Securing Smartphones: A Micro-TCB Approach
This addresses security for smartphone users against malware attacks, representing an incremental improvement in trusted computing designs.
The paper tackles smartphone vulnerability to malware by introducing a micro trusted computing base (uTCB) that manages sensitive data independently of the operating system, with a proof-of-concept implementation based on ARM TrustZone evaluated through simulations.
As mobile phones have evolved into `smartphones', with complex operating systems running third- party software, they have become increasingly vulnerable to malicious applications (malware). We introduce a new design for mitigating malware attacks against smartphone users, based on a small trusted computing base module, denoted uTCB. The uTCB manages sensitive data and sensors, and provides core services to applications, independently of the operating system. The user invokes uTCB using a simple secure attention key, which is pressed in order to validate physical possession of the device and authorize a sensitive action; this protects private information even if the device is infected with malware. We present a proof-of-concept implementation of uTCB based on ARM's TrustZone, a secure execution environment increasingly found in smartphones, and evaluate our implementation using simulations.