STRUCT: Enabling Secure and Trustworthy Compartments in Mobile Applications
Lead PI
Abstract
Society’s dependence on mobile technologies rapidly increases as we entrust mobile applications with more and more private information and capabilities. Existing security research follows a common threat model that treats apps as monolithic entities and only captures attack surface between apps. However, recent research reveals that app internal attacks are emerging quickly as complex entities with conflicting interests are commonly included inside a single app to allow for rich features and fast development.
This project, known as STRUCT, systematically investigates app compartmentalization as a novel and general approach to mitigating the critical yet unaddressed internal threats of apps. It applies this approach to major mobile platforms via solving four challenging and interesting research problems: (1) Deriving principles and models for designing intra-app security mechanisms; (2) Building compiler toolchains for automatically and securely compartmentalizing apps; (3) Building system-level enforcement mechanisms for open platforms; (4) Building app-level system-agnostic enforcement mechanisms for closed platforms. Solutions to these challenges together form a foundation to the design and implementation of intra-app security isolation and policy enforcement, which is currently nonexistent but in high demand.
STRUCT has its broader impact in fostering a new direction in mobile security research and education as well as increasing society’s adoption of mobile technology in security-sensitive scenarios.
Funding
Related Publications
- Hyungjoon Koo, Yaohui Chen, Long Lu, Vasileios Kemerlis, Michalis Polychronakis. “Compiler-assisted Code Randomization and Hardening”. 39th IEEE Symposium on Security and Privacy (S&P/Oakland’18), 2018. DOI:10.1109/SP.2018.00029
- Yaohui Chen, Dongliang Mu, Jun Xu, Wenguo Shen, Xinyu Xing, Long Lu. “PTrix: Efficient Hardware-Assisted Fuzzing for COTS Binary”. The 14th ACM on Asia Conference on Computer and Communications Security, 2019. DOI:10.1145/3321705.3329828
- Yaohui Chen, Yuping Li, Long Lu, Yueh-Hsun Lin, Hayawardh Vijayakumar, Zhi Wang, Xinming Ou. “InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android”. 2018 Network and Distributed System Security Symposium (NDSS’18), 2018. Paper link.