CAREER: Rethinking Mobile Security in the New Age of App-As-A-Platform

职业：重新思考应用程序即平台新时代的移动安全

• 批准号: 1652205
• 负责人: Long Lu
• 金额: $ 50.05万
• 依托单位: SUNY at Stony Brook
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-05-01 至 2017-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1652205&HistoricalAwards=false
• 关键词: CAREER; Rethinking; Mobile; Security; New

An ongoing evolution in the design of mobile applications (apps) and services, called "app-as-a-platform", is posing fundamental challenges to mobile security and privacy, exposing consumers, enterprises, and governments to new threats. Existing security technologies were not designed to address apps' emerging role as micro-platforms and are, therefore, incapable of providing sufficient protections. This research project is developing security foundations in three dimensions of app-as-a-platform architectures: (1) In-app Dimension, where modules within the same app can adversely affect or manipulate one another, (2) App-cloud Dimension, where apps may spy on or abuse integrated cloud services, and vice versa, and (3) App-IoT Dimension, where unauthorized apps can manipulate IoT (Internet-of-Things)-connected devices. This research project is investigating approaches to safeguard mobile apps' integration with third-party modules, cloud services, and IoT devices that are organized by app-as-a-platform architectures. The project is developing security foundations for these architectures by retrofitting mobile middleware and operating systems (OS) with new isolation, mediation, and attestation primitives and mechanisms. To establish a principled defense against threats to app-as-a-platform systems, the researchers are designing new OS abstractions for in-process memory isolation, language constructs for module-level security enforcement, trustworthy web integration mechanisms, remote attestation of mobile agents, and an IoT authorization and interoperation framework. The project also provides unique education and training opportunities for both graduate and undergraduate students.

移动的应用程序（app）和服务的设计（称为“应用程序即平台”）正在不断演变，这对移动的安全和隐私提出了根本性挑战，使消费者、企业和政府面临新的威胁。现有的安全技术并不是为了解决应用程序作为微平台的新兴角色而设计的，因此无法提供足够的保护。该研究项目正在开发应用程序即平台架构的三个维度的安全基础：（1）应用内维度，其中同一应用内的模块可以彼此不利地影响或操纵，（2）应用云维度，其中应用可以窥探或滥用集成的云服务，反之亦然，以及（3）应用物联网维度，未经授权的应用程序可以操纵物联网连接的设备。该研究项目正在研究保护移动的应用程序与由应用程序即平台架构组织的第三方模块、云服务和物联网设备集成的方法。该项目正在通过使用新的隔离、中介和证明原语和机制来改造移动的中间件和操作系统（OS），从而为这些体系结构开发安全基础。为了建立针对应用即平台系统威胁的原则性防御，研究人员正在设计用于进程内内存隔离的新操作系统抽象、用于模块级安全执行的语言结构、可信赖的Web集成机制、移动的代理的远程认证以及物联网授权和互操作框架。该项目还为研究生和本科生提供了独特的教育和培训机会。