“Tabellion will significantly reduce the time it takes to sign contracts and reduce disputes over the authenticity of signed contracts,” Agarwal said. “We expect our work to make it faster and easier for various businesses.” “This is an exciting time for the use of technology in legal contract management,” Agarwal said, pointing to several emerging products in the market (such as Lexion.ai, DocuVision.ai and Icertis.com) that improve the storage, indexing, analytics and access to legal contracts. “One critical area, but one that remains underserved, is the correct conclusion of legal contracts,” he said, noting that Tabellion fills this gap. The team`s first step was to identify the requirements to prove the legality of a contract. These requirements include proof of signature (identity of signatories), mutual consent (offer and acceptance) and reading (that the parties have had a legitimate opportunity to read the terms of the contract before signing). “Our legal colleagues helped us understand the requirements of legal formation of a contract,” said Professor Amiri Sani. “This then helped us develop various system and security solutions to clearly demonstrate these requirements in our contract platform.” “The importance of signing has always been at the heart of contract law,” said Professor Kim. “Online contracts and electronic signatures offer more convenience, but can be easier to forge. The team also worked closely with UCI`s invention transfer group Beall Applied Innovation to file a provisional patent application for their invention. In the future, they hope to work with various organizations to use Tabellion in contracts.
Tabellion then uses Intel`s SGX enclaves in Azure Confidential Compute VMs to securely link the proofs of each contract. “The main innovation and strength of our platform compared to existing platforms like DocuSign is that we use biometrics to improve security and authentication,” Kim said. “Working with ICS and Microsoft has allowed us to develop new solutions to persistent and pervasive contract law problems. We demonstrate three end-to-end systems that use the safety monitor to design various security services: (i) reliable sensor notifications via low-level controls in the safety monitor (Viola), (ii) reliable verification of sensor activity by recording sensor activity in the safety monitor (Ditio), and (iii) secure electronic contracting training by designing secure primitives in the security monitor (Tabellion). To solve this problem, the team worked together to design and build Tabellion, a system for securely signing legal contracts electronically on mobile devices such as smartphones and tablets. The usual solution to this problem is to fix the kernel as soon as a new bug or vulnerability is detected in the kernel. However, this does not protect the system from zero-day vulnerabilities. In this thesis, we present the Security Monitor, a small, reliable and extensible software that provides various security services, with a small TCB. Security Monitor security services enforce certain privacy and security guarantees for the system, such as certain privacy guarantees for the use of I/O devices. With Security Monitor, a compromised operating system cannot compromise these warranties.
The security monitor is based on ARM TrustZone [24, 5, 26, 176] and virtualization hardware [70, 72] available in modern mobile and IoT devices. The hypervisor layer, supported by virtualization hardware, allows the security monitor to effectively control access to specific parts of physical memory, such as the registers of selected sensors, without making any changes to the operating system. TrustZone, which is already used by many vendor security applications, provides an add-on use for Security Monitor. It seals data to ensure integrity, authenticity and confidentiality. The team conducted a comprehensive evaluation of Tabellion, including performance testing, security analysis and a study of 30 users within the UCI. The results show that Tabellion is secure, achieves acceptable performance (in terms of operating latency) and offers a comparable user experience (and even slightly better than DocuSign). The researchers outline their findings in their paper, “Tabellion: Secure Legal Contracts on Mobile Devices,” recently published in ACM MobiSys 2020, the best conference for mobile systems, applications, and services. Microsoft also published a blog about the results. “Common practices today include sending signatures on legal documents via email or through DocuSign, or sending signatures only on the signature side by mail, or using a physical or video notary,” Agarwal said.
“You have to decide if you don`t have robust signature matching and mutual consent, or if you have the inconvenience and cost of notarization. We need a better solution. “Existing e-contract and signature platforms are not sufficiently secure and vulnerable to various forms of attacks by malicious parties, including fake rejection and identity theft,” said Professor Amiri Sani. “This vulnerability is rooted in the fact that they cannot provide evidence that is difficult to fabricate and difficult to refute that a contract was lawfully entered into within the meaning of contract law.” Android`s underlying Linux kernel is quickly becoming an attractive target for attackers. In 2014, the number of bugs reported in the kernel accounted for 4% of the total bugs detected in Android. This number increased significantly in 2015 and 2016, reaching 9% and 44%, respectively. These are not surprising, since the kernel consists of millions of lines of code that inflate the reliable computing base (TCB) and increase the attack surface. For example, several bugs have recently been found in the Bluetooth [36] and WiFi [37, 172] subsystems of mobile devices.
These vulnerabilities can be exploited by malicious parties on the network to carry out remote attacks. An attacker uses these kernel bugs to gain kernel privileges and gain complete control over the mobile device. Tabellion uses new trusted IT solutions on mobile devices and cloud servers to gather meaningful evidence for the legal execution of a contract. In particular, Professor Amiri Sani explained that virtualization and TrustZone hardware in ARM processors enable the system: According to a recent Bloomberg Law article, “the wet signature requirement that a document must be signed in person and in ink could mean its demise as social distancing practices take hold around the world to stop the spread of the coronavirus.” The article notes how COVID-19 “has accelerated the already growing use and adoption of electronic signatures to such an extent that wet signatures could soon become relics for lawyers.” This is where an ongoing collaboration between UCI and Microsoft Research comes in. Professor Amiri Sani and his students (PhD student Saeed Mirzamohammadi and PhD student Myles Liu) from the UCI Department of Computer Science worked with Sharad Agarwal, Senior Researcher at Microsoft Research, as well as Assistant Professor of Law Sung Eun (Summer) Kim and PhD candidate Ann Huang from the UCI Faculty of Law (UCI Law). To protect your privacy, all features based on your browser`s external API calls are disabled by default. You need to log in for them to take action. All settings here are stored as cookies on your web browser. You will find more information in our F.A.Q. However, the growing use of electronic signatures carries risks, according to Ardalan Amiri Sani, assistant professor of computer science at the University of California, Irvine (UCI). all metadata published as open data under license CC0 1.0 The DBLP computer bibliography is funded and supported by: Load crossref.org and opencitations.net references Add open access links from to the list of external document links (if available).
One problem with Security Monitor is performance. It is generally accepted that running the primary operating system on a hypervisor requires significant performance overhead [93]. Through extensive experimentation and a redesign of the hypervisor, we provide evidence against this argument. We show that the overload of a basic hypervisor is mainly due to its frequent interventions in the activities of the operating system, a design that is only necessary in a multi-tenant virtualization configuration. The hypervisor can be redesigned to minimize these interpositions and thus minimize its performance overhead on the main operating system. We show that the performance of the operating system is very close to the native runtime. Add a list of references from and to save detail pages. Download additional information about publications. Last updated on 24.06.2022 01:14 CEST by dblp team Data Protection Notice: If you enable the above option, your browser will contact the unpaywall.org API to upload hyperlinks to open access articles.
While we have no reason to believe that your call is being tracked, we have no control over how the remote server uses your information. Therefore, please proceed with caution and read Unpaywall`s privacy policy. Privacy notice: If you enable the above option, your browser will contact twitter.com and twimg.com load selected tweets from our Twitter account. At the same time, Twitter constantly stores several cookies with your web browser. Although we have signaled to Twitter not to track our users by setting the “dnt” flag, we have no control over how Twitter uses your data.