Matching Items (2)
Description
Compartmentalizing access to content, be it websites accessed in a browser or documents and applications accessed outside the browser, is an established method for protecting information integrity [12, 19, 21, 60]. Compartmentalization solutions change the user experience, introduce performance overhead and provide varying degrees of security. Striking a balance between usability and security is not an easy task. If the usability aspects are neglected or sacrificed in favor of more security, the resulting solution would have a hard time being adopted by end-users. The usability is affected by factors including (1) the generality of the solution in supporting various applications, (2) the type of changes required, (3) the performance overhead introduced by the solution, and (4) how much the user experience is preserved. The security is affected by factors including (1) the attack surface of the compartmentalization mechanism, and (2) the security decisions offloaded to the user. This dissertation evaluates existing solutions based on the above factors and presents two novel compartmentalization solutions that are arguably more practical than their existing counterparts.
The first solution, called FlexICon, is an attractive alternative in the design space of compartmentalization solutions on the desktop. FlexICon allows for the creation of a large number of containers with small memory footprint and low disk overhead. This is achieved by using lightweight virtualization based on Linux namespaces. FlexICon uses two mechanisms to reduce user mistakes: 1) a trusted file dialog for selecting files for opening and launching it in the appropriate containers, and 2) a secure URL redirection mechanism that detects the user’s intent and opens the URL in the proper container. FlexICon also provides a language to specify the access constraints that should be enforced by various containers.
The second solution called Auto-FBI, deals with web-based attacks by creating multiple instances of the browser and providing mechanisms for switching between the browser instances. The prototype implementation for Firefox and Chrome uses system call interposition to control the browser’s network access. Auto-FBI can be ported to other platforms easily due to simple design and the ubiquity of system call interposition methods on all major desktop platforms.
The first solution, called FlexICon, is an attractive alternative in the design space of compartmentalization solutions on the desktop. FlexICon allows for the creation of a large number of containers with small memory footprint and low disk overhead. This is achieved by using lightweight virtualization based on Linux namespaces. FlexICon uses two mechanisms to reduce user mistakes: 1) a trusted file dialog for selecting files for opening and launching it in the appropriate containers, and 2) a secure URL redirection mechanism that detects the user’s intent and opens the URL in the proper container. FlexICon also provides a language to specify the access constraints that should be enforced by various containers.
The second solution called Auto-FBI, deals with web-based attacks by creating multiple instances of the browser and providing mechanisms for switching between the browser instances. The prototype implementation for Firefox and Chrome uses system call interposition to control the browser’s network access. Auto-FBI can be ported to other platforms easily due to simple design and the ubiquity of system call interposition methods on all major desktop platforms.
ContributorsZohrevandi, Mohsen (Author) / Bazzi, Rida A (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Doupe, Adam (Committee member) / Zhao, Ming (Committee member) / Arizona State University (Publisher)
Created2018
Description
Undergraduate Student Government Downtown (USGD) is the student advocacy organization on Arizona State University’s Downtown Phoenix campus. Its primary purpose is to appoint representatives, known as senators, to represent students in a specific ASU college and meet with university officials to discuss student needs. Senators compartmentalize their roles in various ways and do not always adhere to the expectations of their role outside of USGD meetings. This research study sought to examine how members of USGD compartmentalized their roles as student leaders. It also sought to examine the degree of separation senators placed between what they view to be their authentic selves versus the self-aspects they associate exclusively with USGD duties. The research determined compartmentalization of roles differed between levels of authority within USGD. Senators who had no other roles within the organization found it easy to remove themselves from the role after their USGD duties were completed for the day. Senior members of the organization, those who held higher positions of authority within the organization, found it less likely for them to separate their personalities from their roles. It also examined USGD’s continued use of highly structured meetings via the use of Robert’s Rules of Order. While they can provide structure in large group settings, when overused these rules cause the organization to suffer from a lack of information exchange and the ability to freely engage in debate. Robert’s Rules of Order act as a gatekeeper, making meeting language inaccessible to student constituents which leads to low amounts of constituent engagement.
ContributorsFishkind, Annaleez Gomez (Author) / Maday, Renee (Thesis director) / Gneiting, Gary (Committee member) / College of Integrative Sciences and Arts (Contributor) / Watts College of Public Service & Community Solut (Contributor) / Barrett, The Honors College (Contributor)
Created2019-12