This technical report presents a practical security architecture for Linux-based mobile platforms. The main development goals have been usability and the right balance between flexibility and size, as the result should be suitable for constrained mobile devices. We want to enforce the principle of least privilege for all programs, and fulfill this goal by applying mandatory access control (MAC) mechanisms for the system. We examine existing access control (AC) mechanisms, and conclude that they are either too complex for mobile devices or not flexible enough to provide a good level of management. Our architecture provides a clear security model for programmers and the flexibility for controlling the behavior of both trusted (system) programs as well as invalidated and potentially malicious programs. It also provides integrity control for programs and libraries. We present some performance figures for motivating the applicability of our architecture to contemporary PDAs and handsets. The original version in Russian of this technical report was presented and accepted as Elena Reshetova’s Ms. Thesis in the Saint-Petersburg University of Aerospace Instrumentation.
