Principled Flow Tracking in IoT and Low-Level Applications
Doctoral thesis, 2022
Significant fractions of our lives are spent digitally, connected to and dependent on Internet-based applications, be it through the Web, mobile, or IoT. All such applications have access to and are entrusted with private user data, such as location, photos, browsing habits, private feed from social networks, or bank details.
In this thesis, we focus on IoT and Web(Assembly) apps. We demonstrate IoT apps to be vulnerable to attacks by malicious app makers who are able to bypass the sandboxing mechanisms enforced by the platform to stealthy exfiltrate user data. We further give examples of carefully crafted WebAssembly code abusing the semantics to leak user data.
We are interested in applying language-based technologies to ensure application security due to the formal guarantees they provide. Such technologies analyze the underlying program and track how the information flows in an application, with the goal of either statically proving its security, or preventing insecurities from happening at runtime. As such, for protecting against the attacks on IoT apps, we develop both static and dynamic methods, while for securing WebAssembly apps we describe a hybrid approach, combining both.
While language-based technologies provide strong security guarantees, they are still to see a widespread adoption outside the academic community where they emerged.
In this direction, we outline six design principles to assist the developer in choosing the right security characterization and enforcement mechanism for their system.
We further investigate the relative expressiveness of two static enforcement mechanisms which pursue fine- and coarse-grained approaches for tracking the flow of sensitive information in a system. Finally, we provide the developer with an automatic method for reducing the manual burden associated with some of the language-based enforcements.
In this thesis, we focus on IoT and Web(Assembly) apps. We demonstrate IoT apps to be vulnerable to attacks by malicious app makers who are able to bypass the sandboxing mechanisms enforced by the platform to stealthy exfiltrate user data. We further give examples of carefully crafted WebAssembly code abusing the semantics to leak user data.
We are interested in applying language-based technologies to ensure application security due to the formal guarantees they provide. Such technologies analyze the underlying program and track how the information flows in an application, with the goal of either statically proving its security, or preventing insecurities from happening at runtime. As such, for protecting against the attacks on IoT apps, we develop both static and dynamic methods, while for securing WebAssembly apps we describe a hybrid approach, combining both.
While language-based technologies provide strong security guarantees, they are still to see a widespread adoption outside the academic community where they emerged.
In this direction, we outline six design principles to assist the developer in choosing the right security characterization and enforcement mechanism for their system.
We further investigate the relative expressiveness of two static enforcement mechanisms which pursue fine- and coarse-grained approaches for tracking the flow of sensitive information in a system. Finally, we provide the developer with an automatic method for reducing the manual burden associated with some of the language-based enforcements.
WebAssembly apps
automatic labeling
IoT apps
enforcement granularity
design principles
information-flow control
language-based security
HA4, Hörsalar HA, Hörsalsvägen 4 | Registration for attendance on site: https://doodle.com/poll/6keunikidsycdfps
Opponent: Limin Jia, Carnegie Mellon University, USA
Author
Iulia Bastys
Chalmers, Computer Science and Engineering (Chalmers), Information Security
Clockwork: Tracking Remote Timing Attacks
Proceedings - IEEE Computer Security Foundations Symposium,; Vol. 2020-June(2020)p. 350-365
Paper in proceeding
Tracking Information Flow via Delayed Output: Addressing Privacy in IoT and Emailing Apps
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 11252 LNCS(2018)p. 19-37
Paper in proceeding
Prudent Design Principles for Information Flow Control
Proceedings of the ACM Conference on Computer and Communications Security,; (2018)p. 17-23
Paper in proceeding
If This Then What? Controlling Flows in IoT Apps
Proceedings of the ACM Conference on Computer and Communications Security,; (2018)p. 1102-1119
Paper in proceeding
Automatic Annotation of Confidential Data in Java Code
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 13291(2022)p. 146-161
Paper in proceeding
Type systems for information flow control: the question of granularity
ACM SIGLOG News,; Vol. 4(2017)p. 6-21
Magazine article
Securing IoT and Low-Level Applications
Whenever she parks her car, Alice receives an email with a map where the car is parked, her thermostat turns on automatically based on her proximity to home, and every photo taken with her smartphone is automatically backed up on the cloud.
Through the use of IoT and Web(Assembly) applications, users entrust different services with large amounts of private data: location, photos, private feed from social networks, browser habits, or bank details. But how do we ensure Bob does not receive the map with Alice’s car location, the photos she backs up, or that he doesn’t alter her thermostat settings?
This thesis demonstrates possible scenarios in which Bob does get stealthily access to Alice’s car location or her photos, and it provides rigorous methods with mathematical guarantees for protecting against them. These methods analyze a program at the language level and ensure that inputs to the program containing private data are not output to undesired third parties. We further build similar methods for protecting private data flowing inside low-level applications written in WebAssembly, a recent language for web programming.
To encourage the development and large-scale adoption of these methods outside the academic community, we outline rules and guidelines to assist the developer when faced with novel scenarios, and we propose a technique for automatically inferring which data is private in a program.
Whenever she parks her car, Alice receives an email with a map where the car is parked, her thermostat turns on automatically based on her proximity to home, and every photo taken with her smartphone is automatically backed up on the cloud.
Through the use of IoT and Web(Assembly) applications, users entrust different services with large amounts of private data: location, photos, private feed from social networks, browser habits, or bank details. But how do we ensure Bob does not receive the map with Alice’s car location, the photos she backs up, or that he doesn’t alter her thermostat settings?
This thesis demonstrates possible scenarios in which Bob does get stealthily access to Alice’s car location or her photos, and it provides rigorous methods with mathematical guarantees for protecting against them. These methods analyze a program at the language level and ensure that inputs to the program containing private data are not output to undesired third parties. We further build similar methods for protecting private data flowing inside low-level applications written in WebAssembly, a recent language for web programming.
To encourage the development and large-scale adoption of these methods outside the academic community, we outline rules and guidelines to assist the developer when faced with novel scenarios, and we propose a technique for automatically inferring which data is private in a program.
Subject Categories
Computer and Information Science
ISBN
978-91-7905-613-1
Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 5079
Publisher
Chalmers
HA4, Hörsalar HA, Hörsalsvägen 4 | Registration for attendance on site: https://doodle.com/poll/6keunikidsycdfps
Opponent: Limin Jia, Carnegie Mellon University, USA