research-article

TinMan: eliminating confidential mobile data exposure with security oriented offloading

Authors:

Haibo ChenAuthors Info & Claims

EuroSys '15: Proceedings of the Tenth European Conference on Computer Systems

Article No.: 27, Pages 1 - 16

https://doi.org/10.1145/2741948.2741977

Published: 17 April 2015 Publication History

Abstract

The wide adoption of smart devices has stimulated a fast shift of security-critical data from desktop to mobile devices. However, recurrent device theft and loss expose mobile devices to various security threats and even physical attacks. This paper presents TinMan, a system that protects confidential data such as web site password and credit card number (we use the term cor to represent these data, which is short for Confidential Record) from being leaked or abused even under device theft. TinMan separates accesses of cor from the rest of the functionalities of an app, by introducing a trusted node to store cor and offloading any code from a mobile device to the trusted node to access cor. This completely eliminates the exposure of cor on the mobile devices. The key challenges to TinMan include deciding when and how to efficiently and transparently offload execution; TinMan addresses these challenges with security-oriented offloading with a low-overhead tainting scheme called asymmetric tainting to track accesses to cor to trigger offloading, as well as transparent SSL session injection and TCP pay-load replacement to offload accesses to cor. We have implemented a prototype of TinMan based on Android and demonstrated how TinMan protects the information of user's bank account and credit card number without modifying the apps. Evaluation results also show that TinMan incurs only a small amount of performance and power overhead.

Supplementary Material

MP4 File (a27-sidebyside.mp4)

Download
837.23 MB

References

[1]

Alipay. http://www.alipay.com.

[2]

Beast attack on client-side ssl. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389.

[3]

Cve-2013-6271. http://www.cvedetails.com/cve/CVE-2013-6271/.

[4]

Bitlocker drive encryption technical overview. http://technet.microsoft.com/en-us/library/cc766200%28WS.10%29.aspx, 2009.

[5]

Lookout mobile security. lost and found: The challenges of finding your lost or stolen phone. blog.mylookout.com/blog/2011/07/12/lost-and-found-the-challenges-of-finding-your-lost-or-stolen-phone, 2011.

[6]

Break out a hammer: You'll never believe the data 'wiped' smartphones store. http://www.wired.com/gadgetlab/2013/04/smartphone-data-trail/all/, 2013.

[7]

Critical app flaw bypasses screen lock on up to 100 million android phones. http://arstechnica.com/security/2013/04/crital-app-flaw-bypasses-screen-lock-on-up-to-100-million-android-phones/, 2013.

[8]

Samsung galaxy s iii has a lockscreen bug; security can be easily bypassed. http://www.brighthand.com/default.asp?newsID=19867&news=Samsung-Galaxy-S-III-Unlock-Screen-Bug-Lets-Security-Be-Bypassed, 2013.

[9]

Skype for android lockscreen bypass. http://seclists.org/fulldisclosure/2013/Jul/6, 2013.

[10]

Xperia z security flaw exposed as lock screen bypassed. http://www.xperiablog.net/2013/03/25/xperia-z-security-flaw-exposed-as-lock-screen-bypassed/, 2013.

[11]

T. Cannon and S. Bradford. Into the droid: Gaining access to android user data, 2012.

[12]

D. Chandra and M. Franz. Fine-grained information flow analysis and enforcement in a java virtual machine. In ACSAC, pages 463--475. IEEE, 2007.

[13]

H. Chen, X. Wu, L. Yuan, B. Zang, P.-c. Yew, and F. T. Chong. From speculation to security: Practical and efficient information flow tracking using speculative hardware. In 35th International Symposium on Computer Architecture, 2008. ISCA'08., pages 401--412. IEEE, 2008.

Digital Library

[14]

J. Cheng, S. H. Wong, H. Yang, and S. Lu. Smartsiren: virus detection and alert for smartphones. In MobiSys, pages 258--271, 2007.

Digital Library

[15]

B.-G. Chun, S. Ihm, P. Maniatis, M. Naik, and A. Patti. Clonecloud: elastic execution between mobile device and cloud. In EuroSys, pages 301--314, 2011.

Digital Library

[16]

F. C. Commission. Announcement of new initiatives to combat smartphone and data theft. www.fcc.gov/document/announcement-new-initiatives-combat-smartphone-and-data-theft, 2012.

[17]

E. Cuervo, A. Balasubramanian, D.-k. Cho, A. Wolman, S. Saroiu, R. Chandra, and P. Bahl. Maui: making smartphones last longer with code offload. In MobiSys, pages 49--62. ACM, 2010.

Digital Library

[18]

A. Das, J. Bonneau, M. Caesar, N. Borisov, and X. Wang. The Tangled Web of Password Reuse. In NDSS, pages 23--26, 2014.

[19]

S. M. Diesburg and A.-I. A. Wang. A survey of confidential data storage and deletion methods. ACM Computing Surveys (CSUR), 43(1): 2, 2010.

Digital Library

[20]

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI, pages 1--6, 2010.

Digital Library

[21]

J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, and L. Stewart. Http authentication: Basic and digest access authentication, 1999.

Digital Library

[22]

B. Garmany and T. Müller. Prime: private rsa infrastructure for memory-less encryption. In Proceedings of the 29th Annual Computer Security Applications Conference, pages 149--158. ACM, 2013.

Digital Library

[23]

R. Geambasu, J. P. John, S. D. Gribble, T. Kohno, and H. M. Levy. Keypad: an auditing file system for theft-prone devices. In EuroSys, pages 1--16, 2011.

Digital Library

[24]

A. Gember, C. Dragga, and A. Akella. Ecos: practical mobile application offloading for enterprises. In Hot-ICE, 2012.

Digital Library

[25]

M. S. Gordon, D. A. Jamshidi, S. Mahlke, Z. M. Mao, and X. Chen. Comet: code offload by migrating execution transparently. In OSDI, pages 93--106, 2012.

Digital Library

[26]

L. Guan, J. Lin, B. Luo, and J. Jing. Copker: Computing with private keys without ram. 2014.

[27]

P. Gutmann. Data remanence in semiconductor devices. In Proceedings of the 10th conference on USENIX Security Symposium-Volume 10, pages 4--4. USENIX Association, 2001.

Digital Library

[28]

V. Haldar, D. Chandra, and M. Franz. Dynamic taint propagation for java. In ACSAC, pages 9--pp. IEEE, 2005.

Digital Library

[29]

J. Halderman, S. Schoen, N. Heninger, W. Clarkson, W. Paul, J. Calandrino, A. Feldman, J. Appelbaum, and E. Felten. Lest we remember: cold-boot attacks on encryption keys. Communications of the ACM, 52(5): 91--98, 2009.

Digital Library

[30]

G. Inc. Android honeycomb encryption. http://source.android.com/tech/encryption/android crypto implementation.html.

[31]

P. Institute. The lost smartphone problem. http://www.mcafee.com/us/resources/reports/rp-ponemon-lost-smartphone-problem.pdf, 2011.

[32]

S. Jana, A. Narayanan, and V. Shmatikov. A scanner darkly: Protecting user privacy from perceptual applications. In IEEE Symposium on Security and Privacy, 2007.

Digital Library

[33]

C. Jarabek, D. Barrera, and J. Aycock. ThinAV: truly lightweight mobile cloud-based anti-malware. In ACSAC, pages 209--218, 2012.

Digital Library

[34]

R. Kemp, N. Palmer, T. Kielmann, and H. Bal. Cuckoo: a computation offloading framework for smartphones. In MobiCASE, pages 59--79. Springer, 2012.

[35]

W. Li, M. Ma, J. Han, Y. Xia, B. Zang, C.-K. Chu, and T. Li. Building trusted path on untrusted device drivers for mobile devices. In Proceedings of 5th Asia-Pacific Workshop on Systems, page 8. ACM, 2014.

Digital Library

[36]

D. Lie, C. Thekkath, and M. Horowitz. Implementing an untrusted operating system on trusted hardware. In Proc. SOSP, 2003.

Digital Library

[37]

D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. In Proc. ASPLOS, pages 168--177, 2000.

Digital Library

[38]

P. MacKenzie and M. K. Reiter. Networked cryptographic devices resilient to capture. In IEEE Symposium on Security and Privacy, pages 12--25. IEEE, 2001.

Digital Library

[39]

R. McIlroy and J. Sventek. Hera-jvm: Abstracting processor heterogeneity behind a virtual machine. In HotOS, 2009.

Digital Library

[40]

Microsoft. 2003. encrypting file system in windows xp and windows server 2003. http://technet.microsoft.com/en-us/library/bb457065.aspx.

[41]

M. Milian. U.s. government, military to get secure android phones. http://www.cnn.com/2012/02/03/tech/mobile/government-android-phones/index.html, 2012.

[42]

T. Müller, A. Dewald, and F. C. Freiling. Aesse: a cold-boot resistant implementation of aes. In Proceedings of the Third European Workshop on System Security, pages 42--47. ACM, 2010.

Digital Library

[43]

T. Müller, F. C. Freiling, and A. Dewald. Tresor runs encryption securely outside ram. In USENIX Security Symposium, pages 17--17, 2011.

Digital Library

[44]

T. Müller and M. Spreitzenbarth. Frost. In Applied Cryptography and Network Security, pages 373--388. Springer, 2013.

Digital Library

[45]

S. K. Nair, P. N. Simpson, B. Crispo, and A. S. Tanenbaum. A virtual machine based information flow control system for policy enforcement. Electronic Notes in Theoretical Computer Science, 197(1): 3--16, 2008.

Digital Library

[46]

J. Oberheide, E. Cooke, and F. Jahanian. CloudAV: N-version antivirus in the network cloud. In USENIX Security, pages 91--106, 2008.

Digital Library

[47]

K. Onarlioglu, C. Mulliner, W. Robertson, and E. Kirda. Privexec: Private execution as an operating system service. In IEEE Symposium on Security and Privacy, 2007.

Digital Library

[48]

J. PABEL. Frozencache mitigating cold-boot attacks for full-disk-encryption software. In 27th Chaos Communication Congress (Berlin, Germany, 2010.

[49]

T. P. Parker and S. Xu. A method for safekeeping cryptographic keys from memory disclosure attacks. In Trusted Systems, pages 39--59. Springer, 2010.

Digital Library

[50]

G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid android: versatile protection for smartphones. In ACSAC, pages 347--356, 2010.

Digital Library

[51]

K. P. Puttaswamy, C. Kruegel, and B. Y. Zhao. Silverline: toward data confidentiality in storage-intensive cloud applications. In Proceedings of the 2nd ACM Symposium on Cloud Computing, page 10. ACM, 2011.

Digital Library

[52]

J. Reardon, S. Capkun, and D. A. Basin. Data node encrypted file system: Efficient secure deletion for flash memory. In USENIX Security Symposium, pages 333--348, 2012.

Digital Library

[53]

B. Rogers, S. Chhabra, M. Prvulovic, and Y. Solihin. Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly. In Proc. MICRO, pages 183--196, 2007.

Digital Library

[54]

W. Shi, H.-H. S. Lee, M. Ghosh, and C. Lu. Architectural support for high speed protection of memory integrity and confidentiality in multiprocessor systems. In Proc. PACT, pages 123--134, 2004.

Digital Library

[55]

W. Shi, H.-h. S. Lee, and C. Lu. High Efficiency Counter Mode Security Architecture via Prediction and Precomputation College of Computing. In Proc. ISCA, 2005.

Digital Library

[56]

P. Simmons. Security through amnesia: a software-based solution to the cold boot attack on disk encryption. In Proceedings of the 27th Annual Computer Security Applications Conference, pages 73--82. ACM, 2011.

Digital Library

[57]

R. Spahn, J. Bell, M. Z. Lee, S. Bhamidipati, R. Geambasu, and G. Kaiser. Pebbles: Fine-grained data management abstractions for modern operating systems. 2014.

[58]

P. Stewin. A primitive for revealing stealthy peripheral-based attacks on the computing platforms main memory. In Research in Attacks, Intrusions, and Defenses, pages 1--20. Springer, 2013.

Digital Library

[59]

G. Suh, D. Clarke, B. Gassend, M. Van Dijk, and S. Devadas. AEGIS: architecture for tamper-evident and tamper-resistant processing. In Proc. Supercomputing, 2003.

Digital Library

[60]

C. Tan, H. Li, Y. Xia, B. Zang, C.-K. Chu, and T. Li. Precrime to the rescue: defeating mobile malware one-step ahead. In Proceedings of 5th Asia-Pacific Workshop on Systems, page 5. ACM, 2014.

Digital Library

[61]

Y. Tang, P. Ames, S. Bhamidipati, A. Bijlani, R. Geambasu, and N. Sarda. Cleanos: Limiting mobile data exposure with idle eviction. In OSDI, 2012.

Digital Library

[62]

A. Vasudevan, J. McCune, N. Qu, L. Van Doorn, and A. Perrig. Requirements for an Integrity-Protected Hypervisor on the x86 Hardware Virtualized Architecture. In Proc. Trust and Trustworthy Computing, pages 141--165, 2010.

Digital Library

[63]

M. Y. C. Wei, L. M. Grupp, F. E. Spada, and S. Swanson. Reliably erasing data from flash-based solid state drives. In FAST, volume 11, pages 8--8, 2011.

Digital Library

[64]

Y. Xia, Y. Liu, and H. Chen. Architecture support for guest-transparent vm protection from untrusted hypervisor and physical attacks. In 2013 IEEE 19th International Symposium on High Performance Computer Architecture, HPCA'13., pages 246--257. IEEE, 2013.

Digital Library

[65]

Y. Xia, Y. Liu, H. Chen, and B. Zang. Cfimon: Detecting violation of control flow integrity using performance counters. In Proc. DSN, 2012.

Digital Library

[66]

N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in histar. In Proceedings of the 7th symposium on Operating systems design and implementation, pages 263--278. USENIX Association, 2006.

Digital Library

[67]

F. Zhang, J. Chen, H. Chen, and B. Zang. CloudVisor: Retrofitting Protection of Virtual Machines in Multi-tenant Cloud with Nested Virtualization. In Proc. SOSP, pages 203--216, 2011.

Digital Library

[68]

Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In IEEE Symposium on Security and Privacy, 2012.

Digital Library

[69]

W. Zhu, C.-L. Wang, and F. C. Lau. Jessica2: A distributed java virtual machine with transparent thread migration support. In Cluster Computing, pages 381--388. IEEE, 2002.

Digital Library

Cited By

Tang YQin ZLin ZLi YYi SXu FLi Q(2022)vTrust: Remotely Executing Mobile Apps Transparently With Local Untrusted OSIEEE Transactions on Computers10.1109/TC.2022.3152074(1-1)Online publication date: 2022
https://doi.org/10.1109/TC.2022.3152074
Derhab ABelaoued MGuerroumi MKhan F(2020)Two-Factor Mutual Authentication Offloading for Mobile Cloud ComputingIEEE Access10.1109/ACCESS.2020.29710248(28956-28969)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2971024
Guan LCao CZhu SLin JLiu PXia YLuo B(2019)Protecting mobile devices from physical memory attacks with targeted encryptionProceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3317549.3319721(34-44)Online publication date: 15-May-2019
https://dl.acm.org/doi/10.1145/3317549.3319721
Show More Cited By

Index Terms

TinMan: eliminating confidential mobile data exposure with security oriented offloading

Recommendations

TINMAN: A Resource Bound Security Checking System for Mobile Code
ESORICS '02: Proceedings of the 7th European Symposium on Research in Computer Security

Resource security pertains to the prevention of unauthorized usage of system resources that may not directly cause corruption or leakage of information. A common breach of resource security is the class of attacks called DoS (Denial of Service) attacks. ...
Detecting Insider Theft of Trade Secrets

Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if ...
D-ward: source-end defense against distributed denial-of-service attacks

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

EuroSys '15: Proceedings of the Tenth European Conference on Computer Systems

April 2015

503 pages

ISBN:9781450332385

DOI:10.1145/2741948

General Chair:
Laurent Réveillère
LaBRI, University of Bordeaux, France
,
Program Chairs:
Tim Harris
Oracle Labs, UK
,
Maurice Herlihy
Brown University

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 April 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

EuroSys '15

Sponsor:

SIGOPS

EuroSys '15: Tenth EuroSys Conference 2015

April 21 - 24, 2015

Bordeaux, France

Acceptance Rates

Overall Acceptance Rate 241 of 1,308 submissions, 18%

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
660
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Tang YQin ZLin ZLi YYi SXu FLi Q(2022)vTrust: Remotely Executing Mobile Apps Transparently With Local Untrusted OSIEEE Transactions on Computers10.1109/TC.2022.3152074(1-1)Online publication date: 2022
https://doi.org/10.1109/TC.2022.3152074
Derhab ABelaoued MGuerroumi MKhan F(2020)Two-Factor Mutual Authentication Offloading for Mobile Cloud ComputingIEEE Access10.1109/ACCESS.2020.29710248(28956-28969)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2971024
Guan LCao CZhu SLin JLiu PXia YLuo B(2019)Protecting mobile devices from physical memory attacks with targeted encryptionProceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3317549.3319721(34-44)Online publication date: 15-May-2019
https://dl.acm.org/doi/10.1145/3317549.3319721
Xu MQian FMei QHuang KLiu X(2018)DeepTypeProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/32870752:4(1-26)Online publication date: 27-Dec-2018
https://dl.acm.org/doi/10.1145/3287075
Ying KAhlawat AAlsharifi BJiang YThavai PDu W(2018)TruZ-DroidProceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services10.1145/3210240.3210338(14-27)Online publication date: 10-Jun-2018
https://dl.acm.org/doi/10.1145/3210240.3210338
Liu YDu DXia YChen HZang BLiang Z(2018)SplitPass: A Mutually Distrusting Two-Party Password ManagerJournal of Computer Science and Technology10.1007/s11390-018-1810-y33:1(98-115)Online publication date: 26-Jan-2018
https://doi.org/10.1007/s11390-018-1810-y
Liu XYao YQian FZhang MAshok A(2017)Rethink Phone-Wearable Collaboration From the Networking PerspectiveProceedings of the 2017 Workshop on Wearable Systems and Applications10.1145/3089351.3089356(47-52)Online publication date: 19-Jun-2017
https://dl.acm.org/doi/10.1145/3089351.3089356
Mollah MAzad MVasilakos A(2017)Security and privacy challenges in mobile cloud computingJournal of Network and Computer Applications10.1016/j.jnca.2017.02.00184:C(38-54)Online publication date: 15-Apr-2017
https://dl.acm.org/doi/10.1016/j.jnca.2017.02.001
Galibus TDe B. Vieira TFreitas EO. Albuquerque RC. L Da Costa JT. De Sousa Júnior RKrasnoproshin VZaleski AVissia HGaldo G(2017)Offline Mode for Corporate Mobile Client Security ArchitectureMobile Networks and Applications10.1007/s11036-017-0839-422:4(743-759)Online publication date: 1-Aug-2017
https://dl.acm.org/doi/10.1007/s11036-017-0839-4
Sayler AAndrews TMonaco MGrunwald D(2016)TutamenProceedings of the Seventh ACM Symposium on Cloud Computing10.1145/2987550.2987581(251-264)Online publication date: 5-Oct-2016
https://dl.acm.org/doi/10.1145/2987550.2987581
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten