Award Abstract # 1421824
TWC: Small: STRUCT: Enabling Secure and Trustworthy Compartments in Mobile Applications

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: THE RESEARCH FOUNDATION FOR THE STATE UNIVERSITY OF NEW YORK
Initial Amendment Date: August 18, 2014
Latest Amendment Date: December 18, 2014
Award Number: 1421824
Award Instrument: Standard Grant
Program Manager: Shannon Beck
CNS
 Division Of Computer and Network Systems
CSE
 Directorate for Computer and Information Science and Engineering
Start Date: September 1, 2014
End Date: November 30, 2017 (Estimated)
Total Intended Award Amount: $499,932.00
Total Awarded Amount to Date: $512,932.00
Funds Obligated to Date: FY 2014 = $226,867.00
FY 2015 = $0.00
History of Investigator:
  • Long Lu (Principal Investigator)
    l.lu@northeastern.edu
Recipient Sponsored Research Office: SUNY at Stony Brook
W5510 FRANKS MELVILLE MEMORIAL LIBRARY
STONY BROOK
NY  US  11794
(631)632-9949
Sponsor Congressional District: 01
Primary Place of Performance: SUNY at Stony Brook
Computer Science Department
Stony Brook
NY  US  11794-4400
Primary Place of Performance
Congressional District:
01
Unique Entity Identifier (UEI): M746VC6XMNH9
Parent UEI: M746VC6XMNH9
NSF Program(s): Special Projects - CNS,
Secure &Trustworthy Cyberspace
Primary Program Source: 01001516DB NSF RESEARCH & RELATED ACTIVIT
01001415DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 9178, 9251, 7923, 7434
Program Element Code(s): 171400, 806000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

Society's dependence on mobile technologies rapidly increases as we entrust mobile applications with more and more private information and capabilities. Existing security research follows a common threat model that treats apps as monolithic entities and only captures attack surface between apps. However, recent research reveals that app internal attacks are emerging quickly as complex entities with conflicting interests are commonly included inside a single app to allow for rich features and fast development.

This project, known as STRUCT, systematically investigates app compartmentalization as a novel and general approach to mitigating the critical yet unaddressed internal threats of apps. It applies this approach to major mobile platforms via solving four challenging and interesting research problems: (1) Deriving principles and models for designing intra-app security mechanisms; (2) Building compiler toolchains for automatically and securely compartmentalizing apps; (3) Building system-level enforcement mechanisms for open platforms; (4) Building app-level system-agnostic enforcement mechanisms for closed platforms. Solutions to these challenges together form a foundation to the design and implementation of intra-app security isolation and policy enforcement, which is currently nonexistent but in high demand.

STRUCT has its broader impact in fostering a new direction in mobile security research and education as well as increasing society's adoption of mobile technology in security-sensitive scenarios.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Yue Chen, Zhi Wang, David Whalley, Long Lu "Remix: On-demand Live Randomization" The 6th ACM Conference on Data and Application Security and Privacy (CODASPY '16) , 2016
Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu "Shreds: Fine-grained Execution Units with Private Memory" The 37th IEEE Symposium on Security and Privacy (S&P/Oakland'16) , 2016
Yaohui Chen, Dongli Zhang, Ruowen Wang, Ahmed Azab, Long Lu, Hayawardh Vijayakumar, Wenbo Shen "Norax: Enabling Execute-Only Memory for COTS Binaries on AArch64" Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P/Oakland'17) , 2017
Suwen Zhu, Long Lu, Kapil Singh "CASE: Comprehensive Application Security Enforcement on COTS Mobile Devices" The 14th International Conference on Mobile Systems, Applications, and Services (MobiSys '16) , 2015
Drew Davidson, Yaohui Chen, Franklin George, Long Lu, Somesh Jha "Secure Integration of Web Content and Applications on Commodity Mobile Operating Systems" Proceedings of the 12th ACM on Asia Conference on Computer and Communications Security (AsiaCCS'17). , 2017

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page