Dissertation/Thesis Abstract

Assurance and Control over Sensitive Data on Personal Devices
by Lentz, Matthew, Ph.D., University of Maryland, College Park, 2020, 135; 28022585
Abstract (Summary)

Personal smart devices provide users with powerful capabilities for communication, productivity, health, education, and entertainment. Applications often operate over sensitive data related to the user: collecting and processing input data from sensors (e.g., fingerprint scans, location updates), or rendering output data to the user (e.g., displaying financial information). This sensitive data is the target of many attacks, which range from malicious applications to compromises of the platform software itself, which includes the operating system (OS) and privileged services. Today, users are ultimately unable to control or reason about how their sensitive data is processed, protected, or shared.

In this dissertation, I argue the following thesis: Introducing an enforcement layer between hardware and platform software can enable end-to-end secure applications while giving users fine-grained control over their devices. I support this thesis through the design, implementation, and evaluation of two different instantiations of such an enforcement layer: SeCloak and AIO. SeCloak focuses on addressing a single point in the policy space for giving control back to users: on/off control of peripherals (e.g., camera, microphone). SeCloak runs as a platform-agnostic layer that provides the abstraction of secure, virtual switches that the user can reliably configure. AIO introduces a new "accountable path" abstraction that enables constructing and reasoning about the end-to-end I/O stack between application endpoints and underlying hardware devices. Accountable paths allow for more expressive policies to be enforced over the software stack, which can be used to derive various assurances over the data (e.g., confidentiality, provenance). Principals can reason about the state of the system through attestations provided by AIO over (parts of) these paths. The guarantees provided by these enforcement layers hold regardless of the correctness of the rest of the platform software (including the OS).

Indexing (document details)
Advisor: Bhattacharjee, Bobby
Commitee: Druschel, Peter, Levin, David, Spring, Neil, Shayman, Mark
School: University of Maryland, College Park
Department: Computer Science
School Location: United States -- Maryland
Source: DAI-A 82/4(E), Dissertation Abstracts International
Source Type: DISSERTATION
Subjects: Computer science, Computer Engineering, Information science
Keywords: Sensitive data, Personal smart devices
Publication Number: 28022585
ISBN: 9798678176189
Copyright © 2021 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy
ProQuest