Using Virtualization to Secure Mobile Device Designs

Mobile devices are increasingly coming under attack from malicious applications. As more complex operating systems (OS), such as Symbian, Windows Mobile, and Linux are used in handsets, providing security updates and identifying new vulnerabilities has become more complicated. Addition ally, frequent patching and rewriting of code to keep one step ahead of hackers undermines the utility and longevity of legacy software. What developers really need is an environment that is inherently safe from attack and provides the appropriate level of security for all code running in the target device. Secure, segregated areas for critical code must be combined with secure communications in order to provide protection for mobile devices.

System-Level Security

The most flexible way to secure mobile devices is to build a fully secure environment by incorporating an extension of virtualization technology into the functions of a hypervisor. This structure should be designed specifically for the performance and resource requirements of the embedded environment, building in security at the system level. The essential issue for embedded developers is achieving this while retaining the familiar OS and development tools, and without taking a significant hit to performance or system resources. This is vital for the designer of mobile devices where processor cycles, power and memory are all constrained.

Minimizing the “attack surface” of the code running on the underlying hardware in privileged mode is the first step for this system. The shorter the code, the fewer the bugs and the smaller the target. Ideally, a real-time microkernel running in privileged mode is used, using virtualization and hypervisor functions by taking exclusive control of the processor MMU. Then, system memory can be sectioned into segregated, secure cells where all other software runs in user mode.