- Library Home /
- Search Collections /
- Open Collections /
- Browse Collections /
- UBC Theses and Dissertations /
- Cross-device access control with Trusted Capsules
Open Collections
UBC Theses and Dissertations
UBC Theses and Dissertations
Cross-device access control with Trusted Capsules Mehrotra, Puneet
Abstract
Users desire control over their data even as they share them across device boundaries. At the moment, they rely on ad-hoc solutions such as sending self destructible data with ephemeral messaging apps such as SnapChat. We present Trusted Capsules, a general cross-device access control abstraction for files. It bundles sensitive files with the policies that govern their accesses into units we call capsules. Capsules appear as regular files in the system. When an app opens one, its policy is executed in ARM TrustZone, a hardware-based trusted execution environment, to determine if access should be allowed or denied. As Trusted Capsules is based on a pragmatic threat model, it works with unmodified apps that users have come to rely on, unlike existing work. We show that policies in Trusted Capsules are expressible and that the slowdowns in our approach are limited to the opening and closing of capsules. Once an app opens a capsule, its read throughput of the file is identical to regular non-capsule files.
Item Metadata
| Title |
Cross-device access control with Trusted Capsules
|
| Creator | |
| Publisher |
University of British Columbia
|
| Date Issued |
2019
|
| Description |
Users desire control over their data even as they share them across device
boundaries. At the moment, they rely on ad-hoc solutions such as sending self destructible data with ephemeral messaging apps such as SnapChat. We present
Trusted Capsules, a general cross-device access control abstraction for files. It
bundles sensitive files with the policies that govern their accesses into units we call
capsules. Capsules appear as regular files in the system. When an app opens one,
its policy is executed in ARM TrustZone, a hardware-based trusted execution environment, to determine if access should be allowed or denied. As Trusted Capsules
is based on a pragmatic threat model, it works with unmodified apps that users have
come to rely on, unlike existing work. We show that policies in Trusted Capsules
are expressible and that the slowdowns in our approach are limited to the opening
and closing of capsules. Once an app opens a capsule, its read throughput of the
file is identical to regular non-capsule files.
|
| Genre | |
| Type | |
| Language |
eng
|
| Date Available |
2019-10-18
|
| Provider |
Vancouver : University of British Columbia Library
|
| Rights |
Attribution-NonCommercial-NoDerivatives 4.0 International
|
| DOI |
10.14288/1.0384608
|
| URI | |
| Degree | |
| Program | |
| Affiliation | |
| Degree Grantor |
University of British Columbia
|
| Graduation Date |
2019-11
|
| Campus | |
| Scholarly Level |
Graduate
|
| Rights URI | |
| Aggregated Source Repository |
DSpace
|
Item Media
Item Citations and Data
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International