Visible to the public SwitchMan: An Easy-to-Use Approach to Secure User Input and Output

TitleSwitchMan: An Easy-to-Use Approach to Secure User Input and Output
Publication TypeConference Paper
Year of Publication2019
AuthorsZheng, Shengbao, Zhou, Zhenyu, Tang, Heyi, Yang, Xiaowei
Conference Name2019 IEEE Security and Privacy Workshops (SPW)
Date PublishedMay 2019
ISBN Number978-1-7281-3508-3
Keywordsapplication program interfaces, automatic account switching, BIOS Security, Computer architecture, computer security, human factors, I-O Systems, i-o systems security, information sharing, Input/Output Security, invasive software, Keyboards, Linux, MAC, Malware, Metrics, Operating systems, operating systems (computers), performance evaluation, personal computers, Protocols, pubcrawl, resilience, Resiliency, Scalability, secure protocol, secure user input, security, Servers, Switches, SwitchMan, usability, usability analysis, user I-O paths, user interfaces, user protected account, user regular account, user screen output, user-level APIs, user-level malware attacks

Modern operating systems for personal computers (including Linux, MAC, and Windows) provide user-level APIs for an application to access the I/O paths of another application. This design facilitates information sharing between applications, enabling applications such as screenshots. However, it also enables user-level malware to log a user's keystrokes or scrape a user's screen output. In this work, we explore a design called SwitchMan to protect a user's I/O paths against user-level malware attacks. SwitchMan assigns each user with two accounts: a regular one for normal operations and a protected one for inputting and outputting sensitive data. Each user account runs under a separate virtual terminal. Malware running under a user's regular account cannot access sensitive input/output under a user's protected account. At the heart of SwitchMan lies a secure protocol that enables automatic account switching when an application requires sensitive input/output from a user. Our performance evaluation shows that SwitchMan adds acceptable performance overhead. Our security and usability analysis suggests that SwitchMan achieves a better tradeoff between security and usability than existing solutions.

Citation Keyzheng_switchman_2019