Skip to content
University of Maryland LibrariesDigital Repository at the University of Maryland
    • Login
    View Item 
    •   DRUM
    • Theses and Dissertations from UMD
    • UMD Theses and Dissertations
    • View Item
    •   DRUM
    • Theses and Dissertations from UMD
    • UMD Theses and Dissertations
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Assurance and Control over Sensitive Data on Personal Devices

    Thumbnail
    View/Open
    Lentz_umd_0117E_21015.pdf (1.665Mb)
    No. of downloads: 177

    Date
    2020
    Author
    Lentz, Matthew
    Advisor
    Bhattacharjee, Bobby
    DRUM DOI
    https://doi.org/10.13016/nx2k-waen
    Metadata
    Show full item record
    Abstract
    Personal smart devices provide users with powerful capabilities for communication, productivity, health, education, and entertainment. Applications often operate over sensitive data related to the user: collecting and processing input data from sensors (e.g., fingerprint scans, location updates), or rendering output data to the user (e.g., displaying financial information). This sensitive data is the target of many attacks, which range from malicious applications to compromises of the platform software itself, which includes the operating system (OS) and privileged services. Today, users are ultimately unable to control or reason about how their sensitive data is processed, protected, or shared. In this dissertation, I argue the following thesis: Introducing an enforcement layer between hardware and platform software can enable end-to-end secure applications while giving users fine-grained control over their devices. I support this thesis through the design, implementation, and evaluation of two different instantiations of such an enforcement layer: SeCloak and AIO. SeCloak focuses on addressing a single point in the policy space for giving control back to users: on/off control of peripherals (e.g., camera, microphone). SeCloak runs as a platform-agnostic layer that provides the abstraction of secure, virtual switches that the user can reliably configure. AIO introduces a new "accountable path" abstraction that enables constructing and reasoning about the end-to-end I/O stack between application endpoints and underlying hardware devices. Accountable paths allow for more expressive policies to be enforced over the software stack, which can be used to derive various assurances over the data (e.g., confidentiality, provenance). Principals can reason about the state of the system through attestations provided by AIO over (parts of) these paths. The guarantees provided by these enforcement layers hold regardless of the correctness of the rest of the platform software (including the OS).
    URI
    http://hdl.handle.net/1903/26495
    Collections
    • Computer Science Theses and Dissertations
    • UMD Theses and Dissertations

    DRUM is brought to you by the University of Maryland Libraries
    University of Maryland, College Park, MD 20742-7011 (301)314-1328.
    Please send us your comments.
    Web Accessibility
     

     

    Browse

    All of DRUMCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    LoginRegister
    Pages
    About DRUMAbout Download Statistics

    DRUM is brought to you by the University of Maryland Libraries
    University of Maryland, College Park, MD 20742-7011 (301)314-1328.
    Please send us your comments.
    Web Accessibility