An Android Operating System Protection Based On ARM Hardware Virtualization And TrustZone Technology

With the rapid growth of smart phones and the population of commercial applications, security threats have spread from the traditional areas to the mobiles. Android as a major mobile operating systems become the main target of attack recently. Due to the openness of the Android system and its security flaws, user privacy data has leaked by malicious applications, as well as economic benefits to the user has been a great deal of threat. Currently, researchers from different perspective prevented malicious application attacks, and achieved good results. But with the Android kernel-level attack beginning, these attacks have greater security threat than Android malicious application. Traditional application protection method can’t effectively prevent kernel attacks. This work focuses on the Android kernel security and sensitive data protection.Using the advanced technologies of ARM processor include virtualization hardware supported and security extension of TrustZone, This thesis designs and implements a synthesis solution to protect sensitive data and Android kernel. The major work involved includes:A. Using ARM virtualization hardware supported, develop a lightweight hypervisor monitor to protect Android kernel from malwares. At the same time, implement a rootkit detecting method based on hypervisor which can detect the threat when the system miss the protection;B. Design and implement a specified micro-operating system which provides various security services and can be used to deal with accession of sensitive data;C. Based the specified secure domain operation system, extend the existing the APP framework of Android system, so that the applications can visit sensitive data and avoids the wiretapping and leakage of the data.The experiment result shows that this solution can effectively prevent the falsification of key objects within the kernel so as to protect the integrity of the system. Meanwhile, it can immediately detect rootkit threat of the kernel.Making use of TrustZone technology, it can protect the sensitive data; combining dual-system scheduler, it shortens the response time, expands existing application framework and ensure that application can visit sensitive data in a secure way.