Name: Saeed Mirzamohammadi
Chair: Ardalan Amiri Sani
Date: May 21, 2020
Time: 3pm
Location: Zoom
Committee: Ardalan Amiri Sani, Sharad Mehrotra, Gene Tsudik, Sharad Agarwal (MSR)
Title: Security Monitor for Mobile Devices: Design and Applications
Abstract:
Android’s underlying Linux kernel is rapidly becoming a more attractive target for attackers. In 2014, the number of reported bugs in the kernel is 4 percent of the overall bugs discovered in Android. This number has been drastically increased to 9 and 44 percent in 2015 and 2016, respectively. An attacker uses these kernel bugs to get kernel privilege and gain complete control of the mobile device.
In this talk, we present the Security Monitor, a small, trustworthy, and extensible software that provides different security services, with a small Trusted Computing Base (TCB). Security Monitor is designed and built based on two ARM hardware features: virtualization hardware and ARM TrustZone. The security services within the Security Monitor enforce certain privacy and security guarantees for the system. We demonstrate three end-to-end systems that leverage the Security Monitor to provide different security services. First, we present Viola that provides trustworthy sensor notifications using low-level checks in the Security Monitor. Second, we present Ditio that provides trustworthy auditing of sensor activities by recording the sensor activities in the Security Monitor. Third, we present Tabellion that provides the secure formation of electronic contracts by designing secure primitives in the Security Monitor.