SchrodinText: Strong Protection of Sensitive Textual Content of Mobile Applications. Sani, A., A. In Proceedings of the Annual International Conference on Mobile Systems, Applications, and Services (MobiSys), pages 197-210, 6, 2017. ACM.
SchrodinText: Strong Protection of Sensitive Textual Content of Mobile Applications [link]Website  abstract   bibtex   
Many mobile applications deliver and show sensitive and private textual content to users including messages, social network posts, account information, and verification codes. All such textual content must only be displayed to the user but must be strongly protected from unauthorized access in the device. Unfortunately, this is not the case in mobile devices today: malware that can compromise the operating system, e.g., gain root or kernel privileges, can easily access textual content of other applications. In this paper, we present SchrodinText, a system solution for strongly protecting the confidentiality of application's selected UI textual content from a fully compromised operating system. SchrodinText leverages a novel security monitor based on two hardware features on modern ARM processors: virtualization hardware and TrustZone. Our key contribution is a set of novel techniques that allow the operating system to perform the text rendering without needing access to the text itself, hence minimizing the Trusted Computing Base (TCB). These techniques, collectively called oblivious rendering, enable the operating system to rasterize and lay out all the characters without access to the text; the monitor only resolves the right character glyphs onto the framebuffer observed by the user and protects them from the operating system, e.g., against DMA attacks. We present our prototype using an ARM Juno development board and Android operating system. We show that SchrodinText incurs noticeable overhead but that its performance is usable.
@inProceedings{
 title = {SchrodinText: Strong Protection of Sensitive Textual Content of Mobile Applications},
 type = {inProceedings},
 year = {2017},
 identifiers = {[object Object]},
 keywords = {mobile-platforms,security,trusted-computing,virtualization},
 pages = {197-210},
 websites = {http://dx.doi.org/10.1145/3081333.3081346},
 month = {6},
 publisher = {ACM},
 id = {8af34f98-75b8-34c7-92a6-f55d9b7ebae1},
 created = {2018-07-12T21:31:09.214Z},
 file_attached = {false},
 profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
 group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
 last_modified = {2018-07-12T21:31:09.214Z},
 read = {false},
 starred = {false},
 authored = {false},
 confirmed = {true},
 hidden = {false},
 citation_key = {Sani:SecuringSensitiveData},
 source_type = {inproceedings},
 private_publication = {false},
 abstract = {Many mobile applications deliver and show sensitive and private textual content to users including messages, social network posts, account information, and verification codes. All such textual content must only be displayed to the user but must be strongly protected from unauthorized access in the device. Unfortunately, this is not the case in mobile devices today: malware that can compromise the operating system, e.g., gain root or kernel privileges, can easily access textual content of other applications. In this paper, we present SchrodinText, a system solution for strongly protecting the confidentiality of application's selected UI textual content from a fully compromised operating system. SchrodinText leverages a novel security monitor based on two hardware features on modern ARM processors: virtualization hardware and TrustZone. Our key contribution is a set of novel techniques that allow the operating system to perform the text rendering without needing access to the text itself, hence minimizing the Trusted Computing Base (TCB). These techniques, collectively called oblivious rendering, enable the operating system to rasterize and lay out all the characters without access to the text; the monitor only resolves the right character glyphs onto the framebuffer observed by the user and protects them from the operating system, e.g., against DMA attacks. We present our prototype using an ARM Juno development board and Android operating system. We show that SchrodinText incurs noticeable overhead but that its performance is usable.},
 bibtype = {inProceedings},
 author = {Sani, Ardalan A},
 booktitle = {Proceedings of the Annual International Conference on Mobile Systems, Applications, and Services (MobiSys)}
}

Downloads: 0