CREATING TRUSTED SYSTEMS IN UNTRUSTED ENVIRONMENTS

Abstract

This dissertation illustrates how to improve the security and privacy of user data in modern Internet services. Three specific domains are examined: client-side IoT deployments, server-side application stacks, and middlebox acceleration proxies for HTTPS traffic. The dissertation highlights each domain's unique challenges, and proposes three distinct platforms for safeguarding user data: Deadbolt, Riverbed, and Oblique. Deadbolt makes IoT deployments more secure, quarantining IoT devices unless those devices are running up-to-date software or are protected by security middleware that interposes on the devices' network traffic. Riverbed leverages information flow control and a simple policy language to enforce user-defined privacy policies in legacy applications. Oblique uses symbolic execution to allow third-party analysis of HTTPS web content without revealing concrete values associated with sensitive user data like cookies.