Methodologies for Data Preservation in IoT Platform CSc 8320 Advanced Operating Systems Instructor: Prof. Yanqing Zhang Presented by Xu Zheng
IoT - Internet of Things Integrate numerous applications. Involve dimensions of different contents. Support multiple service providers in a single platform. Extensible.
IoT - Supported by: Solutions from leading IT companies. Low-cost devices for data acquisition. How do third-party servers request the data: Passively subscribing; Actively polling.
Privacy Issues Unique challenges for IoT : Diverse data sources, multiple service providers.
Existing methods Access Control Label-based Information Flow Control Taint Tracking Static Analysis Computation on Opacified Data
Access Control
Access Control Drawbacks: only a “gate keeper”, no preservation once authorized.
Label-based Information Flow Control
Label-based Information Flow Control Drawbacks: Over-preservation from the source, Label derivation, Side channel.
Taint Tracking: flow control
Taint Tracking: Flow control Drawbacks: Knowledge from apps, Inability to effectively handle implicit flows, Performance reduction
Static Analysis: Flow analysis
Static Analysis: Flow analysis Drawbacks: Also knowledge from apps, Inability to effectively handle implicit flows.
Computation on Opacified Data
Computation on Opacified Data Drawbacks: Domain specific, only useful for specific kinds of data.
Future Work: Function-based access; Function validation; Correlated utility and privacy; Collusion among Apps.
Reference [1] Kassem Fawaz H F, Shin K G. Anatomization and Protection of Mobile Apps’ Location Privacy Threats[C]//Proceedings of the 24th USENIX Conference on Security Symposium, SEC. 15. [2] Jana S, Narayanan A, Shmatikov V. A Scanner Darkly: Protecting user privacy from perceptual applications[C]//Security and Privacy (SP), 2013 IEEE Symposium on. IEEE, 2013: 349-363. [3] ROESNER, F., KOHNO, T., MOSHCHUK, A., PARNO, B., WANG, H. J., AND COWAN, C. User-driven access control: Re- thinking permission granting in modern operating systems. In IEEE S&P (2012). [4] STEFAN,D.,YANG,E.Z.,MARCHENKO,P.,RUSSO,A.,HER- MAN, D., KARP, B., AND MAZIE`RES, D. Protecting users by con ning javascript with cowl. In OSDI (2014). [5] ENCK, W., GILBERT, P., CHUN, B.-G., COX, L. P., JUNG, J., MCDANIEL, P., AND SHETH, A. N. Taintdroid: an information- ow tracking system for realtime privacy monitoring on smart- phones. In OSDI (2010). [6] WEI, F., ROY, S., OU, X., AND ROBBY. Amandroid: A pre- cise and general inter-component data ow analysis framework for security vetting of android apps. In ACM SIGSAC Conference on Computer and Communications Security (CCS) (2014).