We are now in the post-PC era, yet our mobile devices are insecure. We consider the different stake-holders in today’s mobile device ecosystem, and analyze why widely-deployed hardware security primitives on mobile device platforms are inaccessible to application developers and end-users. We systematize existing proposals for leveraging such primitives, and show that they can indeed strengthen the security properties available to applications and users, all without reducing the properties currently enjoyed by OEMs and network carriers. We also highlight shortcomings of existing proposals and make recommendations for future research that may yield practical, deployable results. 1

Language English Article dissertation (summary + original articles) Traditional credential solutions have well-known drawbacks. Purely software-based credentials are vulnerable to many attacks, while hardware-based security tokens and smart cards are expensive to deploy and, due to their typical single-purpose nature, force users to carry multiple hardware credentials with them. Recently, general-purpose security elements and architectures have started to become widely available on many commodity devices. On mobile devices, ARM TrustZone is a widely adopted security architecture. Such trusted execution environments enable realization of credentials that combine the flexibility of

Abstract. TLA + is a specification language based on standard set theory and temporal logic that has constructs for hierarchical proofs. We describe how to write TLA + proofs and check them with TLAPS, the TLA + Proof System. We use Peterson’s mutual exclusion algorithm as a simple example and show how TLAPS and the Toolbox (an IDE for TLA +) help users to manage large, complex proofs. 1

This paper presents Pasture, a secure messaging and logging library that enables rich mobile experiences by providing secure offline data access. Without trusting users, applications, operating systems, or hypervisors, Pasture leverages commodity trusted hardware to provide two important safety properties: accessundeniability (a user cannot deny any offline data access obtained by his device without failing an audit) and verifiable-revocation (a user who generates a verifiable proof of revocation of unaccessed data can never access that data in the future). For practical viability, Pasture moves costly trusted hardware operations from common data access actions to uncommon recovery and checkpoint actions. We used Pasture to augment three applications with secure offline data access to provide high availability, rich functionality, and improved consistency. Our evaluation suggests that Pasture overheads are acceptable for these applications. 1