Methodologies for Data Preservation in IoT Platform

Slides:



Advertisements
Similar presentations
By James Kasten.  Motivation and Proposed Solution  Common Reputation System Errors  Design Principles and Considerations  Specific Design Specifications.
Advertisements

Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University.
Pablo Garaizar Sagarminaga Jaime Devesa Esteban Dr. Igor Santos.
Presented By Abhishek Singh Computer Science Department Kent state University WILLIAM ENCK, MACHIGAR ONGTANG, AND PATRICK MCDANIEL.
William Enck, Peter Gilbert, Byung-Gon Chun, Landon P
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
CS 495 Application Development for Smart Devices Mobile Crowdsensing Current State and Future Challenges Mobile Crowdsensing. Overview of Crowdsensing.
OneDrive for Business Introduction First Time Use First Time Use Access from Computer Access from Computer Access from Internet Access from Internet Access.
S EMINAR A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE FRAMEWORK ONON P RESENTED BY S HANKAR G ADHVE G UIDED BY P ROF.P RAFUL P ARDHI.
Advanced Computer Networks Fall 2010 Instructor: Haining Wang.
Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.
Community Manager A Dynamic Collaboration Solution on Heterogeneous Environment Hyeonsook Kim  2006 CUS. All rights reserved.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Unsafe Exposure Analysis of Mobile In-App Advertisements Offense: Rachel Stonehirsch.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.
L.C.Smith College of Engineering and Computer Science Efficient, Context-Aware Privacy Leakage Confinement for Android Applications without Firmware Modding.
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)
PrivacyShield: Real-time Monitoring and Detection of Android Privacy Leakage Review and Discussion Yan Chen Lab of Internet and Security Technology Northwestern.
Detecting and Preventing Privilege- Escalation on Android Jiaojiao Fu 1.
Lecture 4 Page 1 CS 236 Online Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.
Auditing Cloud Administrators Using Information Flow Tracking Afshar David ACM Scalable Trusted Computing.
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
A Presentation Of TaintDroid & Related Topics
University of Central Florida TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Written by Enck, Gilbert,
Android Security Extensions. Android Security Model Main objective is simplicity Users should not be bothered Does the user care? Most do not care…until.
Advanced Computer and Network Security Fall 2014 Instructor: Haining Wang.
Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.
Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.
5 th ITU Green Standards Week Nassau, The Bahamas December 2015 Taming The IoT Security & Privacy Beast Craig Spiezle, Executive Director, Online.
Mobilizing Your SAS® Business Analytic Reports Falko Schulz Sr. Systems Engineer SAS Australia & New Zealand.
TEMPLATE DESIGN © Automatic Classification of Parameters and Cookies Ali Reza Farid Amin 1, Gregor v. Bochmann 1, Guy-Vincent.
WELCOME Mobile Applications Testing
Remarks by Dr Mawaki Chango Kara University DigiLexis Consulting
Distributed Control and Measurement via the Internet
Android App Permission Manager
Professor Tzong-Chen Wu
An Adaptable e-Service Communication Model for Rural Agricultural Extension (e-AgriSERVICOMM) Olutayo Ajayi , Babarinde Oluwaseyi.
University of Maryland College Park
Understanding Android Security
Android Access Control
An Adaptable e-Service Communication Model for Rural Agricultural Extension (e-AgriSERVICOM) Olutayo Ajayi , Babarinde Oluwaseyi.
Android System Security
TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha.
World-Leading Research with Real-World Impact!
Trends in my profession, Information Technology
Algorithms for Big Data Delivery over the Internet of Things
The mobile market today has nearly 4 billion subscribers, three-fourths of whom live in developing countries. Over a billion new phones are produced each.
Test Automation for IoT solutions A Paradigm shift
SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities Yuchen Zhou, and David Evans 23rd USENIX Security Symposium, August,
SENIOR MANAGER - SOFTWARE TESTING PRACTICE
SECURITY IN DISTRIBUTED FILE SYSTEMS
The Internet of Things (IoT)
MADP Market
Android Mobile apps development services company in India
Advanced IoT Mobile App Development Company
Model-Driven Analysis Frameworks for Embedded Systems
PLUG-N-HARVEST ID: H2020-EU
CompTIA Security+ Study Guide (SY0-401)
Cloud Security 李芮,蒋希坤,崔男 2018年4月.
Multi-party Authentication in Web Services
Securing Home IoT Environments with Attribute-Based Access Control
Enterprise Productivity – HCL Proposition
Understanding Android Security
#01# ASP.NET Core Overview Design by: TEDU Trainer: Bach Ngoc Toan
Children and Networks Suha Hajyahia Tareza Haddad.
Trust-based Privacy Preservation for Peer-to-peer Data Sharing
Android Access Control
Affordable ways of getting good features in a website.
Presentation transcript:

Methodologies for Data Preservation in IoT Platform CSc 8320 Advanced Operating Systems Instructor: Prof. Yanqing Zhang Presented by Xu Zheng

IoT - Internet of Things Integrate numerous applications. Involve dimensions of different contents. Support multiple service providers in a single platform. Extensible.

IoT - Supported by: Solutions from leading IT companies. Low-cost devices for data acquisition. How do third-party servers request the data: Passively subscribing; Actively polling.

Privacy Issues Unique challenges for IoT : Diverse data sources, multiple service providers.

Existing methods Access Control Label-based Information Flow Control Taint Tracking Static Analysis Computation on Opacified Data

Access Control

Access Control Drawbacks: only a “gate keeper”, no preservation once authorized.

Label-based Information Flow Control

Label-based Information Flow Control Drawbacks: Over-preservation from the source, Label derivation, Side channel.

Taint Tracking: flow control

Taint Tracking: Flow control Drawbacks: Knowledge from apps, Inability to effectively handle implicit flows, Performance reduction

Static Analysis: Flow analysis

Static Analysis: Flow analysis Drawbacks: Also knowledge from apps, Inability to effectively handle implicit flows.

Computation on Opacified Data

Computation on Opacified Data Drawbacks: Domain specific, only useful for specific kinds of data.

Future Work: Function-based access; Function validation; Correlated utility and privacy; Collusion among Apps.

Reference [1] Kassem Fawaz H F, Shin K G. Anatomization and Protection of Mobile Apps’ Location Privacy Threats[C]//Proceedings of the 24th USENIX Conference on Security Symposium, SEC. 15. [2] Jana S, Narayanan A, Shmatikov V. A Scanner Darkly: Protecting user privacy from perceptual applications[C]//Security and Privacy (SP), 2013 IEEE Symposium on. IEEE, 2013: 349-363. [3] ROESNER, F., KOHNO, T., MOSHCHUK, A., PARNO, B., WANG, H. J., AND COWAN, C. User-driven access control: Re- thinking permission granting in modern operating systems. In IEEE S&P (2012). [4] STEFAN,D.,YANG,E.Z.,MARCHENKO,P.,RUSSO,A.,HER- MAN, D., KARP, B., AND MAZIE`RES, D. Protecting users by con ning javascript with cowl. In OSDI (2014). [5] ENCK, W., GILBERT, P., CHUN, B.-G., COX, L. P., JUNG, J., MCDANIEL, P., AND SHETH, A. N. Taintdroid: an information- ow tracking system for realtime privacy monitoring on smart- phones. In OSDI (2010). [6] WEI, F., ROY, S., OU, X., AND ROBBY. Amandroid: A pre- cise and general inter-component data ow analysis framework for security vetting of android apps. In ACM SIGSAC Conference on Computer and Communications Security (CCS) (2014).