UBC Theses and Dissertations
Security through isolation for cloud and mobile Colp, Patrick
People store increasing amounts of personal data digitally, from emails to credit cards. Two prevalent places this data is stored are on cloud platforms hosted by third parties and on mobile devices, which are easily lost or stolen and which run any of millions of untrusted third-party applications. We explore security through isolation as a means to protect the sensitive data residing on cloud and mobile platforms. We carefully consider the attributes of each platform and the specifics of the attacks we are trying to protect against to select isolation mechanisms that provide the necessary security benefit without incurring an undue performance penalty. Today's cloud platforms provide isolation through virtualization boundaries, which are typically managed by a monolithic control VM. We decompose such monolithic entities to reduce the attack surface. We break apart the control VM of Xen, a mature virtualization platform, into least-privilege components. We leverage this disaggregation to restart these components frequently, reducing the time window for attacks. Today's mobile platforms provide isolation through passwords and process boundaries. However, these protection mechanisms do little once an attacker can access the physical memory directly. We encrypt sensitive data while it is in memory to prevent direct, physical access to it. We leverage cache locking to provide a safe location embedded within the system chip itself to decrypt application data as it is required. Sharing data between applications is crucial for mobile platforms and is achieved using inter-process communication (IPC). An attacker that gains control of the OS also gains access to all this shared data. We encrypt IPC using a security monitor that operates outside the OS. Leveraging previous work on strong application boundaries, we provide end-to-end encrypted IPC, preventing a compromised OS from being able to access this sensitive data. We demonstrate three systems. First, we disaggregate Xen's monolithic control VM, improving security and reducing performance by 2% or less for most benchmarks. Second, we protect sensitive data on mobile devices from physical memory attacks while preserving performance within 5% for normal Android application usage. Third, we protect all IPC on Android devices incurring no noticeable performance overhead.
Item Citations and Data
Attribution-NonCommercial-NoDerivatives 4.0 International