Field
The present invention is related to mobile device security. More particularly, the present invention is in the technical field of distributed policy enforcement in mobile communications devices.
Description of the Related Art
Software and data related security of current devices, especially mobile devices, rely on a variety of features including virtual machines, inter-process communication, package managers, mobile device management systems, touch screen software components, shared memory, relational databases, device configuration signature checking, specialized debugging interfaces (e.g. Android Debug Bridge, and the like), trusted daemon processes, and the like. In an example, Android mobile devices use checks on inter-process communication to determine if an application should gain access to a particular system resource, such as the user's contact list. Virtual machine security checks, such as determining whether or not a specific native library should be loaded, are also employed.
A key challenge with mobile devices is that it is difficult to ensure the integrity of the very software that is relied upon to provide security (e.g. virtual machine, device I/O, inter-process communication, specialized debugging interfaces, and other components). A need exists for systems that provide security, such as by enforcing data provenance, protecting against malware and enforcing security policies via inter-process communications mechanisms.