CAREER: Rethinking Mobile Security in the New Age of App-As-A-Platform

职业：重新思考应用程序即平台新时代的移动安全

• 批准号: 1748334
• 负责人: Long Lu
• 金额: $ 50.05万
• 依托单位: Northeastern University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-08-01 至 2023-04-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1748334&HistoricalAwards=false
• 关键词: CAREER; Rethinking; Mobile; Security; New

An ongoing evolution in the design of mobile applications (apps) and services, called "app-as-a-platform", is posing fundamental challenges to mobile security and privacy, exposing consumers, enterprises, and governments to new threats. Existing security technologies were not designed to address apps' emerging role as micro-platforms and are, therefore, incapable of providing sufficient protections. This research project is developing security foundations in three dimensions of app-as-a-platform architectures: (1) In-app Dimension, where modules within the same app can adversely affect or manipulate one another, (2) App-cloud Dimension, where apps may spy on or abuse integrated cloud services, and vice versa, and (3) App-IoT Dimension, where unauthorized apps can manipulate IoT (Internet-of-Things)-connected devices. This research project is investigating approaches to safeguard mobile apps' integration with third-party modules, cloud services, and IoT devices that are organized by app-as-a-platform architectures. The project is developing security foundations for these architectures by retrofitting mobile middleware and operating systems (OS) with new isolation, mediation, and attestation primitives and mechanisms. To establish a principled defense against threats to app-as-a-platform systems, the researchers are designing new OS abstractions for in-process memory isolation, language constructs for module-level security enforcement, trustworthy web integration mechanisms, remote attestation of mobile agents, and an IoT authorization and interoperation framework. The project also provides unique education and training opportunities for both graduate and undergraduate students.

移动应用程序（应用程序）和服务的持续发展，称为“ App-a-a-platform”，对移动安全和隐私提出了根本性的挑战，使消费者，企业和政府面临新威胁。现有的安全技术并非旨在解决应用程序作为微平台的新兴角色，因此无法提供足够的保护。 This research project is developing security foundations in three dimensions of app-as-a-platform architectures: (1) In-app Dimension, where modules within the same app can adversely affect or manipulate one another, (2) App-cloud Dimension, where apps may spy on or abuse integrated cloud services, and vice versa, and (3) App-IoT Dimension, where unauthorized apps can manipulate IoT （THIONTENT）连接的设备。该研究项目正在研究通过APS-A-A-A-A-Platform Architectures组织的第三方模块，云服务和IoT设备的整合方法。该项目通过使用新的隔离，中介和证明原始及机制来改造移动中间件和操作系统（OS），为这些体系结构开发安全基础。为了制定针对对应用程序的平台系统威胁的原则防御，研究人员正在设计新的OS摘要，用于过程中的内存隔离，用于模块级安全执行的语言构造，可信赖的Web集成机制，移动代理的远程证明以及IOT授权和Intherization和Interoperation框架。该项目还为研究生和本科生提供了独特的教育和培训机会。

项目成果

P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling

P2IM：通过自动外设接口建模进行可扩展且独立于硬件的固件测试

• 发表时间: 2020
• 期刊: 29th USENIX Security Symposium
• 作者: Feng, Bo;Mera, Alejandro;Lu, Long
• 通讯作者: Lu, Long

OAT: Attesting Operation Integrity of Embedded Devices

• DOI: 10.1109/sp40000.2020.00042
• 发表时间: 2018-02
• 期刊: 2020 IEEE Symposium on Security and Privacy (SP)
• 作者: Zhichuang Sun;Bo Feng;Long Lu;S. Jha

SoK: Attacks on Industrial Control Logic and Formal Verification-Based Defenses

• DOI: 10.1109/eurosp51992.2021.00034
• 发表时间: 2020-06
• 期刊: 2021 IEEE European Symposium on Security and Privacy (EuroS&P)
• 作者: Ruimin Sun;Alejandro Mera;Long Lu;D. Choffnes

Secure Integration of Web Content and Applications on Commodity Mobile Operating Systems

• DOI: 10.1145/3052973.3052998
• 发表时间: 2017-04
• 期刊: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security
• 作者: Drew Davidson;Yaohui Chen;F. George;Long Lu;S. Jha

D-Box: DMA-enabled Compartmentalization for Embedded Applications

• DOI: 10.14722/ndss.2022.24053
• 发表时间: 2022-01
• 期刊: ArXiv
• 作者: Alejandro Mera;Yi Hui Chen;Ruimin Sun;E. Kirda;Long Lu