TC: Small: Security Architectures for Smartphones

TC：小型：智能手机的安全架构

• 批准号: 1117943
• 负责人: Dan Wallach
• 金额: $ 50万
• 依托单位: William Marsh Rice University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-08-01 至 2015-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1117943&HistoricalAwards=false
• 关键词: TC; Small; Security; Architectures; Smartphones

Modern smartphones from Apple, Google, and others have remarkably complex security needs. Applications, installed from a variety of third-party vendors, must be separated from one other, since some might be buggy or malicious, yet they must also communicate and share in a variety of ways, including displaying multimedia, sharing authentication credentials, and acting as local proxies for remote Internet sites to support payment services, advertisements, and so forth.We design, implement, and evaluate novel smartphone mechanisms, leveraging Google's open-source Android project. For example, we carefully control how privileges are managed within the phone as applications collaborate. We must defeat "confused deputy" attacks, where privileged-but-buggy applications inadvertently allow their callers to exercise sensitive privileges, yet our infrastructure must also enable "intentional deputies" who are trusted to leverage dangerous privileges while offering safe interfaces.Our work also considers the user's view of security features. Many applications require users to frequently retype passwords, annoying users and also making them vulnerable to spoofing attacks, because an attacker can fake a pixel-perfect dialog. We are studying a variety of approaches to improve security and usability, including better ways for applications to share credentials with one another (avoiding dialog boxes), and better ways for multiple applications to share screen real-estate (avoiding the need for singleton applications to be granted unnecessary privileges).All of our research output will be available under suitable open-source licenses, helping our work to influence phone vendors and ultimately to have impact on the huge installed base of smartphone users.

苹果、谷歌和其他公司的现代智能手机具有非常复杂的安全需求。从各种第三方供应商安装的应用程序必须彼此分离，因为有些可能是错误的或恶意的，但它们还必须以各种方式进行通信和共享，包括显示多媒体，共享身份验证凭证，以及充当远程Internet站点的本地代理以支持支付服务，广告等。利用谷歌的开源Android项目。例如，当应用程序协作时，我们仔细控制如何在电话内管理权限。我们必须击败“混淆代理”攻击，即错误但有缺陷的应用程序无意中允许其调用者行使敏感权限，但我们的基础设施还必须启用“故意代理”，他们被信任利用危险的特权，同时提供安全的接口。许多应用程序要求用户频繁地重新输入密码，这会让用户感到厌烦，也会使他们容易受到欺骗攻击，因为攻击者可以伪造一个像素完美的对话框。我们正在研究各种方法来提高安全性和可用性，包括应用程序之间共享凭据的更好方法（避免对话框），以及多个应用程序共享屏幕空间的更好方法（避免了单例应用程序被授予不必要的特权）。我们所有的研究成果都将在合适的开源许可证下提供，帮助我们的工作影响手机供应商，并最终影响庞大的智能手机用户群。