Cryptography Reference
In-Depth Information
10.5 Conclusion
We have examined and discussed the security architecture of today's Smartphone
platforms. Overall, we recognized quite sophisticated technical approaches to
guarantee security of Smartphones and their applications; however, it seems
unlikely that these efforts will suffice to prevent attackers from achieving
significant damages in the future: The Smartphone platform itself is just too
attractive for attackers and too complex.
One interesting technical challenge is maintaining an open model for deploying
applications as e.g. Android suggests, vs. a centrally controlled environment like
that of Apple. The open model has, obviously, harder problems to solve on the
device side to maintain secure operation of Smartphones. Achieving this is
certainly one of today's major challenges in system and application security.
In the long run, we cannot see how to tackle this problem by only statically
considering applications and data: We argue that dynamic approaches are needed,
and, in particular, data flow during run time on Smartphone platforms needs to be
taken into account. We sketched ongoing research that is based on this principle
and aims at providing dynamically changing access control systems that can
potentially provide stronger security for Smartphone platforms in the long run.
References
[Apple10] Apple Inc.
Security Overview.
Cupertino, CA, USA. July 2010.
[EGC+09] William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon
Jung, Patrick McDaniel, Anmol N. Sheth.
Taintdroid: An information-flow Tracking
System for Realtime Privacy Monitoring on Smartphones
. In Proceedings of the 9
th
USENIX Symposium on Operating Systems Design and Implementation. Octo-
ber 2009.
[ENISA10] European Network and Information Security Agency.
Smartphones:
Information security risks, opportunities and recommendations for users
. December
2010.
[EOM09a] William Enck, Machigar Ongtang, and Patrick McDaniel.
Understanding
Android Security
. In IEEE Security & Privacy, IEEE Computer Society. 2009.
[EOM09b] William Enck, Machigar Ongtang, Patrick McDaniel.
On lightweight
mobile phone application certi_cation
. In: Proceedings of the 16th ACM Conference
on Computer and Communications Security. November 2009.
[FS10a] F-Secure.
Warning On Possible Android Mobile Trojans
. Available online:
http://www.f-secure.com/weblog/archives/00001852.html. January 2010.
[FS10b] F-Secure. Android Games Isn't Actually a Game. Online: http://www.f-
secure.com/weblog/archives/00002011.html. August 2010.
Search WWH ::
Custom Search