Flexible Data-Driven Security for Android

Feth, Denis; Pretschner, Alexander

doi:10.1109/sere.2012.14

Cited by 19 publications

(34 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While the problem of enforcing usage control requirements within single independent systems has been and is being researched [55,74,147,170,174,216], these solutions fall short when it comes to today's interconnected computing systems, in which data is not only independently processed by single systems, but rather by distributed cooperating systems and applications. Even in the presence of such distributed data processing, data owners would like to enforce data usage control policies after the data has been released for means of storage, processing, and further dissemination.…”

Section: Gap Analysis and Research Questionmentioning

confidence: 99%

“…This thesis will further build on this instantiation in Section 3.2.2. Instantiations for other operating system layers have been shown to be similar [55,214,216]. In particular, the concepts described in the following can be directly applied to any other Unix-like system such as Linux.…”

Section: Instantiation To Unix-like Systemsmentioning

confidence: 99%

“…While PEPs have been built for many different system layers and applications (e.g. Android [55,180], ChromiumOS [214], Java [61,63], JavaScript [168], Mozilla Firefox [110], Mozilla Thunderbird [125], MS Office [188], MS Windows [216], MySQL [119], OpenBSD [74], OpenNebula [115], X11 [170]), this thesis leverages a PEP at the operating system layer for Unix-like systems. This PEP, a brief overview of which is given in the following, is a contribution of this thesis.…”

Section: Policy Enforcement Pointsmentioning

confidence: 99%

“…As such, problems related to data usage control on single independent systems are not covered as they are addressed elsewhere [55,74,110,119,125,126,168,170,174,188,214,216]. It remains to mention that all of the cited works are compatible with this thesis' work both from a conceptual and a technical point of view.…”

Section: Integration With Usage Control Solutions For Single Systemsmentioning

confidence: 99%

See 3 more Smart Citations

Data Usage Control for Distributed Systems

Kelbert

Pretschner

2018

ACM Trans. Priv. Secur.

Self Cite

View full text Add to dashboard Cite

AcknowledgementsMy thanks go to• Prof. Pretschner. For introducing me to the academic world with all its diverse aspects: administrative matters, conferences, discussions, learning, reading, presentations, projects, reviewing, teaching, writing, pain and glory. For letting me work on an interesting thesis topic. For guidance, feedback, liberty, criticism and plaudits.• Prof. Katzenbeisser. For providing feedback on earlier partial results of this thesis.• all co-authors and internal reviewers. Alexander, Dominik, Enrico, Fatemeh, Hervais, Matthias, Mojdeh, Prachi, Saahil, Sebastian, Tobias. For teaching me how to collaboratively write scientific documents and how to cope best with endless discussions, reviews, corrections, rewriting, etc.• all remaining current and former colleagues and collaborators from KIT, TUM, • all project partners from TU Darmstadt, Universität Freiburg, Universität Kassel, Capurro Fiek Stiftung für Informationsethik, Fraunhofer SIT, Google Germany GmbH, Deutsche Post AG, Nokia, IBM, AGT International, DFKI, Seeburger, Stadtwerke Saarlouis. For innumerable interesting and diverse experiences.• all developers and authors of free tools and Q&A websites. For developing and maintaining software such as Eclipse, Firefox, Gimp, Gnome, Gnuplot, Inkscape, LaTeX, LibreOffice, Linux, StackExchange, Thunderbird, and many more.• all friends and family. Which are simply too many to enumerate. For constantly reminding me, both consciously and unconsciously, in countless ways that there is more to life than work and research. AbstractData usage control provides mechanisms for data owners to remain in control over how their data is used after it has been accessed. Corresponding technical solutions are thus applicable in many distinct areas such as the protection of business, military and government secrets, intellectual property, as well as private user data. However, most existing solutions focus on the enforcement of data usage control within single systems and disregard distributed aspects of data usage control, i.e. how the usage of data can be controlled once data has been shared across systems and organizations.In fact, many data usage policies can only be enforced on a global scale, as they refer to data as well as data usage events happening within several distributed systems, e.g. "at each point in time at most two clerks might have a local copy of this contract", or "a contract must be approved by at least two clerks before it is sent to the customer".While such policies can intuitively be enforced using a centralized infrastructure, major drawbacks are that such solutions constitute a single point of failure and that they are expected to cause heavy communication and performance overheads.In order to address these open challenges, this dissertation contributes by providing (i) a formal distributed data usage control system model, and (ii) the first fully decentralized infrastructure for the preventive enforcement of data usage policies. More precisely, the provided model allows to track the f...

show abstract

Section: Gap Analysis and Research Questionmentioning

confidence: 99%

Section: Instantiation To Unix-like Systemsmentioning

confidence: 99%

Section: Policy Enforcement Pointsmentioning

confidence: 99%

Section: Integration With Usage Control Solutions For Single Systemsmentioning

confidence: 99%

See 2 more Smart Citations

Data Usage Control for Distributed Systems

Kelbert

Pretschner

2018

ACM Trans. Priv. Secur.

Self Cite

View full text Add to dashboard Cite

show abstract

“…TaintDroid aims to give visibility to device users over how their sensitive data is handled by smartphone applications at runtime at the level of variables, methods, file operations and messages among applications. Other than work building up on TaintDroid [1,13,6], very few papers on privacy mechanisms consider the "private data over the untrusted network" aspect: Smokescreen [3] is a privacy management system that uses different broadcast signals to allow users to control how they share their location with social contacts differently than with strangers. Mobishare [15] protects privacy in mobile online social networks, whereby the user location is anonymised and obscured when using untrusted location servers.…”

Section: State Of the Artmentioning

confidence: 99%

POSTER: Preserving privacy and accountability for personal devices

Gheorghe

Neuhaus

2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

View full text Add to dashboard Cite

Using personal mobile devices for work gave rise to a trend called "bring your own device", or BYOD. BYOD brings a productivity boost for employees, but also headaches for employers: on the one hand, the business has a legitimate interest in monitoring the device, in order to prevent security breaches by employees; but on the other hand, employees have a reasonable expectation of privacy when they use their devices for private functions. This poster presents our project called Privacy-Preserving Accountability for peRsonal Devices (PriPARD, pronounced"prepared"). PriPARD addresses the tension described above by designing and evaluating concrete privacy mechanisms for mobile devices used in a corporate environment. Instead of imposing a "privacy firewall" between users and the Internet, in PriPARD the aim is protecting user privacy within the corporate network and non-disclosure outside this network. PriPARD's vision is to gather practical experience with the tradeoffs between monitoring and privacy needs, to help both mobile device users and managers of corporate networks.

show abstract