EAGER: Decomposing Operating Systems for Better Control over Policy and Privacy

EAGER：分解操作系统以更好地控制策略和隐私

• 批准号: 1840902
• 负责人: Samrat Bhattacharjee
• 金额: $ 20万
• 依托单位: University of Maryland, College Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2020-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1840902&HistoricalAwards=false
• 关键词: EAGER; Decomposing; Operating; Systems; Better

Mobile personal and internet connected devices (called Internet of Things (IoT) devices), provide functionality including communication, image/audio capture, location determination, and biometric sensing. The enhanced functionality of these devices has enabled two new classes of attacks: data breaches from malicious software applications and Operating Systems (OS) compromises, and large scale Distributed Denial of Service (DDoS) attacks. These attacks often result from users not being able to control the actions of their devices. Some actions might be in direct contradiction to the users' wishes. This project addresses the problem of mismatch between device functionality and user policy by introducing a new software layer that mediates access to low-level computing hardware.The project designs a new "Policy Kernel" that mediates with hardware and existing "Functionality Kernels". To demonstrate the policy-kernel's versatility, the proposed work includes implementation of prototype applications that address privacy leaks in mobile devices, DDoS prevention in IoT devices, and maintaining device integrity even if the functionality kernel is compromised. The policy kernel selectively intercepts all hardware access by existing kernels, and ensures that the user policy is not violated. Applying the user policy requires the policy kernel to be able to disable access to hardware selectively, and to transform or reduce the resolution of data returned by hardware devices.The ability to apply user policy unambiguously and securely will solve, perhaps, the biggest emerging problem for personal- and IoT devices. Prototype applications will demonstrate the versatility and potential of the proposed work: enabling functionality for important scenarios that, for now, must be accepted on `"faith". The proposed design relieves device manufacturers from having to anticipate how their product will be used, where it might be placed, who will use it, and what sensitive data it might inadvertently collect. Such a design can provide a foundation for how secure and privacy-preserving system software for personal- and IoT devices is built.The policy kernel source code, along with application code will be publicly available. All research results will be disseminated via conference and journal publications. All code, data, analysis tools, and publications will be online at https://www.cs.umd.edu/projects/secpath.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

移动个人和Internet连接的设备（称为物联网（IoT）设备），提供功能，包括通信，图像/音频捕获，位置确定和生物识别传感。 这些设备的增强功能已实现了两种新的攻击类别：来自恶意软件应用程序和操作系统（OS）妥协的数据泄露，以及大规模分布的服务拒绝服务（DDOS）攻击。 这些攻击通常是由于用户无法控制其设备的动作而引起的。 某些操作可能与用户的愿望直接矛盾。该项目通过引入一个新的软件层来解决设备功能和用户策略之间的不匹配问题，该软件层介导了对低级计算硬件的访问。该项目设计了一种新的“策略内核”，该项目用硬件和现有的“功能性内核”中介。 为了证明策略内核的多功能性，建议的工作包括实施原型应用程序，这些应用程序解决了移动设备中的隐私泄漏，IoT设备中的DDOS预防以及维护设备完整性，即使功能内核受到损害。 策略内核有选择地拦截了现有内核的所有硬件访问，并确保不违反用户策略。 应用用户策略要求策略内核能够选择性地禁用对硬件的访问，并转换或减少硬件设备返回的数据的分辨率。明确且安全地应用用户策略的能力将解决个人和IoT设备的最大新出现问题。原型应用程序将证明所提出的工作的多功能性和潜力：为重要场景启用功能，目前必须在“信仰”上接受这些功能。 拟议的设计使设备制造商不得不预测其产品将如何使用，放置在哪里，将使用它以及它可能无意中收集的敏感数据。 这样的设计可以为个人和IoT设备的安全保存系统软件提供基础。策略内核源代码以及应用程序代码将公开可用。 所有研究结果将通过会议和期刊出版物传播。 所有代码，数据，分析工具和出版物将在https://www.cs.umd.edu/projects/secpath.this奖中在线上，反映了NSF的法定任务，并被认为是值得通过基金会的知识分子优点和更广泛影响的审查标准来通过评估来进行评估的。