Using Inputs and Context to Verify User Intentions in Internet Services

An open security problem is how a server can tell whether a request submitted by a client is legitimately intended by the user or fakes by malware that has infected the user's system. This paper proposes Attested Intentions (AINT), to ensure user intention is properly translated to service requests. AINT uses a trusted hypervisor to record user inputs and context, and uses an Intel SGX enclave to continuously verify that the context, where user interaction occurs, has not been tampered with. After verification, AINT also uses SGX enclave for execution protection to generate the service request using the inputs collected by the hypervisor. To address privacy concerns over the recording of user inputs and context, AINT performs all verification on the client device, so that recorded data is never transmitted to a remote party.

[1]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[2]  Somesh Jha,et al.  The design and implementation of microdrivers , 2008, ASPLOS.

[3]  Radu Sion,et al.  SoK: Introspections on Trust and the Semantic Gap , 2014, 2014 IEEE Symposium on Security and Privacy.

[4]  Randy H. Katz,et al.  BINDER: An Extrusion-Based Break-In Detector for Personal Computers , 2005, USENIX Annual Technical Conference, General Track.

[5]  Min Wu,et al.  Robust and secure image hashing , 2006, IEEE Transactions on Information Forensics and Security.

[6]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[7]  Junfeng Yang,et al.  An empirical study of operating systems errors , 2001, SOSP.

[8]  Yanick Fratantonio,et al.  ClickShield: Are You Hiding Something? Towards Eradicating Clickjacking on Android , 2018, CCS.

[9]  Wenke Lee,et al.  Gyrus: A Framework for User-Intent Monitoring of Text-based Networked Applications , 2014, NDSS.

[10]  Helen J. Wang,et al.  Clickjacking: Attacks and Defenses , 2012, USENIX Security Symposium.

[11]  Ananthram Swami,et al.  Practical Black-Box Attacks against Machine Learning , 2016, AsiaCCS.

[12]  David Lie,et al.  Glimmers: Resolving the Privacy/Trust Quagmire , 2017, HotOS.

[13]  Yanick Fratantonio,et al.  Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[14]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[15]  Yubin Xia,et al.  VButton: Practical Attestation of User-driven Operations in Mobile Apps , 2018, MobiSys.

[16]  Subhas C. Misra,et al.  Relationships Between Selected Software Measures and Latent Bug-Density: Guidelines for Improving Quality , 2003, ICCSA.

[17]  Yuewu Wang,et al.  TrustICE: Hardware-Assisted Isolated Computing Environments on Mobile Devices , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[18]  Miao Yu,et al.  Dancing with Giants: Wimpy Kernels for On-Demand Isolated I/O , 2014, 2014 IEEE Symposium on Security and Privacy.

[19]  Dan Boneh,et al.  Fidelius: Protecting User Secrets from Compromised Browsers , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[20]  John C. Mitchell,et al.  How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation , 2010, 2010 IEEE Symposium on Security and Privacy.

[21]  Hari Balakrishnan,et al.  Not-a-Bot: Improving Service Availability in the Face of Botnet Attacks , 2009, NSDI.

[22]  Shigeru Chiba,et al.  BitVisor: a thin hypervisor for enforcing i/o device security , 2009, VEE '09.

[23]  James Newsome,et al.  Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework , 2013, 2013 IEEE Symposium on Security and Privacy.

[24]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[25]  Brian D. Noble,et al.  When Virtual Is Better Than Real , 2001 .

[26]  Brian D. Noble,et al.  When virtual is better than real [operating system relocation to virtual machines] , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[27]  David Lie,et al.  Hypervisor Support for Identifying Covertly Executing Binaries , 2008, USENIX Security Symposium.

[28]  Martín Abadi Trusted Computing, Trusted Third Parties, and Verified Communications , 2004, SEC.

[29]  Ramarathnam Venkatesan,et al.  Robust image hashing , 2000, Proceedings 2000 International Conference on Image Processing (Cat. No.00CH37101).

[30]  Brian N. Bershad,et al.  Improving the reliability of commodity operating systems , 2005, TOCS.