John Markey wrote:
in truth
there is no security without hw enforcement (like wintel), so it becomes
when does Android have securiity and can be trusted with valuable info
if we agree cloakware-like is not going to be strong enough... and the
open model is too risky
Not to start a religious war on this list, but hardware security is far
from a panacea. I'm not saying you suggested that, but comments such as
"there is no security without hw enforcement" should be taken with a
grain of salt. There is no such thing as perfect security; even hardware
has been known to be vulnerable. Defense in depth is often the best we
can do. Hardware security can be valuable, but for many threat models it
isn't required. Plus, it's rarely sufficient on its own.
at present to make apps run and have people have fun with new apps, with
a vail of trust, hope you can trust the source of the app
Does hardware security really help this? Current mechanisms, e.g., the
TPM, can only measure binary code representations. There is a difference
between something being "trusted" and "trustworthy". TPMs only let you
know you are running the same binary you expected to be running. You
still have to "trust the source of the app."
lets protect:
personal info (killer App #1 for security)
financial info, no one will put banking info on Android if they have
$$$, or will do special bank account with no money < 1k$, other...
You need to be very careful when designing a hardware security-based
architecture to protect these. In my mind, the better approach is to
protect personal and financial information with OS and application level
policies and mechanisms. Then, hardware security solutions such as TPMs
can be included as an additional layer of defense to ensure the OS and
policies have integrity. Just saying "this is the kernel and set of
applications we trust" is not enough if the kernel and set of
applications does not provide sufficient protection.
Corp IP (email, ... worth much more), if an IP company (like ....
can't allow an Android phone mobile device if no real security, hw enforced
is there a process to address this in Android, otherwise it is fun but
not...
Under that logic, so are other phone operating systems. Last time I
looked, Blackberry doesn't do any hardware security enforcement, so I
guess that means (according to your logic) it shouldn't be used by IP
companies.
That said, I hope academia and industry continue to investigate
techniques of applying hardware security to mobile phones. I encourage
you to submit architectural designs for peer review at academic venues.
Regards,
-Will
