Delivering secure applications on commercial mobile devices: the case for bare metal hypervisors

Abstract

A problem faced by security sensitive mobile applications is assurance of correct execution on a commercial device. Prior approaches typically address this problem by assuming a trusted operating system (OS) as part of their trusted computing base (TCB). However, the vast amount of privileged code running in a typical mobile OS makes the presence of system vulnerabilities inevitable. As an alternative, we recommend the use of a bare metal hypervisor, which typically consists of orders of magnitude fewer lines of code than a full OS. This makes formal verification practical. Thus bare metal hypervisors are much more suitable for the basis of a TCB. We shall present a bare metal hypervisor-based architecture that enables trusted apps on mobile devices to be protected despite: OS compromise, malicious applications, and the inability of the end user to distinguish between trusted and untrusted apps.