Securing tags to control information flows within the Internet of Things

Singh, Jatinder; Pasquier, Thomas; Bacon, Jean

doi:10.1109/riot.2015.7104903

Cited by 10 publications

(7 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This type of control can be realized using information flow control, which allows to track the usage of sensitive data throughout an application and has been implemented, for example, for Android phones [109]. Policies on information flow can be enforced, for example by trusted hardware [117].…”

Section: A Process-oriented Privacy Protectionmentioning

confidence: 99%

Privacy in the Smart City—Applications, Technologies, Challenges, and Solutions

Eckhoff

Wagner

2018

IEEE Commun. Surv. Tutorials

216

102

View full text Add to dashboard Cite

Many modern cities strive to integrate information technology into every aspect of city life to create so-called smart cities. Smart cities rely on a large number of application areas and technologies to realize complex interactions between citizens, third parties, and city departments. This overwhelming complexity is one reason why holistic privacy protection only rarely enters the picture. A lack of privacy can result in discrimination and social sorting, creating a fundamentally unequal society. To prevent this, we believe that a better understanding of smart cities and their privacy implications is needed. We therefore systematize the application areas, enabling technologies, privacy types, attackers and data sources for the attacks, giving structure to the fuzzy term "smart city". Based on our taxonomies, we describe existing privacy-enhancing technologies, review the state of the art in real cities around the world, and discuss promising future research directions. Our survey can serve as a reference guide, contributing to the development of privacy-friendly smart cities.

show abstract

Section: A Process-oriented Privacy Protectionmentioning

confidence: 99%

Privacy in the Smart City—Applications, Technologies, Challenges, and Solutions

Eckhoff

Wagner

2018

IEEE Commun. Surv. Tutorials

216

102

View full text Add to dashboard Cite

show abstract

“…Consent is an important element for both users who use smart devices such as smart sports equipment, smart health devices, smart toys, and individuals whose their information are collected by the smart objects in smart cities, smart homes, smart grid, etc [65]. Users of smart devices and individuals whose their information are collected by smart objects should agree with data collection, process, the period that the data will be kept and another process that relates to their data [66].…”

Section: Consent and Controlmentioning

confidence: 99%

Privacy Enhancing Technologies (PETs) for connected vehicles in smart cities

Safa

Mitchell

Maple

et al. 2020

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Many Experts believe that the Internet of Things (IoT) is a new revolution in technology that has brought many benefits for our organisations, businesses, and industries. However, information security and privacy protection are important challenges particularly for smart vehicles in smart cities that have attracted the attention of experts in this domain. Privacy Enhancing Technologies (PETs) endeavor to mitigate the risk of privacy invasions, but the literature lacks a thorough review of the approaches and techniques that support individuals' privacy in the connection between smart vehicles and smart cities. This gap has stimulated us to conduct this research with the main goal of reviewing recent privacy-enhancing technologies, approaches, taxonomy, challenges, and solutions on the application of PETs for smart vehicles in smart cities. The significant aspect of this study originates from the inclusion of data-oriented and process-oriented privacy protection. This research also identifies limitations of existing PETs, complementary technologies, and potential research directions.

show abstract

“…throughout the cloud service. In [50] we proposed that the widely used and available X.509 certificates could be used. The approach relies on public key certificates and attribute certificates [51], to respectively identify the application associated with the CamFlow-MW instance and the tags associated with this application.…”

Section: Remote Interactionsmentioning

confidence: 99%

“…Similarly, IFC policy must also be verified to ensure data flows are authorised according to IFC policy. Attribute certificates provide cryptographic means to determine and verify the tags associated with the remote entity (see [50]), on which policy can be enforced. If tags do not accord, the connection will not be established.…”

Section: Remote Interactionsmentioning

confidence: 99%

Camflow: Managed Data-Sharing for Cloud Services

Pasquier

Singh

Eyers

et al. 2017

IEEE Trans. Cloud Comput.

Self Cite

View full text Add to dashboard Cite

Abstract-A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications also require facilities to effect isolation and protection of data managed by those applications. They also require flexible data sharing with other applications, often across the traditional cloud-isolation boundaries; for example, when government, consisting of different departments, provides services to its citizens through a common platform. These concerns relate to the management of data. Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows; a crucial issue once data has left its owner's control by cloud-hosted applications and within cloud-services. Information Flow Control (IFC), in addition, offers system-wide, end-toend, flow control based on the properties of the data. We discuss the potential of cloud-deployed IFC for enforcing owners' data flow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software. In addition, the audit log associated with IFC provides transparency and offers system-wide visibility over data flows. This helps those responsible to meet their data management obligations, providing evidence of compliance, and aids in the identification of policy errors and misconfigurations. We present our IFC model and describe and evaluate our IFC architecture and implementation (CamFlow). This comprises an OS level implementation of IFC with support for application management, together with an IFC-enabled middleware.

show abstract

Securing tags to control information flows within the Internet of Things

Cited by 10 publications

References 24 publications

Privacy in the Smart City—Applications, Technologies, Challenges, and Solutions

Privacy in the Smart City—Applications, Technologies, Challenges, and Solutions

Privacy Enhancing Technologies (PETs) for connected vehicles in smart cities

Camflow: Managed Data-Sharing for Cloud Services

Contact Info

Product

Resources

About