| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | January 29, 2013 |
| Latest Amendment Date: | February 2, 2017 |
| Award Number: | 1253346 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
Nina Amla
namla@nsf.gov (703)292-7991 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | February 1, 2013 |
| End Date: | January 31, 2019 (Estimated) |
| Total Intended Award Amount: | $400,000.00 |
| Total Awarded Amount to Date: | $400,000.00 |
| Funds Obligated to Date: |
FY 2014 = $77,379.00 FY 2015 = $80,124.00 FY 2016 = $83,032.00 FY 2017 = $84,682.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
2601 WOLF VILLAGE WAY RALEIGH NC US 27695-0001 (919)515-2444 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
890 Oval Dr. Raleigh NC US 27695-8206 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01001314DB NSF RESEARCH & RELATED ACTIVIT 01001516DB NSF RESEARCH & RELATED ACTIVIT 01001718DB NSF RESEARCH & RELATED ACTIVIT 01001415DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
The security architecture of consumer operating systems is currently undergoing a fundamental change. In platforms such as Android, iOS, and Windows 8, each application is a separate security principal that can own data. While this distinction is a vast improvement over traditional user-focused security architectures, sharing data between applications results in an unexpected loss of control of that data, potentially exposing security and privacy sensitive information. This research improves the security of these modern consumer operating systems by providing a holistic view of data protection. In particular, this work proposes a new operating system abstraction for transparently tracking and controlling access to all data, allowing policy to determine if a reader is given the true value, a fake or modified value, or no value at all. To efficiently and practically accomplish this goal, this work combines several existing and new techniques to track and control access to data. The new abstraction provided by this work not only solves a significant problem affecting modern consumer operating systems by enabling applications to retain pervasive control over their data, but also more broadly provides a new abstraction on which a variety of new security solutions can be built.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Intellectual Merit: The focus of this award was to study the fundamental changes to access control that have emerged in modern computing platforms such as Android and iOS, and to identify new opportunities to enhance data protections for end users.
The past decade witnessed a fundamental change in how operating systems define access control to protect end users from malicious and undesired behavior by software. When Android and iOS emerged in the late '00s, they rescoped the most basic access control entity (called a security principal) from capturing all actions of a user to capturing only the actions of individual application. This change followed the advice of decades of research proposals and was viewed as a significant step forward for the security of commodity operating systems. However, the incorporation of this concept into a commodity platform used by millions of users subsequently unearthed an unforeseen challenge: how should the OS control sharing of data between a user's applications?
Our research conceptualized this challenge as the data intermediary problem, which captures the notion that whenever the user shares data from one application to another and to yet another, each receiving application must be completely trusted. This is not always desirable. For example, the user may wish for an application to only view a document and not send it off the device. As a solution, we turned to the classic concept of information flow control (IFC), and its recent variant, decentralized information flow control (DIFC). While IFC provides valuable flow-based access control semantics (e.g., control not just who can access data, but what can be done with the data once it is accessed), it has practical limitations that prevent its incorporation into commodity systems. Our research studied DIFC in the context of the Android platform. We proposed a novel DIFC policy logic tailored towards Android's runtime user interface workflow between application components. We further identified how Android's runtime itself is particularly amenable DIFC due to the way in which application logic is naturally partitioned. To make DIFC practical in Android, we proposed a novel label propagation model called lazy polyinstantiation, which spawns new instances of application components based on the runtime requirements.
While studying the access control designs of Android and iOS, we also built several tools to help validate the correctness of their access control policies and the enforcement of those policies. Our tools for Android studied both the underlying SEAndroid policy (which is based on SELinux, but re-written for Android), as well as the hard-coded checks within Android's core services. Our tools for iOS reverse engineered and formally modeled sandbox policies on iOS. These efforts identified many vulnerabilities that were reported to Google and Apple and have been fixed in subsequent releases of Android and iOS.
Broader Impact: The security of Android and iOS impacts billions of users worldwide. We have identified and reported many access control vulnerabilities in these platforms, which have been fixed in subsequent OS releases. PI Enck regularly interacted with the Raleigh Chapter of the Information Systems Security Association (ISSA), whose attendees typically include both security professionals and students attending technical schools such as Wake Technical Community College. These interactions included teaching multiple "Back-to-Basics" sessions on Android application programming and application security.
The work has also led to a number of open source tools and proposed enhancements to the Android platform. It has had a positive impact on graduate students at North Carolina State University, contributing to the research of five PhD students advised or co-advised by PI Enck. The advancements in mobile platforms and OS access control were also directly incorporated both undergraduate and graduate courses.
Last Modified: 04/25/2019
Modified by: William H Enck
Please report errors in award information by writing to: awardsearch@nsf.gov.
