東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

Privacy Preserving Information Shari...

Tian, Yuan.

FindBook

Google Book

Amazon

博客來

Privacy Preserving Information Sharing in Modern and Emerging Platforms.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Privacy Preserving Information Sharing in Modern and Emerging Platforms./
作者:	Tian, Yuan.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2018,
面頁冊數:	158 p.
附註:	Source: Dissertation Abstracts International, Volume: 79-09(E), Section: B.
Contained By:	Dissertation Abstracts International79-09B(E).
標題:	Computer engineering. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=10615518
ISBN:	9780355967364

Privacy Preserving Information Sharing in Modern and Emerging Platforms.
Tian, Yuan.

Privacy Preserving Information Sharing in Modern and Emerging Platforms. - Ann Arbor : ProQuest Dissertations & Theses, 2018 - 158 p.

Source: Dissertation Abstracts International, Volume: 79-09(E), Section: B.

Thesis (Ph.D.)--Carnegie Mellon University, 2018.

Users share a large amount of information with modern platforms such as web platforms and social platforms for various services. However, they face the risk of information leakage because modern platforms still lack proper security policies. Existing security policies, such as permission systems and isolation, can help regulate information sharing. However, these policies have problems, such as coarse granularity, bad usability, and incompleteness, especially when new features are introduced. I investigate the security impacts of new features in web and mobile platforms and find design problems that lead to user information leakage. Based on these analyses, I propose design principles for permission systems that mediate how information should be shared in modern and emerging platforms, such as web and social platforms, to provide functionality with privacy preserved. I aim to design permission systems that only allow least-privilege information access. Specifically, I utilize program analysis and natural language processing to understand how applications use sensitive data and correlate these data with their functionality. With this understanding, I design schemes that ask for user consent about unexpected information access and automatically reduce overprivileged access. I provide guidelines for platform designers to build their permission systems according to respective adversary models and resources. In particular, I implement the new permission system for social platforms and Internet of Things (IoT) platforms that enable least-privilege information sharing. For the social platforms, I incorporate the primitives of Opaque handle, Opaque display, and User-driven access control (OOU) to design a least-privilege, user-friendly, developer-friendly, and feature-rich permission system. According to my study on Facebook, OOU can be applied to remove or replace 81.2% of sensitive permission instances without affecting functionality. For IoT platforms, I present a new authorization framework, SmartAuth, that supports user-centric, semantic-based authorization. SmartAuth automatically collects security-relevant information from an IoT application's description, code, and annotations, and generates an authorization user interface to bridge the gap between the functionalities explained to the user and the operations the application actually performs.

ISBN: 9780355967364Subjects--Topical Terms:

621879
Computer engineering.

Privacy Preserving Information Sharing in Modern and Emerging Platforms.
LDR:03326nmm a2200301 4500 001 2162100
005 20180927111919.5
008 190424s2018 ||||||||||||||||| ||eng d
020 $a 9780355967364
035 $a (MiAaPQ)AAI10615518
035 $a (MiAaPQ)cmu:10132
035 $a AAI10615518
040 $a MiAaPQ $c MiAaPQ
100 1 $a Tian, Yuan. $3 1287310
245 1 0 $a Privacy Preserving Information Sharing in Modern and Emerging Platforms.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2018
300 $a 158 p.
500 $a Source: Dissertation Abstracts International, Volume: 79-09(E), Section: B.
500 $a Adviser: Patrick Tague.
502 $a Thesis (Ph.D.)--Carnegie Mellon University, 2018.
520 $a Users share a large amount of information with modern platforms such as web platforms and social platforms for various services. However, they face the risk of information leakage because modern platforms still lack proper security policies. Existing security policies, such as permission systems and isolation, can help regulate information sharing. However, these policies have problems, such as coarse granularity, bad usability, and incompleteness, especially when new features are introduced. I investigate the security impacts of new features in web and mobile platforms and find design problems that lead to user information leakage. Based on these analyses, I propose design principles for permission systems that mediate how information should be shared in modern and emerging platforms, such as web and social platforms, to provide functionality with privacy preserved. I aim to design permission systems that only allow least-privilege information access. Specifically, I utilize program analysis and natural language processing to understand how applications use sensitive data and correlate these data with their functionality. With this understanding, I design schemes that ask for user consent about unexpected information access and automatically reduce overprivileged access. I provide guidelines for platform designers to build their permission systems according to respective adversary models and resources. In particular, I implement the new permission system for social platforms and Internet of Things (IoT) platforms that enable least-privilege information sharing. For the social platforms, I incorporate the primitives of Opaque handle, Opaque display, and User-driven access control (OOU) to design a least-privilege, user-friendly, developer-friendly, and feature-rich permission system. According to my study on Facebook, OOU can be applied to remove or replace 81.2% of sensitive permission instances without affecting functionality. For IoT platforms, I present a new authorization framework, SmartAuth, that supports user-centric, semantic-based authorization. SmartAuth automatically collects security-relevant information from an IoT application's description, code, and annotations, and generates an authorization user interface to bridge the gap between the functionalities explained to the user and the operations the application actually performs.
590 $a School code: 0041.
650 4 $a Computer engineering. $3 621879
650 4 $a Computer science. $3 523869
690 $a 0464
690 $a 0984
710 2 $a Carnegie Mellon University. $b Electrical and Computer Engineering. $3 2094139
773 0 $t Dissertation Abstracts International $g 79-09B(E).
790 $a 0041
791 $a Ph.D.
792 $a 2018
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=10615518