as security foothold for personal computers. International Conference on Trust and Trustworthy Computing, pp. 19-36.
8. Cheng, Y.; Ding, X.; Deng, R. (2013): Appshield: Protecting applications against untrusted operating system. Singapore Management University Technical Report, SMU-SIS-13, vol. 101.
9. Cho, Y.; Shin, J. B.; Kwon, D.; Ham, M. (2016): Hardware-assisted on-demand hyper-visor activation for efficient security critical code execution on mobile devices. USENIX Annual Technical Conference, pp. 565-578.
10. Danisevskis, J.; Peter, M.; Nordholz, J.; Petschick, M.; Vetter, J. (2015): Graphical user interface for virtualized mobile handsets. IEEE S&P MoST.
11. Davi, L.; Gens, D.; Liebchen, C.; Ahmad Reza, S. (2017): Pt-rand: Practical mitigation of data-only attacks against page tables. 24th Annual Network and Distributed System Security Symposium.
12. Dinaburg, A.; Royal, P.; Sharif, M.; Lee, W. (2008): Ether: Malware analysis via hard-ware virtualization extensions. Proceedings of the 15th ACM conference on Computer and Communications Security, pp. 51-62.
13. Eppler, J.; Wang, Y. (2018): Towards improving the security of mobile systems using virtualization and isolation. 2018 4th International Conference on Mobile and Secure Services, pp. 1-6.
14. Epstein, J.; McHugh, J.; Pascale, R.; Orman, H. (1991): A prototype b3 trusted x window system. Computer Security Applications Conference, pp. 44-55.
15. Feske, N.; Helmuth, C. (2005): A nitpicker's guide to a minimal-complexity secure gui. Computer Security Applications Conference, 21st Annual, pp. 85-94.
16. Guan, L.; Liu, P.; Xing, X.; Ge, X.; Zhang, S. et al. (2017): Trustshadow: Secure execution of unmodified applications with arm trustzone. Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, pp. 488-501.
17. Hoanca, B.; Mock, K. J. (2005): Screen oriented technique for reducing the incidence of shoulder surfing. Security and Management, pp. 334-340.
18. Hu, H.; Chua, Z. L.; Adrian, S.; Saxena, P.; Liang, Z. (2015): Automatic generation of data-oriented exploits. USENIX Security Symposium, pp. 177-192.
19. Hu, H.; Shinde, S.; Adrian, S.; Chua, Z. L. (2016): Data-oriented programming: On the expressiveness of non-control data attacks. Security and Privacy, pp. 969-986.
20. Huang, M.; Liu, Y.; Zhang, N.; Xiong, N.; Liu, A. et al. (2018): A services routing based caching scheme for cloud assisted crns. IEEE Access.
21. Jiang, X.; Wang, X. (2007): "out-of-the-box" monitoring of vm-based high-interaction honeypots. International Workshop on Recent Advances in Intrusion Detection, pp. 198-218.
22. Li, J.; Wang, Z.; Jiang, X.; Grace, M.; Bahram, S. (2010): Defeating return-oriented rootkits with return-less kernels. Proceedings of the 5th European conference on Computer Systems, pp. 195-208.
23. Li, Y.; Cai, Z.; Xu, H. (2018): Llmp: Exploiting lldp for latency measurement in software-defined data center networks. Journal of Computer Science and Technology, vol. 33, no. 2, pp. 277-285.
24. Lin, C. C.; Li, H.; Zhou, X. Y.; Wang, X. (2014): Screenmilker: How to milk your android screen for secrets. NDSS.
25. Litty, L.; Lagar Cavilla, H. A.; Lie, D. (2008): Hypervisor support for identifying covertly executing binaries. USENIX Security Symposium, pp. 243-258.
26. Liu, F.; Li, T. (2018): A clustering-anonymity privacy-preserving method for wearable iot devices. Security and Communication Networks.
27. Logic, T. (2012): Trusted foundations by trusted logic mobility. http://www.arm.com/community/partners/display/product/rw/ProductId/5393/.
28. McCune, J. M.; Li, Y.; Qu, N.; Zhou, Z. (2010): Trustvisor: Efficient tcb reduction and attestation. 2010 IEEE Symposium on Security and Privacy, pp. 143-158.
29. McCune, J. M.; Parno, B. J.; Perrig, A.; Reiter, M. K.; Isozaki, H. (2008): Flicker: An execution infrastructure for tcb minimization. ACM SIGOPS Operating Systems Review, vol. 42, pp. 315-328.
30. Miluzzo, E.; Varshavsky, A.; Balakrishnan, S.; Choudhury, R. R. (2012): Tapprints: Your finger taps have fingerprints. Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, pp. 323-336.
31. Oikonomakos, P.; Fournier, J.; Moore, S. (2006): Implementing cryptography on tft technology for secure display applications. International Conference on Smart Card Research and Advanced Applications, pp. 32-47.
32. Pradeep, A.; Mridula, S.; Mohanan, P. (2016): High security identity tags using spiral resonators. Computers, Materials & Continua, vol. 52, no. 3, pp. 185-195.
33. Riley, R.; Jiang, X.; Xu, D. (2008): Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing. International Workshop on Recent Advances in Intrusion Detection, pp. 1-20.
34. Riley, R.; Jiang, X.; Xu, D. (2009): Multi-aspect profiling of kernel rootkit behavior. Proceedings of the 4th ACM European Conference on Computer Systems, pp. 47-60.
35. Sani, A. A.; Zhong, L.; Wallach, D. S. (2014): Glider: A gpu library driver for improved system security. Operating Systems.
36. Shen, D.; Li, Z.; Su, X.; Ma, J.; Deng, R. (2018): Tinyvisor: An extensible secure framework on android platforms. Computers & Security, vol. 72, pp. 145-162.
37. Sierraware (2013): Open virtualization's sierravisor and sierratee. http://www.openvirtualization.org.
38. Smowton, C. (2009): Secure 3D graphics for virtual machines. Proceedings of the Second European Workshop on System Security, pp. 36-43.
39. Steinberg, U.; Kauer, B. (2010): Nova: A microhypervisor-based secure virtualization architecture. Proceedings of the 5th European conference on Computer systems, pp. 209-222.
40. Strackx, R.; Piessens, F. (2012): Fides: Selectively hardening software application com-ponents against kernel-level or process-level malware. Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 2-13.
41. Sun, H.; Sun, K.; Wang, Y.; Jing, J.; Wang, H. (2015): Trustice: Hardware-assisted isolated computing environments on mobile devices. Dependable Systems and Networks, pp. 367-378.
42. Sun, W.; Cai, Z.; Li, Y.; Liu, F.; Fang, S. et al. (2018): Security and privacy in the medical internet of things. Security and Communication Networks.
43. Tang, J.; Liu, A.; Zhang, J.; Xiong, N. N.; Zeng, Z. et al. (2018): A trust-based secure routing scheme using the traceback approach for energy-harvesting wireless sensor networks. Sensors, vol. 18, no. 3, pp. 751.
44. Tian, C.; Wang, Y.; Liu, P.; Zhou, Q.; Zhang, C. et al. (2017): Im-visor: A pre-ime guard to prevent ime apps from stealing sensitive keystrokes using trustzone. 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 145-156.
45. Tian, K.; Dong, Y.; Cowperthwaite, D. (2014): A full gpu virtualization solution with mediated pass-through. USENIX Annual Technical Conference, pp. 121-132.
46. Wang, X.; Chen, Y.; Wang, Z.; Qi, Y.; Zhou, Y. (2015): Secpod: A framework for virtualization-based security systems. USENIX Annual Technical Conference, pp. 347-360.
47. Wang, Z.; Jiang, X.; Cui, W.; Ning, P. (2009): Countering kernel rootkits with lightweight hook protection. Proceedings of the 16th ACM conference on Computer and communications security, pp. 545-554.
48. Winter, J. (2012): Experimenting with arm trustzone - or: How i met friendly piece of trusted hardware. Trust, Security and Privacy in Computing and Communications (Trust-Com), pp. 1161-1166.
49. Xia, J.; Cai, Z.; Xu, M. (2018): An active defense solution for arp spoofing in openflow network. Chinese Journal of Electronics.
50. Xu, Z.; Bai, K.; Zhu, S. (2012): Taplogger: Inferring user inputs on smartphone touch-screens using on-board motion sensors. Proceedings of the 5th ACM conference on Security and Privacy in Wireless and Mobile Networks, pp. 113-124.
51. Yamamoto, H.; Hayasaki, Y.; Nishida, N. (2004): Secure information display with limited viewing zone by use of multi-color visual cryptography. Optics Express, vol. 12, no. 7, pp. 1258-1270.
52. Yu, M.; Gligor, V. D.; Zhou, Z. (2015): Trusted display on untrusted commodity platforms. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 989-1003.
53. Yuan, C.; Li, X.; Wu, Q.; Li, J.; Sun, X. (2017): Fingerprint liveness detection from different fingerprint materials using convolutional neural network and principal component analysis. Computers, Materials & Continua, vol. 53, no. 3, pp. 357-371.
54. Zhang, H.; Cai, Z.; Liu, Q.; Xiao, Q.; Li, Y. et al. (2018): A survey on security-aware measurement in sdn. Security and Communication Networks.
55. Zhou, Z.; Gligor, V. D.; Newsome, J.; McCune, J. M. (2012): Building verifiable trusted path on commodity x86 computers. Security and Privacy, pp. 616-630.
56. Zhou, Z.; Yu, M.; Gligor, V. D. (2014): Dancing with giants: Wimpy kernels for on-demand isolated I/O. Security and Privacy, pp. 308-323.