PDL Abstract

STOVE: Strict, Observable, Verifiable Data and Execution Models for Untrusted Applications

IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), 2014 (Doctoral Symposium), pp.644,649, 15-18 Dec. 2014.

Jiaqi Tan, Rajeev Gandhi, Priya Narasimhan

Carnegie Mellon University


The massive growth in mobile devices is likely to give rise to the leasing out of compute and data resources on mobile devices to third-parties to enable applications to be run across multiple mobile devices. However, users who lease their mobile devices out need to run applications from unknown thirdparties, and these untrusted applications may harm their devices or access unauthorized personal data. We propose STOVE, a data and execution model for structuring untrusted applications to be secure by construction, to achieve strict and verifiable execution isolation, and observable access control for data. STOVE uses formal logic to verify that untrusted code meets isolation properties which imply that hosts running the code cannot be harmed, and that untrusted code cannot directly access host data. STOVE performs all data accesses on behalf of untrusted code, allowing all access control decisions to be reliably performed in one place. Thus, users can run untrusted applications structured using the STOVE model on their systems, with strong guarantees, based on formal proofs, that these applications will not harm their system nor access unauthorized data.