This brief considers the various stakeholders in today's mobile device ecosystem, and analyzes why widely-deployed hardware security primitives on mobile device platforms are inaccessible to application developers and end-users. Existing proposals are also evaluated for leveraging such primitives, and proves that they can indeed strengthen the security properties available to applications and users, without reducing the properties currently enjoyed by OEMs and network carriers. Finally, this brief makes recommendations for future research that may yield practical and deployable results.
In June 2012, we presented a paper entitled Trustworthy Execution on Mobile
Devices: What Security Properties Can My Mobile Platform Give Me? at the 5th
International Conference on Trust and Trustworthy Computing [59]. Subsequently,
we were invited to expand our paper with the belief that given the increasing
importance of mobile device security, our review of the current state of the art on
trusted execution on mobile devices would be a great help to the security community,
particularly to graduate students. This inspired us to expand our original
paper into the form you see here. We hope that it will be of service to the security
and privacy community.