| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | July 18, 2017 |
| Latest Amendment Date: | July 18, 2017 |
| Award Number: | 1718086 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Daniela Oliveira
doliveir@nsf.gov (703)292-0000 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | August 15, 2017 |
| End Date: | July 31, 2021 (Estimated) |
| Total Intended Award Amount: | $497,296.00 |
| Total Awarded Amount to Date: | $497,296.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
900 S CROUSE AVE SYRACUSE NY US 13244-4407 (315)443-2807 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
Syracuse NY US 13244-1200 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Mobile device security is critical to millions of users and mobile operating system vulnerabilities can lead to exposure of sensitive data (e.g., passwords, credit card numbers, medical data) or compromise of sensitive operations (e.g., banking transactions). This research project is working to answer the following question: If the device's operating system is compromised, is it still possible to protect user's sensitive data and operations? The researchers are using new hardware technology, "Trusted Execution Environments (TEEs)," to enable such protection.
Many new processors offer a TEE, which is isolated from the normal operating system (OS) environment. Code and data inside the TEE is protected even when the OS running in the normal environment is compromised. In the mobile computing environment, only apps provided by the mobile system vendors are typically able to make use of the TEE, as some of the app logic must be installed within the TEE. This research project is developing techniques to enable device-neutral integration of third party apps with mobile TEEs, focusing on (1) app interaction with the TEE user interface, and (2) TEE-assisted interaction between app and server. The research team is designing interaction logic to hide TEE-specific details within the mobile OS, enabling third party app developers to use the TEE capabilities transparently from the mobile OS interface. The team is also designing app-to-cloud-server attestation techniques, to allow a mobile app to prove that communication (e.g., email, HTTP requests, phone calls, or SMS messages) was initiated by the app on the mobile device and not spoofed by a compromised mobile OS. The researchers are building their own TEE-enabled Android smartphone to support the security features developed by the project.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Mobile device security is critical to millions of users and mobile operating system vulnerabilities can lead to exposure of sensitive data (e.g., passwords, credit card numbers, medical data) or compromise of sensitive operations (e.g., banking transactions). This research project is working to answer the following question: If the device's operating system is compromised, is it still possible to protect user's sensitive data and operations? The researchers are using new hardware technology, "Trusted Execution Environments (TEEs)," to enable such protection.
The main objective of this project is to integrate the TEE functionality in ARM processors with mobile operating systems, so normal-world apps can leverage the TEE functionalities. The project addresses two important aspects of the integration: app's interaction with the user interface (UI) inside TEE, and TEE-assisted interaction between app and server. The proposed work focuses on changing the operating system, so that the way apps interact with UI and server remains the same as before, even though the underlying interaction is quite different due to the involvement of TEE.
Several ideas have been proposed and implemented in this project. They mainly focus on the same theme: splitting the implementation of a particular system, so a small part of it (those depending on the TrustZone-protected information) is conducted inside the TrustZone, while the other part (the majority part) is still conducted inside the rich OS. Such splitting minimizes the size of the code added to the TrustZone, while still being transparent to applications. Several systems have been split in such a way, including the SSL library, the UI-interaction system, the GPS system, bar-code scanning system, voice-over-IP system, etc. The success of these split systems demonstrates the effectiveness and feasibility of the splitting idea. The idea can be generalized to other types of systems.
Testing the work on TrustZone has been very challenging. To solve this problem, we have developed a TrustZone emulator, and used it to conduct testing. This success of this emulator inspired us to look at other similar challenging settings, thinking about whether they can be emulated. That has led to our Internet Emulator idea, which is to develop an emulator for the Internet, so we can conduct activities, especially education-related activities, which are difficult, or even illegal, to conduct on the real Internet. This outcome has a potential impact in cybersecurity and networking education.
Last Modified: 11/06/2021
Modified by: Wenliang Du
Please report errors in award information by writing to: awardsearch@nsf.gov.
