Enabling Secure and Trustworthy Compartments in Mobile Applications
Society’s dependence on mobile technologies rapidly increases as we entrust mobile applications with more and more private information and capabilities. Existing security research follows a common threat model that treats apps as monolithic entities and only captures attack surface between apps. However, recent research reveals that app internal attacks are emerging quickly as complex entities with conflicting interests are commonly included inside a single app to allow for rich features and fast development.
This project, known as STRUCT, systematically investigates app compartmentalization as a novel and general approach to mitigating the critical yet unaddressed internal threats of apps. It applies this approach to major mobile platforms via solving four challenging and interesting research problems: (1) Deriving principles and models for designing intra-app security mechanisms; (2) Building compiler toolchains for automatically and securely compartmentalizing apps; (3) Building system-level enforcement mechanisms for open platforms; (4) Building app-level system-agnostic enforcement mechanisms for closed platforms. Solutions to these challenges together form a foundation to the design and implementation of intra-app security isolation and policy enforcement, which is currently nonexistent but in high demand.
STRUCT has its broader impact in fostering a new direction in mobile security research and education as well as increasing society’s adoption of mobile technology in security-sensitive scenarios.