This brief considers the various stakeholders in today's mobile device ecosystem, and analyzes why widely-deployed hardware security primitives on mobile device platforms are inaccessible to application developers and end-users. Existing proposals are also evaluated for leveraging such primitives, and proves that they can indeed strengthen the security properties available to applications and users, without reducing the properties currently enjoyed by OEMs and network carriers. Finally, this brief makes recommendations for future research that may yield practical and deployable results.
Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrates commonly used security mechanisms and techniques in mobile devices and allows a systematic comparison of different platforms. We analyze several mobile platforms using the model. In addition, this book explains hardware-security mechanisms typically present in a mobile device. We also discuss enterprise security extensions for mobile platforms and survey recent research in the area of mobile platform security. The objective of this book is to provide a comprehensive overview of the current status of mobile platform security for students, researchers, and practitioners. Table of Contents: Preface / Introduction / Platform Security Model / Mobile Platforms / Platform Comparison / Mobile Hardware Security / Enterprise Security Extensions / Platform Security Research / Conclusions / Bibliography / Authors' Biographies
"This book is a must have resource guide for anyone who wants to ... implement TXT within their environments. I wish we had this guide when our engineering teams were implementing TXT on our solution platforms!” John McAuley,EMC Corporation "This book details innovative technology that provides significant benefit to both the cloud consumer and the cloud provider when working to meet the ever increasing requirements of trust and control in the cloud.” Alex Rodriguez, Expedient Data Centers "This book is an invaluable reference for understanding enhanced server security, and how to deploy and leverage computing environment trust to reduce supply chain risk.” Pete Nicoletti. Virtustream Inc. Intel® Trusted Execution Technology (Intel TXT) is a new security technology that started appearing on Intel server platforms in 2010. This book explains Intel Trusted Execution Technology for Servers, its purpose, application, advantages, and limitations. This book guides the server administrator / datacenter manager in enabling the technology as well as establishing a launch control policy that he can use to customize the server’s boot process to fit the datacenter’s requirements. This book explains how the OS (typically a Virtual Machine Monitor or Hypervisor) and supporting software can build on the secure facilities afforded by Intel TXT to provide additional security features and functions. It provides examples how the datacenter can create and use trusted pools. With a foreword from Albert Caballero, the CTO at Trapezoid.
This book constitutes the refereed proceedings of the 5th International Conference on Trust and Trustworthy Computing, TRUST 2012, held in Vienna, Austria, in June 2012. The 19 revised full papers presented were carefully reviewed and selected from 48 submissions. The papers are organized in two tracks: a technical track with topics ranging from trusted computing and mobile devices to applied cryptography and physically unclonable functions, and a socio-economic track focusing on the emerging field of usable security.
The objective of this edited book is to gather best practices in the development and management of mobile apps projects. Mobile Apps Engineering aims to provide software engineering lecturers, students and researchers of mobile computing a starting point for developing successful mobile apps. To achieve these objectives, the book’s contributors emphasize the essential concepts of the field, such as apps design, testing and security, with the intention of offering a compact, self-contained book which shall stimulate further research interest in the topic. The editors hope and believe that their efforts in bringing this book together can make mobile apps engineering an independent discipline inspired by traditional software engineering, but taking into account the new challenges posed by mobile computing.
The book summarizes key concepts and theories in trusted computing, e.g., TPM, TCM, mobile modules, chain of trust, trusted software stack etc, and discusses the configuration of trusted platforms and network connections. It also emphasizes the application of such technologies in practice, extending readers from computer science and information science researchers to industrial engineers.
This book constitutes the refereed proceedings of the 11th International Conference on Digital Forensics and Cyber Crime, ICDF2C 2020, held in Boston, MA, in October 2020. Due to COVID-19 pandemic the conference was held virtually. The 11 reviewed full papers and 4 short papers were selected from 35 submissions and are grouped in topical sections on digital forensics; cyber-physical system Forensics; event reconstruction in digital forensics; emerging topics in forensics; cybersecurity and digital forensics.
This book constitutes the refereed proceedings of the 8th International Conference on Trust and Trustworthy Computing, TRUST 2015, held in Heraklion, Crete, Greece, in August 2015. The 15 full papers and 3 short papers presented in this volume were carefully reviewed and selected from 42 submissions. They were organized in topical sections named: hardware-enhanced trusted execution; trust and users; trusted systems and services; trust and privacy; and building blocks for trust. There are 7 two-page abstracts of poster papers included in the back matter of the volume.
Investigate, analyze, and report iOS, Android, and Windows devices Key Features Get hands-on experience in performing simple to complex mobile forensics techniques. Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums. A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats. Book Description Covering up-to-date mobile platforms, this book will focuses on teaching you the most recent techniques for investigating mobile devices. We delve mobile forensics techniques in iOS 9-11, Android 7-8 devices, and Windows 10. We will demonstrate the latest open source and commercial mobile forensics tools, enabling you to analyze and retrieve data effectively. You will learn how to introspect and retrieve data from the cloud, and document and prepare reports of your investigations. By the end of this book, you will have mastered the current operating systems and the relevant techniques to recover data from mobile devices by leveraging open source solutions. What you will learn Discover the new techniques in practical mobile forensics Understand the architecture and security mechanisms present in iOS and Android platforms Identify sensitive files on the iOS and Android platforms Set up a forensic environment Extract data from the iOS and Android platforms Recover data on the iOS and Android platforms Understand the forensics of Windows devices Explore various third-party application techniques and data recovery techniques Who this book is for If you are a forensics professional and are eager to widen your forensics skill set to mobile forensics then, this book is for you. Some understanding of digital forensics practices would do wonders.
