Breaking boundaries: analysis of the interfaces between applications, systems and enclaves

Aldoseri, Abdulla ORCID: 0000-0002-4959-6832 (2023). Breaking boundaries: analysis of the interfaces between applications, systems and enclaves. University of Birmingham. Ph.D.

Preview

Aldoseri2023PhD_Redacted.pdf
Text - Redacted Version
Available under License All rights reserved.
Download (4MB) | Preview

Abstract

Application interfaces allow apps to communicate with each other or use resources. Several platforms, namely: browser, mobile and computer, offer various instances of these interfaces at different architecture levels. The interfaces range from simply sending and receiving data to accessing hardware resources. Due to the increase in introducing services across several platforms, there has been limited research on the impact of interference between services and interfaces. Additionally, platforms provide permissions and policies that serve as an authorisation layer to counter the rising security issues of these interfaces. In this thesis, we aim to tackle this issue and contribute to this research area by analysing a subset of these interfaces, addressing their common weaknesses in their respective platform, and assessing their attack surface. In the first part of the thesis, we study and evaluate interfaces for the browser platform: local schemes in mobile browsers and hardware application programming interfaces (APIs) in desktop browsers. Our study demonstrates several security issues within these interfaces, ranging from spoofing to privilege escalation. As a result, introducing components like new input methods, output methods, internal processes, and different contexts is crucial in affecting interface security. In the second part, we move to the mobile platform. We analyse the security of the mobile app interfaces. We consider new services like background restriction policy and multi-user profile features that interfere with mobile interfaces. Our study demonstrates threats that bypass the proposed security models of these services. We find that evaluating new services and understanding their correlation with existing interfaces is essential to introduce them to a platform. Finally, in the third part of the thesis, we focus on analysing the trusted execution environment (TEE) platform. Previous studies show substantial efforts to ensure secure, trusted shielding runtime. However, its attack surface is not generally understood. Therefore, we evaluate the security of enclave interfaces and their TEE applications, namely remote attestation. We present a side-channel attack in the intel SGX enclave that leaks confidential data and demonstrate weaknesses in the design of hardware-based remote attestation protocols: Samsung Knox V2 and Key attestation. We conclude that the area of interface security is vast. Platforms regularly introduce components like input methods, output methods, internal services and different contexts. Introducing these components to the platforms increases its attack surface. Furthermore, these components shape a complex factor in evaluating these interfaces. Platform developers should be aware of such an issue, and new methods need to be proposed to assess the attack surfaces of these interfaces.

Type of Work:

Thesis (Doctorates > Ph.D.)

Award Type:

Doctorates > Ph.D.

Supervisor(s):