Grants and Contributions:

Back to search

Title:

Data security through trusted execution and comprehensive analysis framework

Agreement Number:

RGPIN

Agreement Value:

$115,000.00

Agreement Date:

May 10, 2017 -

Organization:

Natural Sciences and Engineering Research Council of Canada

Location:

Quebec, CA

Reference Number:

GC-2017-Q1-02231

Agreement Type:

Grant

Report Type:

Grants and Contributions

Additional Information:

Grant or Award spanning more than one fiscal year. (2017-2018 to 2022-2023)

Recipient's Legal Name:

Mannan, Mohammad (Concordia University)

Program:

Discovery Grants Program - Individual

Program Purpose:

In this proposal, I primarily target two complementary long-term objectives. (1) I will develop next generation data security mechanisms by leveraging existing and new hardware-based trusted computing features (e.g., trusted execution modes of modern CPUs, and security primitives implemented in chipsets, firmware, dedicated security chips) in three environments: laptops and client-end PCs, servers, and mobile devices. (2) I will develop new systematic and comprehensive security analysis frameworks for improved characterization of security failures due to implementation bugs and design flaws in real-world, complex software systems. I will also use trusted computing technologies to address security issues uncovered by such analysis frameworks.

Trusted computing technologies are largely under-utilized in current security solutions. Although such techniques are not new, and several academic proposals also exist, I believe real-world adoption is low due to many proposals being too narrow, i.e., solving only part of a complex problem, and processing secure user input and output is difficult. I will design more complete solutions, and present several target problems that have not been explored yet, specifically, problems that are too expensive or cumbersome to solve only through cryptographic/systems means. On the other hand, mechanisms for security analysis are in many cases adhoc, i.e., applicable to a certain piece of software or vulnerability. My goal is to develop frameworks that will be reusable (i.e., used for different software systems), and frameworks that can provide clear directions to improve security for system designers and product developers. I believe such frameworks and software tools (which I will open-source) will help researchers and developers to evaluate their intended systems more frequently, and more systematically.

The long-term vision of this proposal will be materialized through several short-term, concrete projects. I will explore security-critical applications (apps) in multiple platforms (desktops, servers, and mobile devices), including: protecting data against ransomware attacks; securely deleting data for device repurposing, and mitigating theft/coercion; securing in-memory confidential data against memory-extraction attacks; analyzing TLS implementations, and measuring real-world TLS interception; analyzing evasive malware, and consumer/enterprise applications. The target problems are broad, affecting many high-impact practical systems, and difficult to solve with current approaches. Overall, the use of trusted computing in the design of verifiable solutions, and being able to validate real-world systems through comprehensive security frameworks will increase trust for everyday/enterprise users, and encourage researchers to leverage trusted computing and rigorous analysis techniques from this proposal.