![]() ![]() We introduce a general mechanism to protect sensitive assets at run-time that we denote split-enforcement, and provide an implementation for ARM-powered devices using ARM TrustZone security extensions. These primitives mediate any action involving sensitive data or sensitive assets in order to guarantee their integrity and confidentiality. In this thesis we introduce run-time security primitives that enable a number of trusted services in the context of Linux. To really have an impact, any solution to this problem should be integrated in commodity operating systems. The problem is then to monitor and contain it when it executes in order to protect sensitive data and other sensitive assets. Put differently, it is safe to assume that any complex software is compromised. A way to contain cyber-attacks is to guarantee the integrity of IT systems at run-time. Cyber-attacks have thus become a problem of increasing importance not only for the IT industry, but for society at large. Software services have become an integral part of our daily life. S3 achieves an average precision of 89.2%, and average recall 95.8% in identifying sensitive data. We evaluate our approach on over 18,000 top popular applications from Google Play Store. ![]() Our approach is able to learn users’ preferences from readable concepts initially provided by users, and automatically identify related sensitive data. We introduce the notion concept space to represent the user’s notion of privacy, by which our approach can support flexible user requirements in defining sensitive data. Our approach considers semantic, syntactic and lexical information comprehensively, aiming to identify sensitive data by the semantics of its descriptive texts. In this paper, we propose S3, an automated approach to identify sensitive data based on users’ implicit specifications. These approaches can have high false positives/negatives as they do not consider the semantics of the descriptions. Existing research efforts on identifying sensitive data from its descriptive texts focus on keyword/phrase searching. ![]() More importantly, users may specify sensitive information only through an implicit manner. It typically needs intensive manual efforts. Protecting sensitive data in the cloud era requires identifying them in the first place. Our usability study proves that users can correctly interact with TruZ-Droid to protect their security sensitive activities and data.Ībstract The sensitivity of information is dependent on the context of application and user preference. TruZ-Droid's real-world use case evaluation shows that apps can leverage TrustZone while using existing OS APIs. We demonstrated TruZ-Droid's effectiveness by adding new security features to existing apps to protect user's sensitive information and attest user's confirmation. We built a prototype using the TrustZone-enabled HiKey board to evaluate our design. ![]() TruZ-Droid allows apps to leverage the TEE to protect the following: (i) user's secret input and confirmation, and (ii) sending of user's secrets to the authorized server. We implemented our design, called TruZ-Droid, by integrating TrustZone TEE with the Android OS. Our design incorporates TEE support at the OS level, allowing apps to leverage the TEE without adding app-specific code into the TEE, and while using existing interface to interact with the mobile OS. We proposed a novel design to integrate TEE with mobile OS to allow any app to leverage the TEE. Since vendors consider third-party app code untrusted inside the TEE, to allow an app to leverage TEE, app developers have to write the app code in a tailored way to work with the vendor's SDK. Today TEE can only be leveraged either by vendor apps or by developers who work with the vendor. Mobile devices today provide a hardware-protected mode called Trusted Execution Environment (TEE) to help protect users from a compromised OS and hypervisor. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |