Demonstrating the Effectiveness of MOSES for Separation of Execution Modes


In this paper, we describe a demo of a light virtualisation solution for Android phones. We named our solution MOSES (MOde-of-uses SEcurity Separation). MOSES is a policy-based framework for enforcing software isolation of applications and data. In MOSES, it is possible to define distinct security profiles within a single smartphone. Each security profile is associated with a set of policies that control the access to applications and data. One of the main characteristics of MOSES is the dynamic switching from one security profile to another. Each profile is associated with a context as well. Through the smartphones sensors, MOSES is able to detect changes in context and to dynamically switch to the security profile associated with the current context. Our current implementation of MOSES shows minimal overhead compared to standard Android in terms of latencies and battery consumption.

Proceedings of the ACM Conference on Computer and Communications Security