상세정보
학술지
SecureDom: Secure Mobile-sensitive Information Protection with Domain Separation
- 발행일
- 201607
- 출처
- Journal of Supercomputing, v.72 no.7, pp.2682-2702
- ISSN
- 0920-8542
- 출판사
- Springer
- 협약과제
- 16MH3100, 모바일 단말의 비인가 접근 차단 및 안전한 운영환경 보장을 위한 EAL 4급 군사용 융합 보안 솔루션 개발, 김정녀
- 초록
- The virtualization techniques are receiving more attention lately in mobile device security. In this study, we present SecureDom which is the device security of data-centric that aims to protect private, enterprise or sensitive data from various attacks and threats. To achieve it, we provide the mobile device security platform based on domain separation and suggests three essential secure functions which should be offered for secure domain: authentication/access control (AAC) module, secure storage (STR) module and encryption/key management (EKM) module. In secure functions, the AAC module applies two-factor authentication by user and app to access SD, the STR module introduces the enhanced abilities of secure filesystem and EKM module is in charge of security algorithms for data encryption, integrity validation or key generation. Here, EKM module can utilize the existing encryption module that is certified by cryptographic validation program. In the experiment, it demonstrates that some notable overheads are caused in the performance of virtualization engine and inter-domain communication (IDC) performance based on hypervisor, while it provides the strong isolation in domain, IDC, filesystem and resource and the separation of processes.
- KSP 제안 키워드
- Data-centric, Domain separation, Encryption module, Inter-domain communication, Key generation, Key management, Mobile device security, Security algorithms, Security of data, Sensitive Data, Sensitive information