Protecting Systems from Within: Application-Level Observation and Control Mechanisms.

摘要

Popular software systems are used in a wide variety of settings and each user or organization that depends on a system may have requirements or needs beyond what the system is designed to provide. Many of these systems do not provide the insight into or control over the system needed to satisfy these additional requirements. In this work we show that we can address many of these challenges by augmenting existing systems with new application-level mechanisms. This approach has a number of advantages, including the flexibility to leave policy decisions up to the user, the power to enforce complex policies that depend on the data, context, and setting of the system, and the practicality to be used with existing, real-world systems. This dissertation demonstrates this philosophy applied to three different settings.;First, we empower users of Android devices to add, remove, and enforce behavior in the third-party apps they install. We present RetroSkeleton, our Android app bytecode analysis and rewriting framework, and show how it can be used to build observation and control mechanisms into Android apps. Our bytecode analysis engine enables app-agnostic policies to be applied to any app without any manual or app-specific guidance. We develop policies, including enforcement of fine-grained network access control, HTTPS-Everywhere functionality for app network activity, automatic app localization, and patching apps to protect users from vulnerabilities in the Android platform, and apply these policies to the top Android apps.;Second, we enable web service administers to track the flow of information through their web applications and back-end databases. Our system, DBTaint, propagates fine-grained information flow tracking metadata across application boundaries and through database operations in web services automatically. Our system operates transparently to web applications and requires no changes to the database engine. We apply our system to two existing web services and demonstrate it is effective, efficient, and practical for real-world settings.;Third, we develop a system that gives mobile device users the ability to establish and present "alibis" (evidence of their past locations) while retaining control over the disclosure of their location history. We present two cryptographic schemes to facilitate the automatic, opportunistic creation of these alibis. In our designs, the identity associated with an alibi can only be revealed by the owner of that alibi, giving the user complete control over their privacy. Our schemes require no trusted third party for our privacy guarantees and we show that our schemes run efficiently on mobile devices in terms of both storage and computation requirements.