As mobile phones have evolved into `smartphones', with complex operatingsystems running third- party software, they have become increasingly vulnerableto malicious applications (malware). We introduce a new design for mitigatingmalware attacks against smartphone users, based on a small trusted computingbase module, denoted uTCB. The uTCB manages sensitive data and sensors, andprovides core services to applications, independently of the operating system.The user invokes uTCB using a simple secure attention key, which is pressed inorder to validate physical possession of the device and authorize a sensitiveaction; this protects private information even if the device is infected withmalware. We present a proof-of-concept implementation of uTCB based on ARM'sTrustZone, a secure execution environment increasingly found in smartphones,and evaluate our implementation using simulations.
展开▼