UC Irvine

Mobile devices, such as smartphones and tablets, have a critical role in our everyday life. We use our mobile devices for various personal and professional tasks. Unfortunately, numerous bugs and vulnerabilities have been found in them. As a result, there are important concerns regarding the security and privacy of these devices. Compared to conventional personal computers, mobile devices have unique features such as a different processor family (e.g. ARM), different operating systems (e.g. Android), and a diverse set of I/O devices. These features raise unique challenges in securing them.

We pursued a comprehensive approach in three directions towards addressing the challenges of building secure mobile devices. In the first direction, we proposed Charm, a system solution to improve software analysis and bug/vulnerability discovery in mobile devices. In the second direction, we provided mitigations for existing bugs/vulnerabilities via implementing two security extensions, bowknots, which provide undo workaround for kernel bugs, and MegaMind, which provides an extensibility platform for security and privacy of voice assistants. Finally, we introduced a split-trust machine model, which uses physical isolation to prevent bugs from making security-critical applications vulnerable.