Smart phones have rapidly become hand-held mobile devices capable of sustaining multiple applications. Some of these applications allow access to services including healthcare, financial and online social networks and are becoming common in the smart phone environment. From a security and privacy point of view, this seismic shift is creating new challenges, as the smart phone environment is becoming a suitable platform for security- and privacy-sensitive applications. The need for a strong security architecture for this environment is becoming paramount, especially from the point of view of Secure Application Execution (SAE). In this chapter, we explore SAE for applications on smart phone platforms, to ensure application execution is undertaken as expected by the application provider. Most of the proposed SAE proposals are based on having a secure and trusted embedded chip on the smart phone. Examples include the GlobalPlatform Trusted Execution Environment, M-Shield and Mobile Trusted Module. These additional hardware components, referred to as secure and trusted devices, provide a secure environment in which the applications can execute security-critical code and/or store data. These secure and trusted devices can become the target of malicious entities; therefore, we need to have a strong framework to validate and secure the code execution on such devices. This chapter discusses how we can provide an assurance that applications executing on such devices are secure by validating the secure and trusted hardware.
|Title of host publication||The New Codebreakers|
|Editors||Peter A. Ryan, David Naccache, Jean-Jacques Quisquater|
|Number of pages||22|
|Publication status||Published - 18 Mar 2016|
|Name||Lecture Notes in Computer Science|