Mobile phone application virtualization and compartmentalization

In this work package, we will follow up on previous theoretical work on virtualization on the ARM processor platform and extend hypervisor and main operating system support towards application virtualization with low maintenance effort and tolerable performance penalty. This requires theoretical work on operating system virtualization as well as practical integration with existing mobile phone platforms such as Android for prototyping on off-the-shelf devices. Research in this work package will be focused both on the hardware and on the operating system layer to integrate both into a coherent application virtualization system.

Visualization of security zones

We studied the concept of 'security zones' as an intermediate layer of compartmentalization on mobile devices. Each of these security zones is isolated against the other zones and holds a different set of applications and associated user data and may apply different security policies. As motivating examples for applications with different security/usability requirements, we use mobile banking, accessing sensitive company email, and mobile gaming.

From a user point of view, interacting with such zones requires both that users are, at any time, aware of the zone they are interacting with – i.e. a visualization method to indicate the active zone – and to actively switch between zones – i.e. a switching mechanism. We proposed and compared multiple such visualization and interaction mechanisms in terms of zone distinguishability, error rate, cognitive overhead, satisfaction, and time spent in the context of our motivating examples. We implemented four different visualization methods (three in software, one with additional hardware) and four different interaction methods (two different gesture-based approaches, selection via lock screen, and hardware switch) and present the results of three iterative user studies. Our results – published in the widely read Pervasive and Ubiquitous Computing journal – imply that additional hardware can provide usable zone awareness and switching, and is thus a promising candidate for further investigations. A presentation of the proposed visualization and switching mechanisms is available on YouTube.