SwitchMan: An Easy-to-Use Approach to Secure User Input and Output
| Title | SwitchMan: An Easy-to-Use Approach to Secure User Input and Output |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Zheng, Shengbao, Zhou, Zhenyu, Tang, Heyi, Yang, Xiaowei |
| Conference Name | 2019 IEEE Security and Privacy Workshops (SPW) |
| Date Published | May 2019 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-3508-3 |
| Keywords | application program interfaces, automatic account switching, BIOS Security, Computer architecture, computer security, human factors, I-O Systems, i-o systems security, information sharing, Input/Output Security, invasive software, Keyboards, Linux, MAC, Malware, Metrics, Operating systems, operating systems (computers), performance evaluation, personal computers, Protocols, pubcrawl, resilience, Resiliency, Scalability, secure protocol, secure user input, security, Servers, Switches, SwitchMan, usability, usability analysis, user I-O paths, user interfaces, user protected account, user regular account, user screen output, user-level APIs, user-level malware attacks |
| Abstract | Modern operating systems for personal computers (including Linux, MAC, and Windows) provide user-level APIs for an application to access the I/O paths of another application. This design facilitates information sharing between applications, enabling applications such as screenshots. However, it also enables user-level malware to log a user's keystrokes or scrape a user's screen output. In this work, we explore a design called SwitchMan to protect a user's I/O paths against user-level malware attacks. SwitchMan assigns each user with two accounts: a regular one for normal operations and a protected one for inputting and outputting sensitive data. Each user account runs under a separate virtual terminal. Malware running under a user's regular account cannot access sensitive input/output under a user's protected account. At the heart of SwitchMan lies a secure protocol that enables automatic account switching when an application requires sensitive input/output from a user. Our performance evaluation shows that SwitchMan adds acceptable performance overhead. Our security and usability analysis suggests that SwitchMan achieves a better tradeoff between security and usability than existing solutions. |
| URL | https://ieeexplore.ieee.org/document/8844635 |
| DOI | 10.1109/SPW.2019.00029 |
| Citation Key | zheng_switchman_2019 |
- SwitchMan
- pubcrawl
- resilience
- Resiliency
- Scalability
- secure protocol
- secure user input
- security
- Servers
- Switches
- Protocols
- usability
- usability analysis
- user I-O paths
- user interfaces
- user protected account
- user regular account
- user screen output
- user-level APIs
- user-level malware attacks
- invasive software
- automatic account switching
- BIOS Security
- computer architecture
- computer security
- Human Factors
- I-O Systems
- i-o systems security
- information sharing
- Input/Output Security
- application program interfaces
- Keyboards
- Linux
- mac
- malware
- Metrics
- operating systems
- operating systems (computers)
- performance evaluation
- personal computers