Title: Building Trust in the User I/O in Computer Systems

Yeongjin Jang

School of Computer Science

College of Computing

Georgia Institute of Technology

Date: Monday, May 1st, 2017

Time: 12:00pm - 2:00pm

Location: Klaus 3126

Committee

--------------------

Dr. Wenke Lee (Advisor), School of Computer Science, Georgia Institute of Technology

Dr. Taesoo Kim (co-advisor), School of Computer Science, Georgia Institute of Technology

Dr. Mustaque Ahamad, School of Computer Science, Georgia Institute of Technology

Abstract

--------------------

User input plays an important role in computer security because it

can control system behavior and make security decisions in the system.

System output to users, or user output, is also important because

it often contains security-critical information that must be protected

in terms of integrity and confidentiality, such as passwords and user's

private data. Despite the importance of user input and output (I/O),

modern computer systems often fail to provide basic security guarantees

on them, which has resulted in serious security breaches.

My dissertation research aims to build trust in the user I/O in computer

systems and keep systems secure by blocking attack pathways. To this end,

I analyze user I/O path on popular platforms including desktop operating

systems, mobile operating systems, and trusted execution environments

such as Intel SGX, and then develop systems that guarantee three key

security properties of user I/O: integrity, confidentiality, and authenticity.

First, Gyrus addresses the integrity of user input by matching the user's

original input with the content of outgoing network traffic and authorizing

user-intended network transactions. Second, M-Aegis addresses the

confidentiality of user I/O by implementing an encryption layer on top of

user interface layer that provides user-to-user encryption. Third,

the A11y Attack addresses the importance of verifying user I/O authenticity

by demonstrating twelve new attacks, which stem from missing proper security

checks to verify input sources and output destinations on alternative user

I/O paths in operating systems.

Finally, to establish trust in user I/O, I propose a system called SGX-USB,

which combines three security properties to ensure the assurance of user I/O.

SGX-USB establishes a trusted communication channel between the USB

controller and an enclave instance of Intel SGX. The system supports common

user input devices such as a keyboard and a mouse over the trusted channel,

which guarantees the assurance of user input. Having assurance in user I/O

allows the computer system to securely handle commands and data from

the user and eliminate attacks to I/O paths.