How to Compose Security Protection for Third-Party Applications: RESEARCH AREA 5.Computer Sciences, 5.3/5.3.2

Abstract

The project will explore the research topic of secure composition and establish theoretic and technical foundations to facilitate secure compositions on mobile systems. The proposed projects has three main tasks: l)To understanding of the gap in security composition of mobile system. PI will investigate the security gap by thoroughly analyzing over 1.2 million apps to understand the disconnection of security measures between the mobile platform OS and the various software running on it. 2)To create and validate an extensible, mobile-specific security model that enables composable security on mobile systems PI plans to develop a new security model to support the necessary coordination among the three stake-holders on mobile systems, including QS developers, application developers, and end users. The new security model will capture the dynamic, decentralized nature of the mobile system. The new model will also support different types of isolation to protect system resources. This new model will be enforced through enhancing the existing SEAndroid framework, providing supports for both mandatory and discretionary security protection. 3)To validate the security model for mobile application development PI will create a policy language to enable the developer to specify the security goal and check the feasibility of achieving the security goal. Security validation will be performed on various mobile platforms.

Document Details

Document Type

DoD Grant Award

Publication Date

Jan 12, 2017

Source ID

W911NF1610127

Entities

Tags