Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrates commonly used security mechanisms and techniques in mobile devices and allows a systematic comparison of different platforms. We analyze several mobile platforms using the model. In addition, this book explains hardware-security mechanisms typically present in a mobile device. We also discuss enterprise security extensions for mobile platforms and survey recent research in the area of mobile platform security. The objective of this book is to provide a comprehensive overview of the current status of mobile platform security for students, researchers, and practitioners.

This book constitutes the refereed proceedings of the 6th International Conference on Trust and Trustworthy Computing, TRUST 2013, held in London, UK, in June 2013. There is a technical and a socio-economic track. The full papers presented, 14 and 5 respectively, were carefully reviewed from 39 in the technical track and 14 in the socio-economic track. Also included are 5 abstracts describing ongoing research. On the technical track the papers deal with issues such as key management, hypervisor usage, information flow analysis, trust in network measurement, random number generators, case studies that evaluate trust-based methods in practice, simulation environments for trusted platform modules, trust in applications running on mobile devices, trust across platform. Papers on the socio-economic track investigated, how trust is managed and perceived in online environments, and how the disclosure of personal data is perceived; and some papers probed trust issues across generations of users and for groups with special needs.

Personal mobile devices like smartphones and tablets are ubiquitous. People use mobile devices for fun, for work, and for organizing and managing their lives, including their finances. This has become possible because over the past two decades, mobile phones evolved from closed platforms intended for voice calls and messaging to open platforms whose functionality can be extended in myriad ways by third party developers. Such wide-ranging scope of use also means widely different security and privacy requirements for those uses. As mobile platforms gradually opened, platform security mechanisms were incorporated into their architectures so that the security and privacy requirements of all stakeholders could be met. The time is therefore right to take a new look at mobile platform security, which is the intent of this monograph.The monograph is divided into four parts: firstly, the authors look at the how and why of mobile platform security, and this is followed by a discussion on vulnerabilities and attacks. The monograph concludes by looking forward and discussing emerging research that explores ways of dealing with hardware compromise, and building blocks for the next generation of hardware platform security. The authors have intended to provide a broad overview of the current state of practice and a glimpse of possible research directions that can be of use to practitioners, decision makers, and researchers. The focus of this monograph is on hardware platform security in mobile devices. Other forms of Security, such as OS Security, are briefly covered, but from the perspective of motivating hardware platform security. Also, specific high-level attacks such as jail-breaking or rooting are not covered, though the basic attacks described in Part III can, and often are, used as stepping stones for these high-level attacks.