The security architecture of consumer operating systems is currently undergoing a fundamental change. In platforms such as Android, iOS, and Windows 8, each application is a separate security principal that can own data. While this distinction is a vast improvement over traditional user-focused security architectures, sharing data between applications results in an unexpected loss of control of that data, potentially exposing security and privacy sensitive information. This research improves the security of these modern consumer operating systems by providing a holistic view of data protection. In particular, this work proposes a new operating system abstraction for transparently tracking and controlling access to all data, allowing policy to determine if a reader is given the true value, a fake or modified value, or no value at all. To efficiently and practically accomplish this goal, this work combines several existing and new techniques to track and control access to data. The new abstraction provided by this work not only solves a significant problem affecting modern consumer operating systems by enabling applications to retain pervasive control over their data, but also more broadly provides a new abstraction on which a variety of new security solutions can be built.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Application #
1253346
Program Officer
Nina Amla
Project Start
Project End
Budget Start
2013-02-01
Budget End
2019-01-31
Support Year
Fiscal Year
2012
Total Cost
$400,000
Indirect Cost
Name
North Carolina State University Raleigh
Department
Type
DUNS #
City
Raleigh
State
NC
Country
United States
Zip Code
27695