By Topic

A Multi-Layer Mandatory Access Control Mechanism for Mobile Devices Based on Virtualization

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Sung-Min Lee ; SAMSUNG ELECTRON. CO. LTD., Suwon ; Sang-Bum Suh ; Bokdeuk Jeong ; Sangdok Mo

In this paper we present a multi-layer mandatory access control mechanism (ACM) for mobile devices based on system virtualization technology. We discuss a detailed threat model to mobile devices in the real world to develop an ACM fitted to mobile devices. Then, we propose a novel multi-layer access control mechanism for mobile devices, which provides strong protection against the identified mobile threats as well as performance efficiency. Our Virtual Machine Monitor (VMM) and secure domain have independent access control modules to effectively control mobile device's resources. Access control module at VMM controls access requests from a domain to physical/virtual resources in order to confine sharing resources among domains for confidentiality. It also protects a mobile device against DoS attacks draining limited system resources such as battery and memory to guarantee availability. In addition, access control at secure domain enforces fine-grained control of resources (e.g., file system access control) in upper layer without degrading performance of a mobile device due to additional hypercall invocations. Furthermore, there is no bypass of our access control since our ACM is placed inside VMM which is simple and small enough to verify its safety and we eliminated the chance of VMM corruption by checking integrity of VMM including ACM during bootstrap time.

Published in:

2008 5th IEEE Consumer Communications and Networking Conference

Date of Conference:

10-12 Jan. 2008