Nikkei Electronics Asia -- February 2007
Tech Features
Aplix Virtualizing Technology Boosts Mobile Phone Security

E-Mail Article
Tweet This
Digg This
Share this with friends on Facebook
Buzz Up!
Jan 26, 2007 15:53 Nikkei Electronics Asia
With mobile phones now increasingly being used to store data, mobile phone security has become a key issue. To address this, Aplix Corp of Japan has recently announced the user space virtual machine (USVM), a software execution environment which provides heightened security. USVM will initially be implemented in mobile phones, but it can also be applied to other types of equipment.
As middleware running on the operating system (OS), USVM serves to control access to hardware and other system resources, depending on the type of application that is running. Accessible system resources can be defined in detail, in accordance with communication carrier or handset manufacturer specifications, for example.

No Modifications Needed
Jun'ichi Monma, chief platform architect, Research & Development Div, handles USVM development at Aplix. He describes the new technology as offering "trivial implementation in existing environments." Security can also be improved by splitting processing between multiple central processing unit (CPU) cores using a multi-core microprocessor. According to Monma, "USVM can't achieve that level of security." Even so, he said, USVM doesn't require any modifications to hardware, OS or applications.
USVM analyzes the object code at application execution (see Fig). It extracts the kernel traps (where control is passed to the kernel), which are crucial in ensuring security, and uses dynamic compiling to rewrite the code to execute different processing, such as requesting authorization from the security manager. USVM needs to rewrite very little code, minimizing its impact on performance: "Only 1 to 2%, according to tests with benchmarking software," according to Monma. At present, a large number of mobile phones support ARM core object code.
It is also possible to improve security through software, such as Security-Enhanced Linux (SELinux), which has a security module added to the Linux kernel, or Symbian from Symbian Ltd of the UK. Compared to this method, said Aplix, USVM is a lot easier to maintain. When the security policy (defining, for example, which hardware can be accessed) needs to be changed, a secure OS requires changes at the kernel level, but because USVM operates in the user mode, explained Monma, "All you have to do is rewrite the policy file, which defines security rules. And that can be done via the wireless link."

Java, Native Apps
Aplix believes that USVM will also be able to manage system and other resources. When two applications need to use a sound source simultaneously, for example, USVM can resolve the problem by leaving the decision up to arbiter software.
Embedded equipment has resource restrictions that can make it difficult to provide debugging options and let users grasp operational dynamics themselves. USVM can be used to trap the system calls, however, and upload the log to a server for analysis.
It is also likely that USVM will make possible links between Java applications and native applications written in other languages. Existing mobile phones are unable to call native applications from Java, because once a native application is called it is unable to restrict access to system resources.
With USVM it will be possible to apply the same access policy to both Java applications and native applications. For example, suppose you have a native application calling a Java application, which in turn has a policy of only requiring access to the address book. It would be possible to apply the same access restrictions to the native application, and that would mean a significant improvement in ease of use.

by Takahiro Kikuchi