EAGER: Decomposing Operating Systems for Better Control over Policy and Privacy

EAGER：分解操作系统以更好地控制策略和隐私

• 批准号: 1840902
• 负责人: Samrat Bhattacharjee
• 金额: $ 20万
• 依托单位: University of Maryland, College Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2020-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1840902&HistoricalAwards=false
• 关键词: EAGER; Decomposing; Operating; Systems; Better

Mobile personal and internet connected devices (called Internet of Things (IoT) devices), provide functionality including communication, image/audio capture, location determination, and biometric sensing. The enhanced functionality of these devices has enabled two new classes of attacks: data breaches from malicious software applications and Operating Systems (OS) compromises, and large scale Distributed Denial of Service (DDoS) attacks. These attacks often result from users not being able to control the actions of their devices. Some actions might be in direct contradiction to the users' wishes. This project addresses the problem of mismatch between device functionality and user policy by introducing a new software layer that mediates access to low-level computing hardware.The project designs a new "Policy Kernel" that mediates with hardware and existing "Functionality Kernels". To demonstrate the policy-kernel's versatility, the proposed work includes implementation of prototype applications that address privacy leaks in mobile devices, DDoS prevention in IoT devices, and maintaining device integrity even if the functionality kernel is compromised. The policy kernel selectively intercepts all hardware access by existing kernels, and ensures that the user policy is not violated. Applying the user policy requires the policy kernel to be able to disable access to hardware selectively, and to transform or reduce the resolution of data returned by hardware devices.The ability to apply user policy unambiguously and securely will solve, perhaps, the biggest emerging problem for personal- and IoT devices. Prototype applications will demonstrate the versatility and potential of the proposed work: enabling functionality for important scenarios that, for now, must be accepted on `"faith". The proposed design relieves device manufacturers from having to anticipate how their product will be used, where it might be placed, who will use it, and what sensitive data it might inadvertently collect. Such a design can provide a foundation for how secure and privacy-preserving system software for personal- and IoT devices is built.The policy kernel source code, along with application code will be publicly available. All research results will be disseminated via conference and journal publications. All code, data, analysis tools, and publications will be online at https://www.cs.umd.edu/projects/secpath.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

移动个人和互联网连接设备（称为物联网 (IoT) 设备）提供的功能包括通信、图像/音频捕获、位置确定和生物识别传感。 这些设备的增强功能引发了两类新的攻击：恶意软件应用程序和操作系统 (OS) 泄露造成的数据泄露，以及大规模分布式拒绝服务 (DDoS) 攻击。 这些攻击通常是由于用户无法控制其设备的操作造成的。 有些行为可能与用户的意愿直接矛盾。该项目通过引入一个新的软件层来协调对低级计算硬件的访问，解决了设备功能和用户策略之间不匹配的问题。该项目设计了一个新的“策略内核”，它与硬件和现有的“功能内核”进行协调。 为了证明策略内核的多功能性，拟议的工作包括实现原型应用程序，以解决移动设备中的隐私泄漏问题、物联网设备中的 DDoS 防护以及即使功能内核受到损害也能保持设备完整性。 策略内核选择性地拦截现有内核的所有硬件访问，并确保不违反用户策略。 应用用户策略要求策略内核能够有选择地禁用对硬件的访问，并转换或降低硬件设备返回的数据的分辨率。明确且安全地应用用户策略的能力可能会解决最大的新问题适用于个人和物联网设备。原型应用程序将展示所提议工作的多功能性和潜力：为重要场景启用功能，目前必须在“信仰”上接受这些功能。 拟议的设计使设备制造商不必预测他们的产品将如何使用、可能放置在哪里、谁将使用它以及可能会无意中收集哪些敏感数据。 这样的设计可以为如何构建个人和物联网设备的安全和隐私保护系统软件提供基础。策略内核源代码以及应用程序代码将公开。 所有研究结果将通过会议和期刊出版物传播。 所有代码、数据、分析工具和出版物都将在 https://www.cs.umd.edu/projects/secpath 上在线发布。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值进行评估，被认为值得支持以及更广泛的影响审查标准。