The Configuration-Assured Mobile Architecture (CAMA) project created a flexible system architecture for mobile devices to provide security in a variety of use cases.
In government, military, and industry, there is strong demand for access to mobile devices that are very similar to the best available commercial devices, and yet have strong guarantees about the behavior of the device in a particular security context. Unfortunately, commercial mobile platforms do not provide these kinds of guarantees for two primary reasons:
- The economic market drivers on mobile platforms have demanded functionality and flexibility rather than evaluation and security. Consequently, the program code for these platforms is too large, too complex, and too tightly coupled for effective security evaluation.
- A mobile platform may install many additional applications, each of which can be configured with a wide range of access to almost any aspect of the mobile device. The behavior and interaction of the full suite of available apps is impossible to constrain appropriately, or even fully predict.
To address this need, Galois has developed the Configuration-Assured Mobile Architecture (CAMA) under DoD contract.
In this effort, one or more Android software environments, each configured for its respective security and mission needs, are hosted on a virtualization platform on a single physical device. The Android environments access underlying hardware by way of a collection of trusted security components, each running in a separate virtualized environment. Some components provide multiplexed access to common devices such as the display, while others transparently encrypt and decrypt disk and network traffic. By using a component-oriented approach to security, it is possible to instantiate a CAMA system with a choice of COTS components.