CAREER: Rethinking Mobile Security in the New Age of App-As-A-Platform

职业：重新思考应用程序即平台新时代的移动安全

• 批准号: 1652205
• 负责人: Long Lu
• 金额: $ 50.05万
• 依托单位: SUNY at Stony Brook
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-05-01 至 2017-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1652205&HistoricalAwards=false
• 关键词: CAREER; Rethinking; Mobile; Security; New

An ongoing evolution in the design of mobile applications (apps) and services, called "app-as-a-platform", is posing fundamental challenges to mobile security and privacy, exposing consumers, enterprises, and governments to new threats. Existing security technologies were not designed to address apps' emerging role as micro-platforms and are, therefore, incapable of providing sufficient protections. This research project is developing security foundations in three dimensions of app-as-a-platform architectures: (1) In-app Dimension, where modules within the same app can adversely affect or manipulate one another, (2) App-cloud Dimension, where apps may spy on or abuse integrated cloud services, and vice versa, and (3) App-IoT Dimension, where unauthorized apps can manipulate IoT (Internet-of-Things)-connected devices. This research project is investigating approaches to safeguard mobile apps' integration with third-party modules, cloud services, and IoT devices that are organized by app-as-a-platform architectures. The project is developing security foundations for these architectures by retrofitting mobile middleware and operating systems (OS) with new isolation, mediation, and attestation primitives and mechanisms. To establish a principled defense against threats to app-as-a-platform systems, the researchers are designing new OS abstractions for in-process memory isolation, language constructs for module-level security enforcement, trustworthy web integration mechanisms, remote attestation of mobile agents, and an IoT authorization and interoperation framework. The project also provides unique education and training opportunities for both graduate and undergraduate students.

移动应用程序 (app) 和服务设计的持续发展（称为“应用程序即平台”）给移动安全和隐私带来了根本性挑战，使消费者、企业和政府面临新的威胁。现有的安全技术并非旨在解决应用程序作为微平台的新兴角色，因此无法提供足够的保护。该研究项目正在开发应用程序即平台架构三个维度的安全基础：(1) 应用程序内维度，同一应用程序内的模块可能会相互产生不利影响或操纵，(2) 应用程序云维度，应用程序可能会监视或滥用集成云服务，反之亦然；(3) 应用程序物联网维度，未经授权的应用程序可以操纵物联网（物联网）连接的设备。该研究项目正在研究保护移动应用程序与第三方模块、云服务和由应用程序即平台架构组织的物联网设备集成的方法。该项目正在通过使用新的隔离、中介和证明原语和机制改造移动中间件和操作系统 (OS)，为这些架构开发安全基础。为了针对应用即平台系统的威胁建立原则性防御，研究人员正在设计用于进程内内存隔离的新操作系统抽象、用于模块级安全实施的语言结构、值得信赖的 Web 集成机制、移动代理的远程认证，以及物联网授权和互操作框架。该项目还为研究生和本科生提供独特的教育和培训机会。