Mimesis Aegis: A mimicry privacy shield a system's approach to data privacy on public cloud

Proceedings of the 23rd USENIX Security Symposium

Volumn , Issue , 2014, Pages 33-48

  Lau, Billy ^a   Chung, Simon ^a   Song, Chengyu ^a   Jang, Yeongjin ^a   Lee, Wenke ^a   Boldyreva, Alexandra ^a  

^a Georgia Institute of Technology   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANDROID (OPERATING SYSTEM); CRYPTOGRAPHY; DISTRIBUTED DATABASE SYSTEMS; METADATA; NETWORK LAYERS; REVERSE ENGINEERING; SOCIAL NETWORKING (ONLINE); WEB SERVICES;

DATA CONFIDENTIALITY; ENCRYPTION/DECRYPTION; END-TO-END ENCRYPTION; FALSE POSITIVE RATES; MOBILE PLATFORM; PRIVACY PRESERVING; SECURITY PROTECTION; USER EXPERIENCE;

DATA PRIVACY;

EID: 85051025186     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (68)

1. Accessibility. http://developer.android.com/guide/topics/ui/accessibility/index.html.
2. Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2013-2018. http://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/white_paper_c11-520862.html.
3. Cryptocat. https://crypto.cat.
4. Engineering Security Solutions at Layer 8 and Above. https://blogs.rsa.com/engineering-security-solutions-at-layer-8-and-above/, December.
5. Gibberbot for Android devices. https://securityinabox.org/en/Gibberbotmain.
6. Google Accessibility. https://www.google.com/accessibility/policy/.
7. Google Chrome Mobile FAQ. https://developers.google.com/chrome/mobile/docs/faq.
8. International technology - Open Systems Interconnection - Basic Reference Model: The Basic Model. http://www.ecma-international.org/activities/Communications/TG11/s020269e.pdf.
9. Microsoft Accessibility. http://www.microsoft.com/enable/microsoft/section508.aspx.
10. MIT PGP Public Key Server. http://pgp.mit.edu/.
11. New privacy fears as facebook begins selling personal access to companies to boost ailing profits. http://www.dailymail.co.uk/news/article-2212178/New-privacy-row-Facebook-begins-selling-access-users-boost-ailing-profits.html.
12. Secure texts for Android. https://whispersystems.org.
13. Sniffer tool displays other people's WhatsApp messages. http://www.h-online.com/security/news/item/Sniffer-tool-displays-other-people-s-WhatsApp-messages-1574382.html.
14. Snowden: Leak of NSA spy programs "marks my end". http://www.cbsnews.com/8301-201162-57588462/snowden-leak-of-nsa-spy-programs-marks-my-end/.
15. Symantec desktop email encryption end-to-end email encryption software for laptops and desktops. http://www.symantec.com/desktop-email-encryption.
16. Ten Mistakes That Can Ruin Customers' Mobile App Experience. http://www.itbusinessedge.com/slideshows/show.aspx?c=96038.
17. UI Testing - Android Developers. http://developer.android.com/tools/testing/testing_ui.html.
18. Whatsapp is broken, really broken. http://fileperms.org/whatsapp-is-broken-really-broken/.
19. Layer 8 Linux Security: OPSEC for Linux Common Users, Developers and Systems Administrators. http://www.linuxgazette.net/164/kachold.html, July 2009.
20. Accessibility. https://www.apple.com/accessibility/resources/, February 2014.
21. 107TH CONGRESS. Uniting and strengthening america by providing appropriate tools required to intercept and obstruct terrorism (usa patriot act) act of 2001. Public Law 107-56 (2001).
22. ACQUISTI, A., and GROSS, R. Imagined communities: Awareness, information sharing, and privacy on the facebook. In Privacy enhancing technologies (2006), Springer, pp. 36-58.
23. BADEN, R., BENDER, A., SPRING, N., BHATTACHARJEE, B., and STARIN, D. Persona: an online social network with user-defined privacy. In ACM SIGCOMM Computer Communication Review (2009), Vol. 39, ACM, pp. 135-146.
24. BEATO, F., KOHLWEISS, M., and WOUTERS, K. Scramble! your social network data. In Privacy Enhancing Technologies (2011), Springer, pp. 211-225.
25. BELLARE, M., BOLDYREVA, A., AND O'NEILL, A. Deterministic and efficiently searchable encryption. In CRYPTO (2007), A. Menezes, Ed., Vol. 4622 of Lecture Notes in Computer Science, Springer, pp. 535-552.
26. BERTHOME, P., FECHEROLLE, T., GUILLOTEAU, N., and LALANDE, J.-F. Repackaging android applications for auditing access to private data. In Availability, Reliability and Security (ARES), 2012 Seventh International Conference on (2012), IEEE, pp. 388-396.
27. BÖHMER, M., HECHT, B., SCHÖNING, J., KRÜGER, A., and BAUER, G. Falling asleep with angry birds, facebook and kindle: a large scale study on mobile application usage. In Proceedings of the 13th international conference on Human computer interaction with mobile devices and services (2011), ACM, pp. 47-56.
28. BONEH, D., and CRESCENZO., G. D., OSTROVSKY, R., and PERSIANO, G. Public key encryption with keyword search. In EUROCRYPT (2004), C. Cachin and J. Camenisch, Eds., Vol. 3027 of Lecture Notes in Computer Science, Springer, pp. 506-522.
29. BORDERS, K., VANDER WEELE, E., LAU, B., and PRAKASH, A. Protecting confidential data on personal computers with storage capsules. Ann Arbor 1001 (2009), 48109.
30. BORISOV, N., GOLDBERG, I., and BREWER, E. Off-the-record communication, or, why not to use pgp. In Proceedings of the 2004 ACM workshop on Privacy in the electronic society (2004), ACM, pp. 77-84.
31. CHANG, Y.-C., and MITZENMACHER, M. Privacy preserving keyword searches on remote encrypted data. In Applied Cryptography and Network Security, J. Ioannidis, A. Keromytis, and M. Yung, Eds., Vol. 3531 of Lecture Notes in Computer Science. Springer, 2005, pp. 442-455.
32. COHEN, W. W. Enron email dataset. http://www.cs.cmu.edu/enron, August 2009.
33. CURTMOLA, R., and GARAY., J. A., KAMARA, S., and OSTROVSKY, R. Searchable symmetric encryption: Improved definitions and efficient constructions. In ACM Conference on Computer and Communications Security (2006), A. Juels, R. N. Wright, and S. D. C. di Vimercati, Eds., ACM, pp. 79-88.
34. DELTCHEVA, R. Apple, AT & T data leak protection issues latest in cloud failures. http://www.messagingarchitects.com/resources/security-compliance-news/email-security/apple-att-data-leak-protection-issues-latest-in-cloud-failures19836720.html, June 2010.
35. DINGLEDINE, R., MATHEWSON, N., and SYVERSON, P. Tor: The second-generation onion router. Tech. rep., DTIC Document, 2004.
36. DONG, X., CHEN, Z., SIADATI, H., TOPLE, S., SAXENA, P., and LIANG, Z. Protecting sensitive web content from clientside vulnerabilities with cryptons. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (2013), ACM, pp. 1311-1324.
37. ELKINS, M. Mime security with pretty good privacy (pgp).
38. ENCK, W., GILBERT, P., CHUN, B.-G., COX, L. P., JUNG, J., MCDANIEL, P., AND SHETH, A. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smart-phones. In OSDI (2010), Vol. 10, pp. 1-6.
39. FAHL, S., HARBACH, M., MUDERS, T., BAUMGÄRTNER, L., FREISLEBEN, B., and SMITH, M. Why eve and mallory love android: An analysis of android ssl (in)security. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (New York, NY, USA, 2012), CCS '12, ACM, pp. 50-61.
40. FAHL, S., HARBACH, M., MUDERS, T., and SMITH, M. Trust-split: usable confidentiality for social network messaging. In Proceedings of the 23rd ACM conference on Hypertext and social media (2012), ACM, pp. 145-154.
41. FARB, M., LIN, Y.-H., KIM, T. H.-J., MCCUNE, J., AND PERRIG, A. Safeslinger: easy-to-use and secure public-key exchange. In Proceedings of the 19th annual international conference on Mobile computing & networking (2013), ACM, pp. 417-428.
42. FAULKNER, L. Beyond the five-user assumption: Benefits of increased sample sizes in usability testing. Behavior Research Methods, Instruments, & Computers 35, 3 (2003), 379-383.
43. FELDMAN, A. J., BLANKSTEIN, A., FREEDMAN, M. J., and FELTEN, E. W. Social networking with frientegrity: privacy and integrity with an untrusted provider. In Proceedings of the 21st USENIX conference on Security symposium, Security (2012), Vol. 12.
44. GOH, E.-J. Secure indexes. IACR Cryptology ePrint Archive (2003).
45. GOLDREICH, O., and OSTROVSKY, R. Software protection and simulation on oblivious rams. J. ACM 43, 3 (1996), 431-473.
46. GUHA, S., TANG, K., and FRANCIS, P. Noyb: Privacy in online social networks. In Proceedings of the first workshop on Online social networks (2008), ACM, pp. 49-54.
47. HENRY, S. Largest hacking, data breach prosecution in U.S. history launches with five arrests. http://www.mercurynews.com/business/ci23730361/largest-hacking-data-breach-prosecution-u-s-history, July 2013.
48. JANG, Y., CHUNG, S. P., PAYNE, B. D., AND LEE, W. Gyrus: A framework for user-intent monitoring of text-based networked applications. In NDSS (2014).
49. JEON, J., and MICINSKI., K. K., VAUGHAN, J. A., FOGEL, A., REDDY, N., and FOSTER., J. S., and MILLSTEIN, T. Dr. android and mr. hide: fine-grained permissions in android applications. In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices (2012), ACM, pp. 3-14.
50. JIANG, X. Gingermaster: First android malware utilizing a root exploit on android 2.3 (gingerbread). http://www.csc.ncsu.edu/faculty/jiang/GingerMaster/.
51. KAMARA, S., PAPAMANTHOU, C., and ROEDER, T. Dynamic searchable symmetric encryption. In Proceedings of the 2012 ACM conference on Computer and communications security (2012), ACM, pp. 965-976.
52. KING, S. T., TUCEK, J., COZZIE, A., GRIER, C., JIANG, W., and ZHOU, Y. Designing and implementing malicious hardware. In Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats (Berkeley, CA, USA, 2008), LEET'08, USENIX Association, pp. 5:1-5:8.
53. KONTAXIS, G., POLYCHRONAKIS, M., KEROMYTIS, A. D., and MARKATOS, E. P. Privacy-preserving social plugins. In Proceedings of the 21st USENIX conference on Security symposium (2012), USENIX Association, pp. 30-30.
54. LAU, B., CHUNG, S., SONG, C., JANG, Y., LEE, W., and BOLDYREVA, A. Mimesis Aegis: A Mimicry Privacy Shield. http://hdl.handle.net/1853/52026.
55. LUCAS, M. M., and BORISOV, N. Flybynight: mitigating the privacy risks of social networking. In Proceedings of the 7th ACM workshop on Privacy in the electronic society (2008), ACM, pp. 1-8.
56. PEEK, D., and FLINN, J. Trapperkeeper: the case for using virtualization to add type awareness to file systems. In Proceedings of the 2nd USENIX conference on Hot topics in storage and file systems (2010), USENIX Association, pp. 8-8.
57. ROESNER, F., KOHNO, T., MOSHCHUK, A., PARNO, B., and WANG., H. J., and COWAN, C. User-driven access control: Rethinking permission granting in modern operating systems. In Security and Privacy (SP), 2012 IEEE Symposium on (2012), IEEE, pp. 224-238.
58. SHAH, K. Common Mobile App Design Mistakes to Take Care. http://www.enterprisecioforum.com/en/blogs/kaushalshah/common-mobile-app-design-mistakes-take-c.
59. SHENG, S., BRODERICK, L., HYLAND, J., and KORANDA, C. Why johnny still can't encrypt: evaluating the usability of email encryption software. In Symposium On Usable Privacy and Security (2006).
60. SHNEIDERMAN, B. Designing the User Interface: Strategies for Effective Human-Computer Interaction, fourth ed. Addison-Wesley, 2005.
61. SONG, D. X., WAGNER, D., and PERRIG, A. Practical techniques for searches on encrypted data. In IEEE Symposium on Security and Privacy (2000), pp. 44-55.
62. TSUNOO, Y., SAITO, T., SUZAKI, T., SHIGERI, M., and MIYAUCHI, H. Cryptanalysis of des implemented on computers with cache. In Cryptographic Hardware and Embedded Systems-CHES 2003. Springer, 2003, pp. 62-76.
63. US-CERT/NIST. Cve-2013-4787. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4787.
64. WHITTAKER, S., MATTHEWS, T., CERRUTI, J., BADENES, H., and TANG, J. Am i wasting my time organizing email?: a study of email refinding. In PART 5 - Proceedings of the 2011 annual conference on Human factors in computing systems (2011), ACM, pp. 3449-3458.
65. WHITTEN, A., and TYGAR, J. D. Why johnny can't encrypt: A usability evaluation of pgp 5.0. In Proceedings of the 8th USENIX Security Symposium (1999), Vol. 99, McGraw-Hill.
66. WOJTCZUK, R., and TERESHKIN, A. Attacking intel® bios. Invisible Things Lab (2010).
67. WU, C, ZHOU, Y., PATEL, K., LIANG, Z., and JIANG, X. Airbag: Boosting smartphone resistance to malware infection. In NDSS (2014).
68. XU, R., SÄIDI, H., and ANDERSON, R. Aurasium: Practical policy enforcement for android applications. In Proceedings of the 21st USENIX conference on Security symposium (2012), USENIX Association, pp. 27-27.