An empirical performance and security evaluation of android container solutions

Abstract

Bring Your Own Device (BYOD) security is a concern for many companies' IT departments. Many corporations implement a “secure container” solution that provides full separation of work and personal data on mobile devices to mitigate the dangers brought by BYOD. In this paper, we perform an empirical comparison between two popular secure containers for Android: Samsung Knox and IBM MaaS360. We first conduct benchmark tests to compare these two containers. Then in order to quantitatively assess the security property of these containers, we propose a measurement method based on a simulating attack. Our experimental results show that performance of compute-intensive applications in the Knox container will be affected drastically compared with when they are running on the device (outside the container), while for memory-intensive applications, performance will not deteriorate much in Knox and MaaS360 containers. We also found that with an overhead of 3.3 ms (0.58%) in mean response time, Knox container can extend the mean time to security failure (MTTSF) by 109.6 min (878%). Within the MaaS360 container, the MTTSF is prolonged by 10.2 min (81.4%) but the response time is 3.3 ms (0.58%) longer per job than without containers.