V. DISCUSSION
In this area, we re-visit our program style and performance for possible developments. First, the present utilization design of AirBag is to individual untrusted applications when they are being set up. While it accomplishes our style objectives, it can still be enhanced with a Lenovo P780 cellphone exclusive ability to dynamically move applications between local and AirBag-confined playback surroundings. For example, customers may want to try the new functions of recently launched applications in the AirBag without impacting the local atmosphere but “move” it to the local playback atmosphere when the app is regarded secure and constant. However, when an app is revealed to have harmful actions (e.g., texting in the background), customers can still use the app by restricting its abilities within the AirBag. Obviously, one remedy will be basically removing the app in one playback and then re-install it in another playback. However, it will reduce all inner declares gathered from past set up. A JIAYU G4S cellphone better remedy might vibrant move it from one to another. This is possible as both playback surroundings discuss the same reliable OS kernel, though in different namespaces. Possible difficulties however may consist of managing reliant collections that may be unreliable in different runtimes as well as other currently communicating applications in the past namespace.
Second, to confine untrusted app performance, our design disallows confined applications to connect with other genuine applications and support daemons operating on the local playback and the other way around. Consequently, various program activities are separated at the AirBag border. In other terms, when there is an inbound SMS or Lenovo P780 telephone contact on the local playback, such a meeting will not be spread to the AIR playback, which will impact certain performance of untrusted applications. Also, automated up-dates on AirBag-confined applications may also crack because of the present AirBag confinement. While an user-friendly remedy is to allow these activities to combination the AirBag border, it may however crack the solitude AirBag is developed to implement. From another viewpoint, we are inspired to discover a multiple strategy, which might be perfect in precisely whitelisting certain activities to successfully go through (so that we can assistance genuine function needs such as automated updates) without needlessly limiting AirBag solitude. However, if AirBag is configured to refuse all authorizations, our program could be regarded to be changed by a JIAYU G4S phonecustomized Android operating system program. However, with our program, customers can still run applications normally in the local playback on the same cellular cellphone which cannot be obtained by personalized Android operating system techniques.
Third, our present design is still restricted in assisting one individual AirBag example and several untrusted applications will need to run within the same example. This results in issues when all applications are set up as untrusted. In particular, AirBag does not offer inter-app solitude within itself. Normally, we can enhance the scalability of AirBag by dynamically provisioning several AirBag circumstances with one for each untrusted app. It does increase complicated specifications for more efficient and light and portable AIRs. Observe that our AirBag filesystem already created use of copy-on-write to keep all the up-dates in a individual information file, which should be scalable to several AirBag circumstances. However, context-aware system virtualization needs extra storage to be arranged (e.g., for sleek framebuffer assistance – Section III-B). It continues to be an exciting task and we strategy to discover possible alternatives in our upcoming perform (e.g., by utilizing components virtualization assistance in newest ARM processors).
Fourth, as an OS-level kernel expansion, our strategy needs upgrading the Lenovo P780 cellphone OS picture for the enhanced security against cellular viruses disease. While this may be an hurdle for its implementation, we claim that our program does not need strong modifications in JIAYU G4S cellphone OS kernel. Actually, our kernel spot has less than 2K collections of resource rule and most of them are relevant to general Linux system motorists, not linked with specific components gadgets in different Lenovo P780 cellphone designs. Furthermore, we can enhance the mobility of our program by applying a individual loadable kernel component that can be ideally downloadable and set up.
Fifth, for convenience, our present design does not offer the same playback atmosphere as the exclusive one. Because of that, a harmful app can probably identify the lifestyle of AirBag and prevent releasing their harmful actions. Actually, as an OS-level virtualization remedy, our program stocks with other virtualization techniques [43], [19], [35], [40], [49] by probably revealing virtualization-specific relics or foot prints. Observe that with the ability of randomly modifying the separated playback atmosphere (AIR), we are able to further enhance the fidelity of AirBag playback and create it more complicated to be fingerprinted. However, this scenario could cause to another circular of “arms competition.” From another viewpoint, if a cellular viruses efforts to prevent releasing its strikes in a virtualized atmosphere, our program does accomplish the developed objective by combating or stopping its disease.
Last but not least, with a decoupled app solitude playback to transparently assistance untrusted applications, AirBag reveals up new possibilities that are not formerly possible. For example, our present profiling method generally gathers logcat outcome as well as various syscalls from AirBag. However, it does not need to be restricted in primary log selection. For example, latest growth on exclusive device more self examination [35], [40], [29], [36], [56] can be used in AirBag to accomplish better more self examination and tracking abilities. Moreover, it also provides better methods to incorporate with present cellular anti-virus application so that they can effectively observe playback actions without being restricted in only statically checking untrusted applications.
No comments:
Post a Comment