Sensitive data from input devices such as touchscreens and microphones is vulnerable to attackers with OS-level privileges. While prior work has primarily focused on protecting data after it reaches applications, the problem of securing the data path from the device to the application remains underexplored. Existing solutions either use encryption, which incurs significant performance overhead and complexity in key management, or bypass the OS entirely, which reduces compatibility and requires substantial changes to the application. We present SafePath, a system that secures input data paths without encryption or OS bypass. SafePath leverages ARM memory virtualization to implement a minimal memory hypervisor that intercepts device input data at its entry point into the system, stores it securely, and transmits only lightweight data indices to applications. This design isolates sensitive data from the OS while preserving the native input path structure and requiring minimal modifications to applications. We prototype SafePath on ARM hardware and support six different input devices. Evaluation shows that SafePath blocks OS-level access to input data while preserving system performance. For example, under high system load, it reduces audio frame loss by over 45% compared to encryption-based approaches and maintains over 98% of native throughput across all tested devices. These results demonstrate that SafePath offers strong protection with low overhead and practical deployability.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

SafePath: Encryption-Less On-Demand Input Path Protection for Mobile Devices

  • Xin Zhang,
  • Yifan Zhang

摘要

Sensitive data from input devices such as touchscreens and microphones is vulnerable to attackers with OS-level privileges. While prior work has primarily focused on protecting data after it reaches applications, the problem of securing the data path from the device to the application remains underexplored. Existing solutions either use encryption, which incurs significant performance overhead and complexity in key management, or bypass the OS entirely, which reduces compatibility and requires substantial changes to the application. We present SafePath, a system that secures input data paths without encryption or OS bypass. SafePath leverages ARM memory virtualization to implement a minimal memory hypervisor that intercepts device input data at its entry point into the system, stores it securely, and transmits only lightweight data indices to applications. This design isolates sensitive data from the OS while preserving the native input path structure and requiring minimal modifications to applications. We prototype SafePath on ARM hardware and support six different input devices. Evaluation shows that SafePath blocks OS-level access to input data while preserving system performance. For example, under high system load, it reduces audio frame loss by over 45% compared to encryption-based approaches and maintains over 98% of native throughput across all tested devices. These results demonstrate that SafePath offers strong protection with low overhead and practical deployability.