CAREER: Securing Mobile Devices by Hardening their System Software

职业：通过强化系统软件来保护移动设备

• 批准号: 1846230
• 负责人: Ardalan Amiri Sani
• 金额: $ 49.67万
• 依托单位: University of California-Irvine
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-06-01 至 2024-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1846230&HistoricalAwards=false
• 关键词: CAREER; Securing; Mobile; Devices; Hardening

Modern mobile devices, such as smartphones, tablets, and wearables, are targets of an increasing number of security attacks. Moreover, according to Google, an increasing number of attacks on (Android-based) mobile devices are targeting the operating system kernel. For example, 44% of attacks in 2016 targeted the kernel versus 9% and 4% respectively in 2015 and 2014. Unfortunately, contemporary mobile operating systems are large, complex, and full of vulnerabilities; hence they fall victims to these attacks more often than not. This project attempts at improving the state of the art in security of mobile devices through a complementary and comprehensive set of approaches that can alleviate the problem of operating system vulnerability to attacks. This project enhances the security of mobile devices. As mobile devices play an increasingly important role in today's world, this project will have a high impact on global societies and economies. The project will also train students in systems software programming through outreach and tutorial activities. The project targets three approaches to enhancing the security of mobile devices: (i) a security monitor to provide important security and privacy guarantees despite a compromised operating system, (ii) novel and mobile-specific tools to find (and then fix) mobile operating system vulnerabilities, and (iii) a vetting layer to efficiently safeguard the operating system interface against malicious applications. This project will be conducted in three research thrusts, each of which will address the challenges of one of the aforementioned approaches. The first research thrust builds a trustworthy and extensible security monitor for mobile devices. The key idea in this thrust is the use of security domains, which are isolated domains each hosting a different security service providing a unique security or privacy guarantee. The second research thrust investigates techniques to find vulnerabilities in the mobile operating system. In particular, it investigates solutions to apply existing dynamic analysis techniques to mobile operating system codebase in order to find and patch its vulnerabilities. Most such techniques are only applicable to software running within a virtual machine (VM). Hence, the key idea in this research thrust is to either automatically port mobile operating system code to run within a virtual machine or run these techniques on the device itself. The third research thrust investigates methods to safeguard the operating system interface against malicious applications. It does so by incorporating an extensive set of security checks on system calls and other operating system application programming interface calls to limit the application's attack vector. This thrust consists of two tasks including an in-process shield space capable of securely and efficiently executing the vetting layer's security checks as well as solutions to automatically generate such security checks.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

现代移动设备（例如智能手机，平板电脑和可穿戴设备）是越来越多的安全攻击的目标。此外，根据Google的说法，越来越多的对基于Android的移动设备的攻击目标针对操作系统内核。例如，2016年有44％的攻击针对内核，而2015年和2014年的攻击分别为9％和4％。不幸的是，当代移动操作系统很大，复杂且充满脆弱性。因此，他们经常对这些袭击而成为受害者。该项目试图通过一系列补充和全面的方法来改善移动设备安全性的最新状态，这些方法可以减轻操作系统脆弱性攻击的问题。该项目增强了移动设备的安全性。随着移动设备在当今世界上发挥越来越重要的作用，该项目将对全球社会和经济产生重大影响。该项目还将通过外展和教程活动培训学生进行系统软件编程。该项目针对增强移动设备安全性的三种方法：（i）尽管操作系统受到损害，（（ii）新颖和特定于移动的工具，可以找到（然后修复）移动操作，以提供重要的安全性和隐私保证系统漏洞和（iii）审查层，以有效地保护操作系统接口免受恶意应用程序。该项目将以三个研究推力进行，每个研究都将解决上述方法之一的挑战。第一项研究推力为移动设备建立了可信赖且可扩展的安全监视器。这一推力的关键想法是使用安全域，这些域是孤立的域，每个域都托管了提供独特的安全性或隐私保证的不同安全服务。第二项研究推力研究了在移动操作系统中发现漏洞的技术。特别是，它调查了将现有动态分析技术应用于移动操作系统代码库的解决方案，以查找和修补其漏洞。大多数此类技术仅适用于在虚拟机（VM）中运行的软件。因此，这项研究的关键思想是要么自动端口移动操作系统代码在虚拟机中运行，要么在设备本身上运行这些技术。第三项研究推力研究了保护操作系统界面免受恶意应用程序的方法。通过在系统调用和其他操作系统应用程序编程接口调用上合并一组安全检查，以限制应用程序的攻击向量。该推力由两项任务组成，包括一个能够安全有效地执行审查层的安全检查以及自动生成此类安全检查的解决方案的过程。该奖项反映了NSF的法定任务，并被视为通过评估值得的支持。利用基金会的知识分子和更广泛的影响审查标准。

项目成果

Undo Workarounds for Kernel Bugs

• 发表时间: 2021
• 作者: S. Talebi;Zhihao Yao;A. A. Sani-A.;Zhiyun Qian;D. Austin

Minimizing a Smartphone's TCB for Security-Critical Programs with Exclusively-Used, Physically-Isolated, Statically-Partitioned Hardware

• DOI: 10.1145/3581791.3596864
• 发表时间: 2023-06
• 期刊: Proceedings of the 21st Annual International Conference on Mobile Systems, Applications and Services
• 作者: Zhihao Yao;Seyed Mohammadjavad Seyed Talebi-Seyed-Mohammadjavad-Seyed-Talebi-2220160600;M. Chen;Ardalan Amiri Sani;T. Anderson

MegaMind: a platform for security & privacy extensions for voice assistants

• DOI: 10.1145/3458864.3467962
• 发表时间: 2021-06
• 期刊: Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services
• 作者: S. Talebi;A. A. Sani-A.;S. Saroiu;A. Wolman

Sifter: Protecting Security-Critical Kernel Modules in Android through Attack Surface Reduction

Sifter：通过减少攻击面来保护 Android 中的安全关键内核模块

• DOI: 10.1145/3495243.3560548
• 发表时间: 2022
• 期刊: ACM MobiCom
• 作者: Hung, Hsin-Wei;Liu, Yingtong;Amiri Sani, Ardalan
• 通讯作者: Amiri Sani, Ardalan

GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation

• 发表时间: 2023
• 作者: Hui Peng;Zhihao Yao;A. A. Sani-A.;D. Tian;Mathias Payer