log in  |  register  |  feedback?  |  help  |  web accessibility
Logo
PhD Defense: Assurance and Control over Sensitive Data on Personal Devices
Matthew Lentz
Remote
Thursday, June 18, 2020, 1:00-3:00 pm Calendar
  • You are subscribed to this talk through .
  • You are watching this talk through .
  • You are subscribed to this talk. (unsubscribe, watch)
  • You are watching this talk. (unwatch, subscribe)
  • You are not subscribed to this talk. (watch, subscribe)
Abstract
Personal smart devices provide users with powerful capabilities for communication, productivity, health, education, and entertainment. Applications often operate over sensitive data related to the user: collecting and processing input data from sensors (e.g., fingerprint scans, location updates), or rendering output data to the user (e.g., displaying financial information). This sensitive data is the target of many attacks, which range from malicious applications to compromises of the platform software itself, which includes the operating system (OS) and privileged services. Today, users are ultimately unable to control or reason about how their sensitive data is processed, protected, or shared.

In this dissertation, I argue the following thesis: Introducing an enforcement layer between hardware and platform software can enable end-to-end secure applications while giving users fine-grained control over their devices. I support this thesis through the design, implementation, and evaluation of two different instantiations of such an enforcement layer: SeCloak and AIO. SeCloak focuses on addressing a single point in the policy space for giving control back to users: on/off control of peripherals (e.g., camera, microphone). SeCloak runs as a platform-agnostic layer that provides the abstraction of secure, virtual switches that the user can reliably configure. AIO introduces a new "accountable path" abstraction that enables constructing and reasoning about the end-to-end I/O stack between application endpoints and underlying hardware devices. Accountable paths allow for more expressive policies to be enforced over the software stack, which can be used to derive various assurances over the data (e.g., confidentiality, provenance). Principals can reason about the state of the system through attestations provided by AIO over (parts of) these paths. The guarantees provided by these enforcement layers hold regardless of the correctness of the rest of the platform software (including the OS).

Examining Committee: 
 
                           Chair:              Dr. Bobby Bhattacharjee                   
                           Dean's rep:      Dr.  Mark Shayman
                          Members:         Dr.  Peter Druschel  
                                                Dr.  Dave Levin 
                                                Dr. Neil Spring
Bio
Matthew Lentz is a Ph.D. candidate in Computer Science at the University of Maryland. He received his B.S. in Computer Engineering from the University of Maryland in 2010. He is broadly interested in research at the intersection of systems, networking, and security.

                                                         

This talk is organized by Tom Hurst