PhD Defense by Yeongjin Jang

Event Details
  • Date/Time:
    • Monday July 24, 2017
      9:00 am - 11:00 am
  • Location: Klaus 3126
  • Phone:
  • URL:
  • Email:
  • Fee(s):
    N/A
  • Extras:
Contact
No contact information submitted.
Summaries

Summary Sentence: Building Trust in the User I/O in Computer Systems

Full Summary: No summary paragraph submitted.

Title: Building Trust in the User I/O in Computer Systems

 

 

Yeongjin Jang

Ph.D. Candidate

School of Computer Science

College of Computing

Georgia Institute of Technology

 

Date: Monday, July 24, 2017

Time: 9AM - 11AM (EDT)

Location: Klaus 3126

 

Committee:

--------------------

 

Dr. Wenke Lee (Advisor), School of Computer Science, Georgia Institute of Technology

Dr. Taesoo Kim (co-advisor), School of Computer Science, Georgia Institute of Technology

Dr. Mustaque Ahamad, School of Computer Science, Georgia Institute of Technology

Dr. Kang Li, School of Computer Science, University of Georgia

Dr. Yongdae Kim, School of Electrical Engineering, KAIST

 

Abstract

--------------------

 

User input plays an essential role in computer security because it can

control system behavior and make security decisions in the system.

System output to users, or user output, is also important because it

often contains security-critical information that must be protected

regarding its integrity and confidentiality, such as passwords and

user’s private data. Despite the importance of user input and output (I/O),

modern computer systems often fail to provide necessary security guarantees

on them, which could result in serious security breaches.

 

This dissertation aims to build trust in the user I/O in computer systems

to keep the systems secure from attacks on the user I/O. To this end,

we analyze the user I/O paths on popular platforms including desktop

operating systems, mobile operating systems, and trusted execution

environments such as Intel SGX, and identified that threats and attacks on

the user I/O can be blocked by guaranteeing three key security properties

of user I/O: integrity, confidentiality, and authenticity.

 

First, Gyrus addresses the integrity of user input by matching the user’s

original input with the content of outgoing network traffic to authorize

user-intended network transactions. Second, M-Aegis addresses the

confidentiality of user I/O by implementing an encryption layer on top of

user interface layer that provides user-to-user encryption. Third, the

A11y Attack addresses the importance of verifying user I/O authenticity by

demonstrating twelve new attacks, all of which stem from missing proper

security checks that verify input sources and output destinations on

alternative user I/O paths in operating systems.

 

Finally, to establish trust in the user I/O in a commodity computer system,

I built a system called SGX-USB, which combines all three security properties

to ensure the assurance of user I/O. SGX-USB establishes a trusted

communication channel between the USB controller and an enclave instance of

Intel SGX. The implemented system supports common user input devices such as

a keyboard and a mouse over the trusted channel, which guarantees the

assurance of user input. Having assurance in user I/O allows the computer

system to securely handle commands and data from the user by eliminating

attack pathways to a system’s I/O paths.

 

Additional Information

In Campus Calendar
No
Groups

Graduate Studies

Invited Audience
Faculty/Staff, Public, Undergraduate students
Categories
Other/Miscellaneous
Keywords
Phd Defense
Status
  • Created By: Tatianna Richardson
  • Workflow Status: Published
  • Created On: Jul 21, 2017 - 8:52am
  • Last Updated: Jul 21, 2017 - 8:52am