SaTC: CORE: Small: Collaborative: Guarding the Integrity of Mobile Graphical User Interfaces

SaTC：核心：小型：协作：保护移动图形用户界面的完整性

• 批准号: 1718923
• 负责人: Ardalan Amiri Sani
• 金额: $ 25万
• 依托单位: University of California-Irvine
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-08-01 至 2021-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1718923&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Collaborative; Guarding

Today's mobile applications and services display information to the user via a Graphical User Interface (GUI). Unfortunately, an attacker may tamper with that display, maliciously hiding, altering, or entirely fabricating display contents. User apps or the cloud services providing the information may be entirely unaware of the tampering. Mobile operating systems, such as Android and iOS, cannot guarantee the integrity and correctness of the app GUI content. This project is developing techniques to guarantee the integrity and correctness of security-sensitive GUI regions, to ensure that what a user sees in those regions is exactly what the app (or cloud service) intends to display. The researchers are developing the concept of a protected GUI region called a "viewport," which a cloud backend may statically associate with an app. The intent is to ensure that only the GUI of the application is able to display into the specified portion of the screen. The researchers are developing a viewport security enforcement monitor, using hardware features of the ARM processor, and developing programming and operating system support for viewports. The project exploits a synergy of hardware features, including virtualization, ARM TrustZone, and modern display controller with support for overlaid layers. Finally, the research team is evaluating the security assurance provided, performance overhead, and ease of use by application developers.

当今的移动应用程序和服务通过图形用户界面 (GUI) 向用户显示信息。不幸的是，攻击者可能会篡改该显示，恶意隐藏、更改或完全伪造显示内容。 提供信息的用户应用程序或云服务可能完全不知道篡改。 Android和iOS等移动操作系统无法保证应用程序GUI内容的完整性和正确性。 该项目正在开发技术来保证安全敏感 GUI 区域的完整性和正确性，以确保用户在这些区域中看到的内容正是应用程序（或云服务）想要显示的内容。研究人员正在开发称为“视口”的受保护 GUI 区域的概念，云后端可以将其与应用程序静态关联。目的是确保只有应用程序的 GUI 能够显示到屏幕的指定部分。研究人员正在利用 ARM 处理器的硬件功能开发视口安全执行监视器，并开发对视口的编程和操作系统支持。 该项目利用了硬件功能的协同作用，包括虚拟化、ARM TrustZone 和支持覆盖层的现代显示控制器。最后，研究团队正在评估所提供的安全保证、性能开销以及应用程序开发人员的易用性。

项目成果

Tabellion: secure legal contracts on mobile devices

Tabellion：移动设备上的安全法律合同

• DOI: 10.1145/3386901.3389027
• 发表时间: 2020-06
• 期刊: and Services
• 作者: Mirzamohammadi, Saeed;Liu, Yuxin;Huang, Tianmei Ann;Sani, Ardalan Amiri;Agarwal, Sharad;Kim, Sung Eun
• 通讯作者: Kim, Sung Eun

Minimizing a Smartphone's TCB for Security-Critical Programs with Exclusively-Used, Physically-Isolated, Statically-Partitioned Hardware

通过专用、物理隔离、静态分区的硬件，最大限度地减少智能手机的安全关键程序的 TCB

• DOI: 10.1145/3581791.3596864
• 发表时间: 2023-01
• 期刊: ACM MobiSys
• 作者: Yao, Zhihao;Seyed Talebi, Seyed Mohammadjavad;Chen, Mingyi;Amiri Sani, Ardalan;Anderson, Thomas
• 通讯作者: Anderson, Thomas