*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Title: Building Trust in the User I/O in Computer Systems
Yeongjin Jang
Ph.D. Candidate
School of Computer Science
College of Computing
Georgia Institute of Technology
Date: Monday, July 24, 2017
Time: 9AM - 11AM (EDT)
Location: Klaus 3126
Committee:
--------------------
Dr. Wenke Lee (Advisor), School of Computer Science, Georgia Institute of Technology
Dr. Taesoo Kim (co-advisor), School of Computer Science, Georgia Institute of Technology
Dr. Mustaque Ahamad, School of Computer Science, Georgia Institute of Technology
Dr. Kang Li, School of Computer Science, University of Georgia
Dr. Yongdae Kim, School of Electrical Engineering, KAIST
Abstract
--------------------
User input plays an essential role in computer security because it can
control system behavior and make security decisions in the system.
System output to users, or user output, is also important because it
often contains security-critical information that must be protected
regarding its integrity and confidentiality, such as passwords and
user’s private data. Despite the importance of user input and output (I/O),
modern computer systems often fail to provide necessary security guarantees
on them, which could result in serious security breaches.
This dissertation aims to build trust in the user I/O in computer systems
to keep the systems secure from attacks on the user I/O. To this end,
we analyze the user I/O paths on popular platforms including desktop
operating systems, mobile operating systems, and trusted execution
environments such as Intel SGX, and identified that threats and attacks on
the user I/O can be blocked by guaranteeing three key security properties
of user I/O: integrity, confidentiality, and authenticity.
First, Gyrus addresses the integrity of user input by matching the user’s
original input with the content of outgoing network traffic to authorize
user-intended network transactions. Second, M-Aegis addresses the
confidentiality of user I/O by implementing an encryption layer on top of
user interface layer that provides user-to-user encryption. Third, the
A11y Attack addresses the importance of verifying user I/O authenticity by
demonstrating twelve new attacks, all of which stem from missing proper
security checks that verify input sources and output destinations on
alternative user I/O paths in operating systems.
Finally, to establish trust in the user I/O in a commodity computer system,
I built a system called SGX-USB, which combines all three security properties
to ensure the assurance of user I/O. SGX-USB establishes a trusted
communication channel between the USB controller and an enclave instance of
Intel SGX. The implemented system supports common user input devices such as
a keyboard and a mouse over the trusted channel, which guarantees the
assurance of user input. Having assurance in user I/O allows the computer
system to securely handle commands and data from the user by eliminating
attack pathways to a system’s I/O paths.
