Today's mobile OSes, such as Android, mismanage sensitive data in a variety of ways, placing it at great risk in face of physical or software attacks. For example, OSes accumulate significant amounts of sensitive data in cleartext memory; file systems retain deleted files by not purging their contents; and applications cache sensitive data indefinitely in memory for performance or convenience. CleanOS is a new mobile operating system designed to manage sensitive data rigorously and maintain a clean environment at any point in time. CleanOS introduces a new abstraction, called a sensitive data object (SDO), which tracks sensitive data in RAM and on disk and automatically encrypts it if it's not used for a period of time.
Related Publications
CleanOS: Limiting Mobile Data Exposure with Idle Eviction
Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI'12), October 2012
Keypad: An Auditing File System for Theft-prone Devices
Proceedings of the European Conference on Computer Systems ({EuroSys}), April 2011