SaTC: CORE: Small: Collaborative: Guarding the Integrity of Mobile Graphical User Interfaces

SaTC：核心：小型：协作：保护移动图形用户界面的完整性

• 批准号: 1718923
• 负责人: Ardalan Amiri Sani
• 金额: $ 25万
• 依托单位: University of California-Irvine
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-08-01 至 2021-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1718923&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Collaborative; Guarding

Today's mobile applications and services display information to the user via a Graphical User Interface (GUI). Unfortunately, an attacker may tamper with that display, maliciously hiding, altering, or entirely fabricating display contents. User apps or the cloud services providing the information may be entirely unaware of the tampering. Mobile operating systems, such as Android and iOS, cannot guarantee the integrity and correctness of the app GUI content. This project is developing techniques to guarantee the integrity and correctness of security-sensitive GUI regions, to ensure that what a user sees in those regions is exactly what the app (or cloud service) intends to display. The researchers are developing the concept of a protected GUI region called a "viewport," which a cloud backend may statically associate with an app. The intent is to ensure that only the GUI of the application is able to display into the specified portion of the screen. The researchers are developing a viewport security enforcement monitor, using hardware features of the ARM processor, and developing programming and operating system support for viewports. The project exploits a synergy of hardware features, including virtualization, ARM TrustZone, and modern display controller with support for overlaid layers. Finally, the research team is evaluating the security assurance provided, performance overhead, and ease of use by application developers.

今天的移动应用程序和服务通过图形用户界面(GUI)向用户显示信息。不幸的是，攻击者可能会篡改显示内容，恶意隐藏、更改或完全伪造显示内容。提供信息的用户应用程序或云服务可能完全不知道篡改。Android和iOS等移动操作系统无法保证APP图形用户界面内容的完整性和正确性。该项目正在开发技术，以确保安全敏感的图形用户界面区域的完整性和正确性，以确保用户在这些区域中看到的正是应用程序(或云服务)打算显示的内容。研究人员正在开发被称为“视区”的受保护的图形用户界面区域的概念，云后端可能会静态地将其与应用程序相关联。这样做的目的是确保只有应用程序的图形用户界面能够显示到屏幕的指定部分。研究人员正在利用ARM处理器的硬件功能开发视点安全执法监控器，并开发视点编程和操作系统支持。该项目利用了硬件功能的协同作用，包括虚拟化、ARM TrustZone和支持覆盖层的现代显示控制器。最后，研究团队正在评估所提供的安全保证、性能开销以及应用程序开发人员的易用性。

项目成果

Tabellion: secure legal contracts on mobile devices

Tabellion：移动设备上的安全法律合同

• DOI: 10.1145/3386901.3389027
• 发表时间: 2020
• 期刊: and Services
• 作者: Mirzamohammadi, Saeed;Liu, Yuxin;Huang, Tianmei Ann;Sani, Ardalan Amiri;Agarwal, Sharad;Kim, Sung Eun
• 通讯作者: Kim, Sung Eun

Minimizing a Smartphone's TCB for Security-Critical Programs with Exclusively-Used, Physically-Isolated, Statically-Partitioned Hardware

• DOI: 10.1145/3581791.3596864
• 发表时间: 2023-06
• 期刊: Proceedings of the 21st Annual International Conference on Mobile Systems, Applications and Services
• 作者: Zhihao Yao;Seyed Mohammadjavad Seyed Talebi-Seyed-Mohammadjavad-Seyed-Talebi-2220160600;M. Chen;Ardalan Amiri Sani;T. Anderson