32 research outputs found
Privaros: A Framework for Privacy-Compliant Delivery Drones
We present Privaros, a framework to enforce privacy policies on drones.
Privaros is designed for commercial delivery drones, such as the ones that will
likely be used by Amazon Prime Air. Such drones visit a number of host
airspaces, each of which may have different privacy requirements. Privaros
provides an information flow control framework to enforce the policies of these
hosts on the guest delivery drones. The mechanisms in Privaros are built on top
of ROS, a middleware popular in many drone platforms. This paper presents the
design and implementation of these mechanisms, describes how policies are
specified, and shows that Privaros's policy specification can be integrated
with India's Digital Sky portal. Our evaluation shows that a drone running
Privaros can robustly enforce various privacy policies specified by hosts, and
that its core mechanisms only marginally increase communication latency and
power consumption
MobiSys 2016
The 14th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys 2016) spanned a range of themes and domains, from smart environments to security and privacy. The highlights presented here cover the keynotes, paper sessions, and first Asian Students Symposium on Emerging Technologies
Hardware-Assisted Security Mechanisms On Arm-Based Multi-Core Processors
During the last decade, Trusted Execution Environment (TEE) provided by ARM TrustZone had become one of the most popular techniques to build security on mobile devices. On a TrustZone-enabled system, the software can execute in either Secure World (trusted) and Normal World (untrusted). Meanwhile, along with the expeditious development of TrustZone technology, the security of TEE is also challenged by dealing with more and more on-board hardware and in-TEE applications. In this dissertation, we explicitly study the security of ARM TrustZone technology with the latest ARM architecture in three aspects. First, we study the security of the TrustZone-assisted asynchronous introspection. Previously, asynchronous introspection mechanisms have been developed in the secure world to detect security policy violations in the normal world. However, we identify a new normal-world evasion attack that can defeat the asynchronous introspection by removing the attacking traces in parallel from one core when the secure-world checking is performing on another core. As the countermeasure, we propose a trustworthy asynchronous introspection mechanism called SATIN, which can effectively prevent evasion attacks with a minor system overhead by increasing the attackers\u27 evasion time cost and decreasing the defender\u27s inspecting time. Second, we design an ARM TrustZone-assisted connectivity mechanism, called TZNIC, to enable the secure world\u27s access to network even at the presence of a malicious OS. TZNIC deploys two NIC drivers, one secure-world driver, and one normal-world driver, that multiplex one physical NIC. We utilize the ARM TrustZone high-privilege to protect the secure-world driver, and further resolve several challenges about sharing one set of hardware peripheral between two isolated software environments. The evaluation shows that TZNIC can provide a reliable network channel for the secure world. Third, we investigate the memory-safety of secure-world trusted applications. Though the existing TrustZone hardware focuses on protecting the application\u27s confidentiality and integrity from malicious accesses of the normal world, there is little the secure world can do when the inside applications contain vulnerabilities and further get exploited by the normal world. To enhance the security of the secure-world application, we propose RusTEE, a TrustZone-based SDK that enables the development of trusted applications in the memory-safe programming language Rust. RusTEE can utilize the built-in security checks of Rust to mitigate all memory-corruption vulnerabilities for trusted applications. Besides, we enhance the trusted application\u27s security by enforcing the memory-safety on its invocations of system-service APIs and cross-world communication channels
DASICS: Enhancing Memory Protection with Dynamic Compartmentalization
In the existing software development ecosystem, security issues introduced by
third-party code cannot be overlooked. Among these security concerns, memory
access vulnerabilities stand out prominently, leading to risks such as the
theft or tampering of sensitive data. To address this issue, software-based
defense mechanisms have been established at the programming language, compiler,
and operating system levels. However, as a trade-off, these mechanisms
significantly reduce software execution efficiency. Hardware-software co-design
approaches have sought to either construct entirely isolated trusted execution
environments or attempt to partition security domains within the same address
space. While such approaches enhance efficiency compared to pure software
methods, they also encounter challenges related to granularity of protection,
performance overhead, and portability. In response to these challenges, we
present the DASICS (Dynamic in-Address-Space Isolation by Code Segments) secure
processor design, which offers dynamic and flexible security protection across
multiple privilege levels, addressing data flow protection, control flow
protection, and secure system calls. We have implemented hardware FPGA
prototypes and software QEMU simulator prototypes based on DASICS, along with
necessary modifications to system software for adaptability. We illustrate the
protective mechanisms and effectiveness of DASICS with two practical examples
and provide potential real-world use cases where DASICS could be applied.Comment: 16 pages, 6 figure