Securing Smartphones: A μtCB Approach

Yossi Gilad*, Amir Herzberg, Ari Trachtenberg

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

2 Scopus citations


As mobile phones have evolved into smartphones, with complex operating systems running third-party software, they have become increasingly vulnerable to malicious applications (malware). The authors introduce a new design for mitigating malware attacks against smartphone users based on a small trusted computing base module, denoted μTCB. The μTCB manages sensitive data and sensors and provides core services to applications, independently of the operating system. The user invokes μTCB by pressing a simple secure attention key that validates physical possession of the device and authorizes a sensitive action. This approach protects private information even if the device is infected with malware. This article presents a proof-of-concept implementation of μTCB based on ARM's TrustZone, a secure execution environment increasingly found in smartphones. It also includes an evaluation of the implementation using simulations.

Original languageAmerican English
Article number6926719
Pages (from-to)72-79
Number of pages8
JournalIEEE Pervasive Computing
Issue number4
StatePublished - 1 Oct 2014
Externally publishedYes

Bibliographical note

Publisher Copyright:
© 2014 IEEE.


  • mobile
  • pervasive computing
  • security
  • security kernels; invasive software; smartphones; trusted physical interfaces


Dive into the research topics of 'Securing Smartphones: A μtCB Approach'. Together they form a unique fingerprint.

Cite this