Guarding the Integrity of Mobile Graphical User Interfaces

NSF project SaTC#1718702 and #??? is synergey between Purdue University and UC Irvine.

Project duration: 2017 –- 2020.

Overview

This project seeks to safeguard key components in mobile/IoT software stacks, taking the system security to the next level. This project develops new systems components for OS, hypervisor, and trusted execution environment, as well as new methods for analyzing and testing these components.

As the initial effort, the team treated Graphical User Interface (GUI) of mobile applications. An attacker may tamper with that display, maliciously hiding, altering, or entirely fabricating display contents. User apps or the cloud services providing the information may be entirely unaware of the tampering. Mobile operating systems, such as Android and iOS, cannot guarantee the integrity and correctness of the app GUI content. This project is developing techniques to guarantee the integrity and correctness of security-sensitive GUI regions, to ensure that what a user sees in those regions is exactly what the app (or cloud service) intends to display.

With the insights and experience, the team further investigates other key mobile and IoT scenarios, including edge data analytics, AR, and VR, as well as other attack vectors such as side channels.

Principal Investigators

• Felix Xiaozhu Lin, Purdue ECE

• Ardalan Amiri Sani, UC Irvine

Publications

“StreamBox-TZ: A Secure IoT Analytics Engine at the Edge,” Heejin Park, Shuang Zhai, Long Lu, and Felix Xiaozhu Lin, to appear at Proc. USENIX Annual Technical Conference, 2019.

“Power SandBox: Power Awareness Redefined,” Liwei Guo, Tiantu Xu, Mengwei Xu, Xuanzhe Liu, and Felix Xiaozhu Lin, (*=co-primary) in Proc. Eurosys Conference, 2018.

Software deliverables

StreamBox-TZ – Secure Stream processing with TrustZone.

Power Sandbox – Power Awareness Redefined.

Lead Unit: Purdue.