Samsung provides for its Galaxy devices an enterprise mobile security solution Knox. Among the features, Knox offers Workspace that compartments the mobile device in two spaces: user space and Knox space. Of course, the Knox space is running in a TrustZone™ and executes only authenticated trusted applications. There is not much public information about the actual implementation of Knox.
Uri Kanonov and Avishai Wool have lifted a part of the veil by reverse engineering Knox 1.0. Their paper provides an interesting in-depth description of some secure mechanisms such a compartmentalization (based on SELinux) or encryption file system. They also disclose some vulnerabilities. The last section describes some enhancements available in Knox 2.3 as well as some remaining issues.
An interesting element of the paper is the list of lessons:
- Component reuse is welcome, provided a proper protection for the added attack surface.
- Protect the software code of secure components
- Validating the application authorized to run in the Trust Zone is key for security
- Hardware Root of Trust should be at the root of any secure container system
- Avoid resource sharing; it increases the attack surface.
- Check the integrity of the secure container periodically; only checking at boot time is insufficient.
If you want to learn more about Knox, this paper is a good reading.
Kanonov, Uri, and Avishai Wool. “Secure Containers in Android: The Samsung KNOX Case Study.” arXiv, May 27, 2016. http://arxiv.org/abs/1605.08567.