Personal smart devices provide users with powerful capabilities for communication, productivity, health, education, and entertainment. Applications often operate over sensitive data related to the user: collecting and processing input data from sensors (e.g., fingerprint scans, location updates), or rendering output data to the user (e.g., displaying financial information). This sensitive data is the target of many attacks, which range from malicious applications to compromises of the platform software itself, which includes the operating system (OS) and privileged services. Today, users are ultimately unable to control or reason about how their sensitive data is processed, protected, or shared.
In this dissertation, I argue the following thesis: Introducing an enforcement layer between hardware and platform software can enable end-to-end secure applications while giving users fine-grained control over their devices. I support this thesis through the design, implementation, and evaluation of two different instantiations of such an enforcement layer: SeCloak and AIO. SeCloak focuses on addressing a single point in the policy space for giving control back to users: on/off control of peripherals (e.g., camera, microphone). SeCloak runs as a platform-agnostic layer that provides the abstraction of secure, virtual switches that the user can reliably configure. AIO introduces a new "accountable path" abstraction that enables constructing and reasoning about the end-to-end I/O stack between application endpoints and underlying hardware devices. Accountable paths allow for more expressive policies to be enforced over the software stack, which can be used to derive various assurances over the data (e.g., confidentiality, provenance). Principals can reason about the state of the system through attestations provided by AIO over (parts of) these paths. The guarantees provided by these enforcement layers hold regardless of the correctness of the rest of the platform software (including the OS).
|Commitee:||Druschel, Peter, Levin, David, Spring, Neil, Shayman, Mark|
|School:||University of Maryland, College Park|
|School Location:||United States -- Maryland|
|Source:||DAI-A 82/4(E), Dissertation Abstracts International|
|Subjects:||Computer science, Computer Engineering, Information science|
|Keywords:||Sensitive data, Personal smart devices|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be