| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 19, 2013 |
| Latest Amendment Date: | August 19, 2013 |
| Award Number: | 1318722 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Fen Zhao
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | September 1, 2013 |
| End Date: | August 31, 2017 (Estimated) |
| Total Intended Award Amount: | $488,744.00 |
| Total Awarded Amount to Date: | $488,744.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
1109 GEDDES AVE STE 3300 ANN ARBOR MI US 48109-1015 (734)763-6438 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
2260 Hayward Street Ann Arbor MI US 48109-2121 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Loss of personal data or leakage of corporate data via apps on mobile devices poses a significant risk to users. It can have both a huge personal and financial cost. This work is designing new novel techniques to help reduce the risks for end-users who use a single device for multiple spheres of activity. Getting security right when a single device is used for multiple spheres of activity is a major research challenge, with unforeseen information flows between various subsystems that are currently difficult to control. This project is developing mechanisms to better manage flows between apps on a mobile device so that users are able to compartmentalize different spheres of activity, such as work and personal use.
Broader impact: This research benefits both end-users who are concerned about the privacy of their data on mobile devices as well as businesses who wish to permit use of mobile devices for improving efficiency of their operations but are concerned about resulting security risks. Graduate and undergraduate students are trained in the area of security and privacy of information on mobile devices.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
A major goal of the project was to design mechanisms for protecting sensitive information on mobile devices.
Intellectual Merits: The work led to the (1) development of a sandboxing mechanism for applications on Android to reduce the risks of sensitive information leakage from privilege escalation attacks;(2) development of a robust user-interface mechanism to help users detect phishing attacks from malicious apps; (3) over-privilege analysis of software stacks for the emerging domain of Internet ofThings to help assess security and privacy risks; (4) development of a mechanism called FlowFence to prevent undesirable information flows in mobile and Internet of Things applications; and (5) development of an operating systems mechanism called Heimdall to improve the quality of recommendations in mobile apps, while limiting the security and privacy risks due to use of implicitly collected information such as user's GPS data. The results were disseminated through publications at top-tier academic security venues including UsenixSecurity Symposium, IEEE Symposium on Security and Privacy, and ACMMobiSys.
Broader Impacts: Applications on sensor-rich smartphones that interface with social networks and emerging Internet of Things systems can introduce significant security and privacy risks. This research helped identify and address some of those risks. The research grant supported the research of two Ph.D. graduates in the computer security area. Both students have interacted with research labs in industry and are planning to pursue academic careers to help educate future computer science students. The results from the research have been broadly disseminated via both research publications and ourgroup's web site. The results from research on security of Internet of Things applications has attracted attention in the press, helping to increase awareness of security and privacy considerations with the use of connected devices and emerging software stacks to manage them.
Last Modified: 11/26/2017
Modified by: Atul Prakash
Please report errors in award information by writing to: awardsearch@nsf.gov.
