High-Level Operating System (HLOS) system images on production mobile devices require means for protecting the integrity of the system image. The system image includes system libraries and other files used by the HLOS that, if altered or corrupted, could result in the device malfunctioning or performing unintended/unauthorized actions. HLOS system images are typically ˜5 GB on a production mobile device, and the means for protecting these images need to take into account resource constraints of the mobile device, such as memory, power, and hardware resources when implementing a protection a system image protection scheme.
Conventional solutions do not provide the level of configurability and flexibility to address the different types of content included in the system image that may need to be protected and the ability to configure an appropriate level of response when changes various types of content are identified. For example, one conventional solution offered on Android devices is “dm-verity” which provides block-based protection to all content included in the system image stored on the storage device of the mobile device. The dm-verity application builds a hash tree of all of the blocks of the system image, and checks blocks as they are accessed to determine whether they have changed by comparing their hashed content to the contents of the hast tree. An exception can be raised when a particular block of data has been changed. However, this approach is often overkill as the system image can include non-critical files, such as ringtones or other media content that, if altered, should not result in a catastrophic error. Furthermore, generating the hash tree requires significant resources. Other conventional solutions, such as Integrity Management Architecture (IMA) provide file-based protection that provides for remote attesting of file content and for local attesting of file contents by storing a hash of the file in the inode attributes of the file. But, storing this information in the inodes also requires a solution like the Linux Extended Verification Module (EVM) that validates security-sensitive extended attributes before allowing operations on files.
The conventional solutions also are limited in that they provide the same level of protection and resultant behavior from the integrity check for all types of content.