Modern protection abstractions for modern OSes
Data storage abstractions in OSes have evolved enormously. While traditional OSes used to provide fairly low-level abstractions — files and directories — modern OSes, including Android, iOS, OSX, and recent Windows, embed much higher-level abstractions, such as relational databases or object-relational models. Despite the change in abstraction, many crucial protection systems, such as encryption or deniable systems, still operate at the old file level, which often renders them ineffective. We are investigating new data protection abstractions that are more suitable for modern operating systems, including a new logical data object abstraction, which corresponds directly to user-level objects, such as emails, documents, or pictures. Thus far, we've investigated two end-of-spectrum approaches for implementing logical data objects: (1) expose a new APIs to app programmers (CleanOS system, described in an OSDI 2012 paper) and (2) recognize objects automatically by leveraging structural information from modern storage abstractions (Pebbles system, described in an OSDI 2014 paper).
Source Code
- Our fine-grained version of the TaintDroid mobile taint tracking system is available open-source on Github.
- Pebbles source code is available upon request.
- CleanOS source code is available upon request.