Trustworthy Execution on Mobile Devices: What security properties can my mobile platform give me? (CMU-CyLab-11-023)

We are now in the post-PC era, yet our mobile devices are insecure. We consider the different stake-holders in today’s mobile device ecosystem, and analyze why widely-deployed hardware security primitives on mobile device platforms are inaccessible to application developers and end-users. We systematize existing proposals for leveraging such primitives, and show that they can indeed strengthen the security properties available to applications and users, all without reducing the properties currently enjoyed by OEMs and network carriers. We also highlight shortcomings of existing proposals and make recommendations for future research that may yield practical, deployable results.