Modern mobile devices are able to run a wide range of thirdparty/service provider applications that provide users with a variety of attractive services. These applications have their own databases on the mobile device; user data pertaining to the application are stored there. The popularity comes with a price: attackers are interested in exploiting the weaknesses of the mobile systems to manipulate personal information of users via malicious code or malware. Another problem is that mobile devices are often stolen or misplaced and stored data, which users value more than the hardware, compromised. We propose a consolidated logging scheme that reflects all transactions performed on all databases of mobile applications. Only a part of this logis stored on the mobile device, thus addressing the conflict between space limitation in these devices and the space requirement of logging; yet, it is tamper-resistant and enables restoration of data through logging. We formalize our claims and explain how our scheme addresses some important problems created by malware and theft.
展开▼
