Personal mobile devices like smartphones and tablets are ubiquitous. People use mobile devices for fun, for work, and for organizing and managing their lives, including their finances. This has become possible because over the past two decades, mobile phones evolved from closed platforms intended for voice calls and messaging to open platforms whose functionality can be extended in myriad ways by third party developers. Such wide-ranging scope of use also means widely different security and privacy requirements for those uses. As mobile platforms gradually opened, platform security mechanisms were incorporated into their architectures so that the security and privacy requirements of all stakeholders could be met. The time is therefore right to take a new look at mobile platform security, which is the intent of this monograph. The monograph is divided into four parts: firstly, the authors look at the how and why of mobile platform security, and this is followed by a discussion on vulnerabilities and attacks. The monograph concludes by looking forward and discussing emerging research that explores ways of dealing with hardware compromise, and building blocks for the next generation of hardware platform security. The authors have intended to provide a broad overview of the current state of practice and a glimpse of possible research directions that can be of use to practitioners, decision makers, and researchers. The focus of this monograph is on hardware platform security in mobile devices. Other forms of Security, such as OS Security, are briefly covered, but from the perspective of motivating hardware platform security. Also, specific high-level attacks such as jail-breaking or rooting are not covered, though the basic attacks described in Part III can, and often are, used as stepping stones for these high-level attacks.

Spécifications