Securing Smartphones: A $μ$TCB Approach. Gilad, Y., Herzberg, A., & Trachtenberg, A. IEEE Pervasive Computing, IEEE, 10, 2014. ![Securing Smartphones: A $μ$TCB Approach [link]](https://bibbase.org/img/filetypes/link.svg "link")
Website abstract bibtex As mobile phones have evolved into smartphones, with complex operating systems running third-party software, they have become increasingly vulnerable to malicious applications (malware). The authors introduce a new design for mitigating malware attacks against smartphone users based on a small trusted computing base module, denoted µTCB. The µTCB manages sensitive data and sensors and provides core services to applications, independently of the operating system. The user invokes µTCB by pressing a simple secure attention key that validates physical possession of the device and authorizes a sensitive action. This approach protects private information even if the device is infected with malware. This article presents a proof-of-concept implementation of µTCB based on ARM's TrustZone, a secure execution environment increasingly found in smartphones. It also includes an evaluation of the implementation using simulations.
@article{
title = {Securing Smartphones: A $μ$TCB Approach},
type = {article},
year = {2014},
identifiers = {[object Object]},
keywords = {security,smartphone,tpm},
pages = {72-79},
websites = {http://dx.doi.org/10.1109/mprv.2014.72},
month = {10},
publisher = {IEEE},
id = {a1bcc0af-bbee-38f1-beb0-1b74d00497a4},
created = {2018-07-12T21:32:08.749Z},
file_attached = {false},
profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
last_modified = {2018-07-12T21:32:08.749Z},
read = {false},
starred = {false},
authored = {false},
confirmed = {true},
hidden = {false},
citation_key = {gilad:utcb},
source_type = {article},
notes = {They propose to provide better security on smartphones by adding a small trusted-computing software component they call the micro-TCB, which sits between the OS and device inputs. It is transparent to the OS and most applications, but allows the user to enter ” secure” mode by pressing a dedicated ” SAK” key. It provides positive feedback to the user by lighting a dedicated ” secure mode” LED. (Thus this approach requires a dedicated input button, dedicated LED, and special software layer.) They prototype their approach using ARM's TrustZone hardware support. The notion is that the micro-USB supports a secure information store and some secure computations (such as signing a message with a key from the store). The paper is short on details. -- dave},
private_publication = {false},
abstract = {As mobile phones have evolved into smartphones, with complex operating systems running third-party software, they have become increasingly vulnerable to malicious applications (malware). The authors introduce a new design for mitigating malware attacks against smartphone users based on a small trusted computing base module, denoted µTCB. The µTCB manages sensitive data and sensors and provides core services to applications, independently of the operating system. The user invokes µTCB by pressing a simple secure attention key that validates physical possession of the device and authorizes a sensitive action. This approach protects private information even if the device is infected with malware. This article presents a proof-of-concept implementation of µTCB based on ARM's TrustZone, a secure execution environment increasingly found in smartphones. It also includes an evaluation of the implementation using simulations.},
bibtype = {article},
author = {Gilad, Yossi and Herzberg, Amir and Trachtenberg, Ari},
journal = {IEEE Pervasive Computing},
number = {4}
}
Downloads: 0
{"_id":"PQxfYmEgRqpcwvmPL","bibbaseid":"gilad-herzberg-trachtenberg-securingsmartphonesatcbapproach-2014","downloads":0,"creationDate":"2019-02-15T15:15:00.814Z","title":"Securing Smartphones: A $μ$TCB Approach","author_short":["Gilad, Y.","Herzberg, A.","Trachtenberg, A."],"year":2014,"bibtype":"article","biburl":null,"bibdata":{"title":"Securing Smartphones: A $μ$TCB Approach","type":"article","year":"2014","identifiers":"[object Object]","keywords":"security,smartphone,tpm","pages":"72-79","websites":"http://dx.doi.org/10.1109/mprv.2014.72","month":"10","publisher":"IEEE","id":"a1bcc0af-bbee-38f1-beb0-1b74d00497a4","created":"2018-07-12T21:32:08.749Z","file_attached":false,"profile_id":"f954d000-ce94-3da6-bd26-b983145a920f","group_id":"b0b145a3-980e-3ad7-a16f-c93918c606ed","last_modified":"2018-07-12T21:32:08.749Z","read":false,"starred":false,"authored":false,"confirmed":"true","hidden":false,"citation_key":"gilad:utcb","source_type":"article","notes":"They propose to provide better security on smartphones by adding a small trusted-computing software component they call the micro-TCB, which sits between the OS and device inputs. It is transparent to the OS and most applications, but allows the user to enter ” secure” mode by pressing a dedicated ” SAK” key. It provides positive feedback to the user by lighting a dedicated ” secure mode” LED. (Thus this approach requires a dedicated input button, dedicated LED, and special software layer.) They prototype their approach using ARM's TrustZone hardware support. The notion is that the micro-USB supports a secure information store and some secure computations (such as signing a message with a key from the store). The paper is short on details. -- dave","private_publication":false,"abstract":"As mobile phones have evolved into smartphones, with complex operating systems running third-party software, they have become increasingly vulnerable to malicious applications (malware). The authors introduce a new design for mitigating malware attacks against smartphone users based on a small trusted computing base module, denoted µTCB. The µTCB manages sensitive data and sensors and provides core services to applications, independently of the operating system. The user invokes µTCB by pressing a simple secure attention key that validates physical possession of the device and authorizes a sensitive action. This approach protects private information even if the device is infected with malware. This article presents a proof-of-concept implementation of µTCB based on ARM's TrustZone, a secure execution environment increasingly found in smartphones. It also includes an evaluation of the implementation using simulations.","bibtype":"article","author":"Gilad, Yossi and Herzberg, Amir and Trachtenberg, Ari","journal":"IEEE Pervasive Computing","number":"4","bibtex":"@article{\n title = {Securing Smartphones: A $μ$TCB Approach},\n type = {article},\n year = {2014},\n identifiers = {[object Object]},\n keywords = {security,smartphone,tpm},\n pages = {72-79},\n websites = {http://dx.doi.org/10.1109/mprv.2014.72},\n month = {10},\n publisher = {IEEE},\n id = {a1bcc0af-bbee-38f1-beb0-1b74d00497a4},\n created = {2018-07-12T21:32:08.749Z},\n file_attached = {false},\n profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},\n group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},\n last_modified = {2018-07-12T21:32:08.749Z},\n read = {false},\n starred = {false},\n authored = {false},\n confirmed = {true},\n hidden = {false},\n citation_key = {gilad:utcb},\n source_type = {article},\n notes = {They propose to provide better security on smartphones by adding a small trusted-computing software component they call the micro-TCB, which sits between the OS and device inputs. It is transparent to the OS and most applications, but allows the user to enter ” secure” mode by pressing a dedicated ” SAK” key. It provides positive feedback to the user by lighting a dedicated ” secure mode” LED. (Thus this approach requires a dedicated input button, dedicated LED, and special software layer.) They prototype their approach using ARM's TrustZone hardware support. The notion is that the micro-USB supports a secure information store and some secure computations (such as signing a message with a key from the store). The paper is short on details. -- dave},\n private_publication = {false},\n abstract = {As mobile phones have evolved into smartphones, with complex operating systems running third-party software, they have become increasingly vulnerable to malicious applications (malware). The authors introduce a new design for mitigating malware attacks against smartphone users based on a small trusted computing base module, denoted µTCB. The µTCB manages sensitive data and sensors and provides core services to applications, independently of the operating system. The user invokes µTCB by pressing a simple secure attention key that validates physical possession of the device and authorizes a sensitive action. This approach protects private information even if the device is infected with malware. This article presents a proof-of-concept implementation of µTCB based on ARM's TrustZone, a secure execution environment increasingly found in smartphones. It also includes an evaluation of the implementation using simulations.},\n bibtype = {article},\n author = {Gilad, Yossi and Herzberg, Amir and Trachtenberg, Ari},\n journal = {IEEE Pervasive Computing},\n number = {4}\n}","author_short":["Gilad, Y.","Herzberg, A.","Trachtenberg, A."],"urls":{"Website":"http://dx.doi.org/10.1109/mprv.2014.72"},"bibbaseid":"gilad-herzberg-trachtenberg-securingsmartphonesatcbapproach-2014","role":"author","keyword":["security","smartphone","tpm"],"downloads":0},"search_terms":["securing","smartphones","tcb","approach","gilad","herzberg","trachtenberg"],"keywords":["security","smartphone","tpm"],"authorIDs":[]}