We found a match
Your institution may have rights to this item. Sign in to continue.
- Title
PROTECTING SENSOR DATA FROM MALWARE ATTACKS.
- Authors
Edwards, Jonathan; Grewal, Ken; LeMay, Michael; Robinson, Scott H.; Sahita, Ravi; Woodward, Carl
- Abstract
A connected, intelligent world is being forged where data from sensors is used to make decisions, take actions, and deliver compelling user experiences. The effects are seen across industry, enterprises, and consumers: keyboards, microphones, and video cameras are firmly entrenched in many applications. Natural human-computer interfaces (such as speech and gesture), authentication, and context-aware computing (such as digital personal assistants) are emerging usages that involve always-on, always-sensing platforms that observe both users and their environments. Sensors include touch, fingerprint, location, audio, imaging, and accelerometers, which are either directly connected to devices or available over wireless interfaces, such as Bluetooth.* These sensor-driven usages and underlying sensor capabilities attract attacks that threaten the connected world's privacy and security. Keyloggers capture financial data and passwords, other malware activates microphones and cameras to spy on unwitting users, and cloud services may leak uploaded private data due to vulnerabilities or use and distribute it in undesirable ways. Unmitigated, these threats negatively affect the reliability and trustworthiness of new services and devices relying on the sensor data. Some environments even require a baseline level of trustworthiness that may be unattainable without added protections, such as laptops or phones with integrated cameras used in secure or restricted areas. To help mitigate these threats, we describe an architecture using Intel® Virtualization Technology (Intel® VT-x, Intel® VT-d) to provide access controls for sensor data and software that operates within different operating systems. New instructions extending Intel® VT (VMFUNC and #VE) provide introspection capabilities beyond the classical virtualization models. In this article, we describe how we can use these Intel® 64 and IA-32 architecture primitives to protect sensor data flow as the data enters host memory and as it traverses through a partially trusted OS stack to various authorized local or cloud applications. The architecture can attach platform integrity information to the sensor data, while minimizing the trusted computing base (TCB) for software components involved in the data touch points. These capabilities can be extended from the platform to the cloud infrastructure to provide end-toend access control for sensor data, providing the automatic security controls over the data, hence preserving the user experience for application interactions.
- Subjects
DATA management; MALWARE prevention; COMPUTER crime prevention; COMPUTER security software; COMPUTER security management
- Publication
Intel Technology Journal, 2014, Vol 18, Issue 4, p178
- ISSN
1535-864X
- Publication type
Article