End to End Trusted Path for Embedded Devices and Applications
Agency / Branch:
DOD / USAF
ABSTRACT: Smartphones are powerful computing devices that manipulate, store and transmit sensitive data and are becoming increasingly popular for malware attacks as a result. In order to use them for military purposes, a mesh of security techniques are needed in order to contain sensitive data and prevent it from leaving the device in an unapproved manner. Data separation primarily relies on address spaces defined by the operating system and enforced by the MMU of the processor, as well as permissions applied to data stored in files. Writing a new kernel in a secured development environment, or virtualizing the kernel and device drivers to run under a hypervisor, is the most direct way to increase the strength of data separation. However, it has technical limitations, it requires a handset-specific software solution, and it requires support of the handset manufacturer to build a custom system image. Rather than try to isolate all applications from each other, our solution is to isolate just the secure applications. Applying the proposed advanced platform integrity mechanisms along with our secure data transformation for storage and transmission provides a complete solution against the adverse effects of intentional malware or accidental mishaps. BENEFIT: Applying the advanced platform integrity techniques and secure data transformation methods described in this proposal would provide the framework for data protection, integrity, isolation, and authentication for secure applications running on mobile platforms. It ties together a number of both standard and novel security techniques in an easy to use, scalable, and trustworthy manner that has yet to be seen for an enterprise security model. Whether the enterprise is commercial, government, or military, secure communication among them is made possible through disparate networks providers and complex network topologies. The software-only solution can be quickly installed and provisioned for use, remotely updated and managed, as well as remotely uninstalled and wiped clean. The key component of continuous auditing and monitoring of the platform provides the requisite integrity we need to robustly counteract today"s adversarial conditions.
Small Business Information at Submission:
Research Institution Information:
Cummings Engineering Consultants, Inc.
145 S. 79th St., Suite 26 Chandler, AZ -
Number of Employees:
University of Advancing Technology
2625 W. BASELINE RD.
Tempe, AZ 85283-5283