Show simple item record

dc.contributor.advisorLee, Wenke
dc.contributor.advisorKim, Taesoo
dc.contributor.authorJang, Yeong Jin
dc.date.accessioned2017-08-17T19:01:28Z
dc.date.available2017-08-17T19:01:28Z
dc.date.created2017-08
dc.date.issued2017-07-26
dc.date.submittedAugust 2017
dc.identifier.urihttp://hdl.handle.net/1853/58732
dc.description.abstractUser input plays an essential role in computer security because it can control system behavior and make security decisions in the system. System output to users, or user output, is also important because it often contains security-critical information that must be protected regarding its integrity and confidentiality, such as passwords and user’s private data. Despite the importance of user input and output (I/O), modern computer systems often fail to provide necessary security guarantees on them, which could result in serious security breaches. This dissertation aims to build trust in the user I/O in computer systems to keep the systems secure from attacks on the user I/O. To this end, we analyze the user I/O paths on popular platforms including desktop operating systems, mobile operating systems, and trusted execution environments such as Intel SGX, and identified that threats and attacks on the user I/O can be blocked by guaranteeing three key security properties of user I/O: integrity, confidentiality, and authenticity. First, GYRUS addresses the integrity of user input by matching the user’s original input with the content of outgoing network traffic to authorize user-intended network transactions. Second, M-AEGIS addresses the confidentiality of user I/O by implementing an encryption layer on top of user interface layer that provides user-to-user encryption. Third, the A11Y ATTACK addresses the importance of verifying user I/O authenticity by demonstrating twelve new attacks. Finally, to establish trust in the user I/O in a commodity computer system, I built a system called SGX-USB, which combines all three security properties to ensure the assurance of user I/O. The implemented system supports common user input devices such as a keyboard and a mouse over the trusted channel. Having assurance in user I/O allows the computer system to securely handle commands and data from the user by eliminating attack pathways to a system’s I/O paths.
dc.format.mimetypeapplication/pdf
dc.language.isoen_US
dc.publisherGeorgia Institute of Technology
dc.subjectSecurity
dc.subjectI/O
dc.titleBuilding trust in the user I/O in computer systems
dc.typeDissertation
dc.description.degreePh.D.
dc.contributor.departmentComputer Science
thesis.degree.levelDoctoral
dc.contributor.committeeMemberAhamad, Mustaque
dc.contributor.committeeMemberLi, Kang
dc.contributor.committeeMemberKim, Yongdae
dc.date.updated2017-08-17T19:01:28Z


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record