EAGER: Decomposing Operating Systems for Better Control over Policy and Privacy

EAGER：分解操作系统以更好地控制策略和隐私

• 批准号: 1840902
• 负责人: Samrat Bhattacharjee
• 金额: $ 20万
• 依托单位: University of Maryland, College Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2020-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1840902&HistoricalAwards=false
• 关键词: EAGER; Decomposing; Operating; Systems; Better

Mobile personal and internet connected devices (called Internet of Things (IoT) devices), provide functionality including communication, image/audio capture, location determination, and biometric sensing. The enhanced functionality of these devices has enabled two new classes of attacks: data breaches from malicious software applications and Operating Systems (OS) compromises, and large scale Distributed Denial of Service (DDoS) attacks. These attacks often result from users not being able to control the actions of their devices. Some actions might be in direct contradiction to the users' wishes. This project addresses the problem of mismatch between device functionality and user policy by introducing a new software layer that mediates access to low-level computing hardware.The project designs a new "Policy Kernel" that mediates with hardware and existing "Functionality Kernels". To demonstrate the policy-kernel's versatility, the proposed work includes implementation of prototype applications that address privacy leaks in mobile devices, DDoS prevention in IoT devices, and maintaining device integrity even if the functionality kernel is compromised. The policy kernel selectively intercepts all hardware access by existing kernels, and ensures that the user policy is not violated. Applying the user policy requires the policy kernel to be able to disable access to hardware selectively, and to transform or reduce the resolution of data returned by hardware devices.The ability to apply user policy unambiguously and securely will solve, perhaps, the biggest emerging problem for personal- and IoT devices. Prototype applications will demonstrate the versatility and potential of the proposed work: enabling functionality for important scenarios that, for now, must be accepted on `"faith". The proposed design relieves device manufacturers from having to anticipate how their product will be used, where it might be placed, who will use it, and what sensitive data it might inadvertently collect. Such a design can provide a foundation for how secure and privacy-preserving system software for personal- and IoT devices is built.The policy kernel source code, along with application code will be publicly available. All research results will be disseminated via conference and journal publications. All code, data, analysis tools, and publications will be online at https://www.cs.umd.edu/projects/secpath.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

移动的个人和互联网连接设备（称为物联网（IoT）设备）提供包括通信、图像/音频捕获、位置确定和生物特征感测的功能。 这些设备的增强功能使两类新的攻击成为可能：恶意软件应用程序和操作系统（OS）入侵造成的数据泄露，以及大规模分布式拒绝服务（DDoS）攻击。 这些攻击通常是由于用户无法控制其设备的操作而导致的。 有些行为可能与用户的愿望直接矛盾。该项目通过引入一个新的软件层来解决设备功能和用户策略之间不匹配的问题，该软件层用于协调对底层计算硬件的访问。该项目设计了一个新的“策略内核”，用于协调硬件和现有的“功能内核”。 为了证明策略内核的多功能性，建议的工作包括实现原型应用程序，解决移动的设备中的隐私泄露，物联网设备中的DDoS防护，以及即使功能内核受到损害也保持设备完整性。 策略内核有选择地拦截现有内核的所有硬件访问，并确保不违反用户策略。 应用用户策略需要策略内核能够有选择地禁用对硬件的访问，并转换或降低硬件设备返回的数据的分辨率。明确安全地应用用户策略的能力可能会解决个人和物联网设备最大的新兴问题。原型应用程序将展示拟议工作的多功能性和潜力：为重要场景提供功能，目前必须接受“信念”。 该设计使设备制造商不必预测其产品将如何使用、可能放置在何处、谁将使用以及可能无意中收集哪些敏感数据。这样的设计可以为如何构建个人和物联网设备的安全和隐私保护系统软件提供基础。策略内核源代码沿着应用程序代码将公开。 所有研究成果将通过会议和期刊出版物传播。 所有代码、数据、分析工具和出版物都将在www.example.com上在线发布https://www.cs.umd.edu/projects/secpath.This奖项反映了NSF的法定使命，并被认为值得通过使用基金会的知识价值和更广泛的影响审查标准进行评估来支持。