TY - GEN
T1 - Smart and secure
T2 - 7th ACM SIGOPS Asia-Pacific Workshop on Systems, APSys 2016
AU - Lee, Seung Seob
AU - Shi, Hang
AU - Tan, Kun
AU - Liu, Yunxin
AU - Lee, Su Kyoung
AU - Cui, Yong
N1 - Publisher Copyright:
© 2016 ACM.
Copyright:
Copyright 2017 Elsevier B.V., All rights reserved.
PY - 2016/8/4
Y1 - 2016/8/4
N2 - Recently, wireless home routers increasingly become smart. While these smart routers provide rich functionalities to users, they also raise security concerns. Since a smart home router may process and store personal data for users, once compromised, these sensitive information will be exposed. Unfortunately, current operating systems on home routers are far from secure. As a consequence, users are facing a difficult tradeoff between functionality and privacy risks. This paper attacks this dilemma with a novel SEAL architecture for home routers. SEAL leverages the ARM TrustZone technology to divide a conventional router OS (i.e., Linux) in a non-secure/normal world. All sensitive user data are shielded from the normal world using encryption. Modules (called applets) that process the sensitive data are located in a secure world and confined in secure sandboxes provided by a tiny secure OS. We report the system design of SEAL and our preliminary implementation and evaluation results.
AB - Recently, wireless home routers increasingly become smart. While these smart routers provide rich functionalities to users, they also raise security concerns. Since a smart home router may process and store personal data for users, once compromised, these sensitive information will be exposed. Unfortunately, current operating systems on home routers are far from secure. As a consequence, users are facing a difficult tradeoff between functionality and privacy risks. This paper attacks this dilemma with a novel SEAL architecture for home routers. SEAL leverages the ARM TrustZone technology to divide a conventional router OS (i.e., Linux) in a non-secure/normal world. All sensitive user data are shielded from the normal world using encryption. Modules (called applets) that process the sensitive data are located in a secure world and confined in secure sandboxes provided by a tiny secure OS. We report the system design of SEAL and our preliminary implementation and evaluation results.
UR - http://www.scopus.com/inward/record.url?scp=84986630285&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84986630285&partnerID=8YFLogxK
U2 - 10.1145/2967360.2967380
DO - 10.1145/2967360.2967380
M3 - Conference contribution
AN - SCOPUS:84986630285
T3 - Proceedings of the 7th ACM SIGOPS Asia-Pacific Workshop on Systems, APSys 2016
BT - Proceedings of the 7th ACM SIGOPS Asia-Pacific Workshop on Systems, APSys 2016
PB - Association for Computing Machinery, Inc
Y2 - 4 August 2016 through 5 August 2016
ER -