A Secure Storage System for Sensitive Data Protection Based on Mobile Virtualization

Abstract

Recently, the development of smart phones has been reported the number of security vulnerabilities. Although these smart phones have a concept of Sandbox for the security, sensitive personal information has been still exposed by internal data exchange or root privilege acquisition. In this paper, we propose a system framework for secure storage of sensitive data in smartphone. The system is divided into general domain (GD) and secure domain (SD) in mobile device utilizing domain separation technique of virtualization, and SD provides a secure execution environment to protect sensitive data and secure services. In addition, our system introduces the secure functions such as authentication/access control, and encryption/key management and secures filesystem to be run in SD and addresses a detailed secure filesystem as a key function for secure storage. Lastly, the experiments are conducted to measure the performance overhead imposed by security features in SD and by overall system with interdomain communication from GD to SD. These experiment results show suitability of our system and suggest applicability of various secure functions which can be applied in our secure storage system.