The ideal mobile operating system should have separated personal and consumer environments to prevent applications from talking to each other.
Speaking at the Information Security Solutions Europe (ISSE) Conference in Brussels, Stephan Heuser, research assistant, Fraunhofer Institute SIT, said that companies want their employees to have one device that will allow access to secure email, applications and calendar, as well as have a private compartment for social networking and games that the employee wants to use.
He said: “A secure smartphone environment should deny the right to users to upload applications on corporate devices but they will find a way so it poses a security risk. We talk to a large number of companies and they ideally want an architecture that is hardware independent, supports a bring your own device (BYOD) strategy to bring a smartphone to a company, and has hardware installed and architecture that is as far as possible removed from hardware vendors.
“You also want to select software with an enterprise application market, low battery usage and high performance and that protects you against malware. You also need an architecture which is flexible to be extensible to the needs of the company or consumer who uses it. You don't want 'security by obscurity', you want context awareness of a device.”
Heuser said that after deliberating over the ideal solution, its concept was around 'goals of isolation', with private and business domains that should not be able to access data from the other domain.
“You don't want illegal communication between the domains of the operating system, but defined channels that allow you to exchange information and have an operating system that protects against runtime attacks,” he said. “Finally make sure the device is not infected by malware so it does not compromise the company network it is connected to.”
He also said that some approaches use virtualisation, type two hypervisors or a kernel level isolation solution, but with the latter it was 'hard to build environments'.
For its own solution, Heuser said that it has worked with mandatory access control, and said not to rely on standard access control, but apply your own policies and label apps as belonging to one solution or another. “You can tag anything and deny/allow access when data moves from one domain and filter out what is moving from domain to domain. Rely on security extensions of Linux kernel underneath,” he said.
“The nice thing about this architecture is it is easy for us to determine information flows and privacy, but not the other way around.”