Private information leak behavior has been widely discovered in malware and suspicious applications. We refer to such software as privacy leak software (PLS). Nowadays, PLS has become a serious and challenging probl...Private information leak behavior has been widely discovered in malware and suspicious applications. We refer to such software as privacy leak software (PLS). Nowadays, PLS has become a serious and challenging problem to cyber security. Previous methodologies are of two categories: one focuses on the outbound network traffic of the applications; the other dives into the inside information flow of the applications. We present an abstract model called Privacy Petri Net (PPN) which is more applicable to various applications and more intuitive and vivid to users. We apply our approach to both malware and suspicious applications in real world. The experimental result shows that our approach can effectively find categories, content, procedure, destination and severity of the private information leaks for the target software.展开更多
The rapid development of location-based service(LBS) drives one special kind of LBS, in which the service provider verifies user location before providing services. In distributed location proof generating schemes, pr...The rapid development of location-based service(LBS) drives one special kind of LBS, in which the service provider verifies user location before providing services. In distributed location proof generating schemes, preventing users from colluding with each other to create fake location proofs and protecting user's location privacy at the same time, are the main technical challenges to bring this kind of LBS into practical. Existing solutions tackle these challenges with low collusion-detecting efficiency and defected collusion-detecting method. We proposed two novel location proof generating schemes, which inversely utilized a secure secret-sharing scheme and a pseudonym scheme to settle these shortcomings. Our proposed solution resists and detects user collusion attacks in a more efficient and correct way. Meanwhile, we achieve a higher level of location privacy than that of previous work. The correctness and efficiency of our proposed solution is testified by intensive security analysis, performance analysis, as well as experiments and simulation results.展开更多
Cloud computing is an emerging and popular method of accessing shared and dynamically configurable resources via the computer network on demand. Cloud computing is excessively used by mobile applications to offload da...Cloud computing is an emerging and popular method of accessing shared and dynamically configurable resources via the computer network on demand. Cloud computing is excessively used by mobile applications to offload data over the network to the cloud. There are some security and privacy concerns using both mobile devices to offload data to the facilities provided by the cloud providers. One of the critical threats facing cloud users is the unauthorized access by the insiders (cloud administrators) or the justification of location where the cloud providers operating. Although, there exist variety of security mechanisms to prevent unauthorized access by unauthorized user by the cloud administration, but there is no security provision to prevent unauthorized access by the cloud administrators to the client data on the cloud computing. In this paper, we demonstrate how steganography, which is a secrecy method to hide information, can be used to enhance the security and privacy of data (images) maintained on the cloud by mobile applications. Our proposed model works with a key, which is embedded in the image along with the data, to provide an additional layer of security, namely, confidentiality of data. The practicality of the proposed method is represented via a simple case study.展开更多
In current software defect prediction (SDP) research, most previous empirical studies only use datasets provided by PROMISE repository and this may cause a threat to the external validity of previous empirical results...In current software defect prediction (SDP) research, most previous empirical studies only use datasets provided by PROMISE repository and this may cause a threat to the external validity of previous empirical results. Instead of SDP dataset sharing, SDP model sharing is a potential solution to alleviate this problem and can encourage researchers in the research community and practitioners in the industrial community to share more models. However, directly sharing models may result in privacy disclosure, such as model inversion attack. To the best of our knowledge, we are the first to apply differential privacy (DP) to privacy-preserving SDP model sharing and then propose a novel method DP-Share, since DP mechanisms can prevent this attack when the privacy budget is carefully selected. In particular, DP-Share first performs data preprocessing for the dataset, such as over-sampling for minority instances (i.e., defective modules) and conducting discretization for continuous features to optimize privacy budget allocation. Then, it uses a novel sampling strategy to create a set of training sets. Finally it constructs decision trees based on these training sets and these decision trees can form a random forest (i.e., model). The last phase of DP-Share uses Laplace and exponential mechanisms to satisfy the requirements of DP. In our empirical studies, we choose nine experimental subjects from real software projects. Then, we use AUC (area under ROC curve) as the performance measure and holdout as our model validation technique. After privacy and utility analysis, we find that DP-Share can achieve better performance than a baseline method DF-Enhance in most cases when using the same privacy budget. Moreover, we also provide guidelines to effectively use our proposed method. Our work attempts to fill the research gap in terms of differential privacy for SDP, which can encourage researchers and practitioners to share more SDP models and then effectively advance the state of the art of SDP.展开更多
Laws and policies impose many information handling requirements on business practices. Compliance with such regu-lations requires identification of conflicting interpretations of regulatory conditions. Current softwar...Laws and policies impose many information handling requirements on business practices. Compliance with such regu-lations requires identification of conflicting interpretations of regulatory conditions. Current software engineering methods extract software requirements by converting legal text into semiformal constraints and rules. In this paper we complement these methods with a state-based model that includes all possibilities of information flow. We show that such a model provides a foundation for the interpretation process.展开更多
This paper proposes a cross-layer design to enhance the location privacy under a coordinated medium access control(MAC) protocol for the Internet of Vehicles(Io V). The channel and pseudonym resources are both essenti...This paper proposes a cross-layer design to enhance the location privacy under a coordinated medium access control(MAC) protocol for the Internet of Vehicles(Io V). The channel and pseudonym resources are both essential for transmission efficiency and privacy preservation in the Io V. Nevertheless, the MAC protocol and pseudonym scheme are usually studied separately, in which a new MAC layer semantic linking attack could be carried out by analyzing the vehicles' transmission patterns even if they change pseudonyms simultaneously. This paper presents a hierarchical architecture named as the software defined Internet of Vehicles(SDIV). Facilitated by the architecture, a MAC layer aware pseudonym(MAP) scheme is proposed to resist the new attack. In the MAP, RSU clouds coordinate vehicles to change their transmission slots and pseudonyms simultaneously in the mix-zones by measuring the privacy level quantitatively. Security analysis and extensive simulations are conducted to show that the scheme provides reliable safety message broadcasting, improves the location privacy and network throughput in the Io V.展开更多
In software-defined networking(SDN),controllers are sinks of information such as network topology collected from switches.Organizations often like to protect their internal network topology and keep their network poli...In software-defined networking(SDN),controllers are sinks of information such as network topology collected from switches.Organizations often like to protect their internal network topology and keep their network policies private.We borrow techniques from secure multi-party computation(SMC)to preserve the privacy of policies of SDN controllers about status of routers.On the other hand,the number of controllers is one of the most important concerns in scalability of SMC application in SDNs.To address this issue,we formulate an optimization problem to minimize the number of SDN controllers while considering their reliability in SMC operations.We use Non-Dominated Sorting Genetic Algorithm II(NSGA-II)to determine the optimal number of controllers,and simulate SMC for typical SDNs with this number of controllers.Simulation results show that applying the SMC technique to preserve the privacy of organization policies causes only a little delay in SDNs,which is completely justifiable by the privacy obtained.展开更多
针对现有访问控制方法未针对云计算隐私保护特征且缺少动态隐私授权机制,无法在运行过程中自适应保护隐私数据的不足,通过对基于角色的访问控制(RBAC)模型进行信任度和隐私使用行为扩展,提出了一种面向云计算SaaS层隐私保护的访问控制模...针对现有访问控制方法未针对云计算隐私保护特征且缺少动态隐私授权机制,无法在运行过程中自适应保护隐私数据的不足,通过对基于角色的访问控制(RBAC)模型进行信任度和隐私使用行为扩展,提出了一种面向云计算SaaS层隐私保护的访问控制模型TBRBAC。在此基础上,提出了一种SaaS服务信任度评估和动态更新机制,给出了基于TBRBAC(Trust and Behavior based RBAC)模型的自适应隐私访问控制系统的体系结构、执行流程以及授权分析算法,讨论了自适应访问控制流程的合理性,并通过实例分析和实验验证说明了本文方法的可行性和有效性。该方法能够实现运行时动态隐私授权及细粒度的隐私访问控制,增强了云计算环境下隐私数据的安全保护。展开更多
基金This work is supported by the National Natural Science Foundation of China under Grant Nos. 61402124, 61402022, 61173008, 60933005, and 61572469, the National Key Technology Research and Development Program of China under Grant No. 2012BAH39B02, the 242 Projects of China under Grant No. 2011F45, and Beijing Nova Program under Grant No. Z121101002512063.
文摘Private information leak behavior has been widely discovered in malware and suspicious applications. We refer to such software as privacy leak software (PLS). Nowadays, PLS has become a serious and challenging problem to cyber security. Previous methodologies are of two categories: one focuses on the outbound network traffic of the applications; the other dives into the inside information flow of the applications. We present an abstract model called Privacy Petri Net (PPN) which is more applicable to various applications and more intuitive and vivid to users. We apply our approach to both malware and suspicious applications in real world. The experimental result shows that our approach can effectively find categories, content, procedure, destination and severity of the private information leaks for the target software.
基金supported by the National Natural Science Foundation of China(Grant No.41371402)the National Basic Research Program of China("973"Program)(Grant No.2011CB302306)the Fundamental Research Funds for the Central University(Grant No.2015211020201 and No.211274230)
文摘The rapid development of location-based service(LBS) drives one special kind of LBS, in which the service provider verifies user location before providing services. In distributed location proof generating schemes, preventing users from colluding with each other to create fake location proofs and protecting user's location privacy at the same time, are the main technical challenges to bring this kind of LBS into practical. Existing solutions tackle these challenges with low collusion-detecting efficiency and defected collusion-detecting method. We proposed two novel location proof generating schemes, which inversely utilized a secure secret-sharing scheme and a pseudonym scheme to settle these shortcomings. Our proposed solution resists and detects user collusion attacks in a more efficient and correct way. Meanwhile, we achieve a higher level of location privacy than that of previous work. The correctness and efficiency of our proposed solution is testified by intensive security analysis, performance analysis, as well as experiments and simulation results.
文摘Cloud computing is an emerging and popular method of accessing shared and dynamically configurable resources via the computer network on demand. Cloud computing is excessively used by mobile applications to offload data over the network to the cloud. There are some security and privacy concerns using both mobile devices to offload data to the facilities provided by the cloud providers. One of the critical threats facing cloud users is the unauthorized access by the insiders (cloud administrators) or the justification of location where the cloud providers operating. Although, there exist variety of security mechanisms to prevent unauthorized access by unauthorized user by the cloud administration, but there is no security provision to prevent unauthorized access by the cloud administrators to the client data on the cloud computing. In this paper, we demonstrate how steganography, which is a secrecy method to hide information, can be used to enhance the security and privacy of data (images) maintained on the cloud by mobile applications. Our proposed model works with a key, which is embedded in the image along with the data, to provide an additional layer of security, namely, confidentiality of data. The practicality of the proposed method is represented via a simple case study.
基金partially supported by the National Natural Science Foundation of China under Grant Nos. 61702041 and 61872263the Open Project of State Key Laboratory for Novel Software Technology at Nanjing University under Grant No. KFKT2019B14+2 种基金the Science and Technology Project of Beijing Municipal Education Commission under Grant No. KM201811232016the Nantong Application Research Plan under Grant No. JC2018134Jiangsu Government Scholarship for Overseas Studies.
文摘In current software defect prediction (SDP) research, most previous empirical studies only use datasets provided by PROMISE repository and this may cause a threat to the external validity of previous empirical results. Instead of SDP dataset sharing, SDP model sharing is a potential solution to alleviate this problem and can encourage researchers in the research community and practitioners in the industrial community to share more models. However, directly sharing models may result in privacy disclosure, such as model inversion attack. To the best of our knowledge, we are the first to apply differential privacy (DP) to privacy-preserving SDP model sharing and then propose a novel method DP-Share, since DP mechanisms can prevent this attack when the privacy budget is carefully selected. In particular, DP-Share first performs data preprocessing for the dataset, such as over-sampling for minority instances (i.e., defective modules) and conducting discretization for continuous features to optimize privacy budget allocation. Then, it uses a novel sampling strategy to create a set of training sets. Finally it constructs decision trees based on these training sets and these decision trees can form a random forest (i.e., model). The last phase of DP-Share uses Laplace and exponential mechanisms to satisfy the requirements of DP. In our empirical studies, we choose nine experimental subjects from real software projects. Then, we use AUC (area under ROC curve) as the performance measure and holdout as our model validation technique. After privacy and utility analysis, we find that DP-Share can achieve better performance than a baseline method DF-Enhance in most cases when using the same privacy budget. Moreover, we also provide guidelines to effectively use our proposed method. Our work attempts to fill the research gap in terms of differential privacy for SDP, which can encourage researchers and practitioners to share more SDP models and then effectively advance the state of the art of SDP.
文摘Laws and policies impose many information handling requirements on business practices. Compliance with such regu-lations requires identification of conflicting interpretations of regulatory conditions. Current software engineering methods extract software requirements by converting legal text into semiformal constraints and rules. In this paper we complement these methods with a state-based model that includes all possibilities of information flow. We show that such a model provides a foundation for the interpretation process.
基金supported by key special project of National Key Research and Development Program (2017YFC0803900)
文摘This paper proposes a cross-layer design to enhance the location privacy under a coordinated medium access control(MAC) protocol for the Internet of Vehicles(Io V). The channel and pseudonym resources are both essential for transmission efficiency and privacy preservation in the Io V. Nevertheless, the MAC protocol and pseudonym scheme are usually studied separately, in which a new MAC layer semantic linking attack could be carried out by analyzing the vehicles' transmission patterns even if they change pseudonyms simultaneously. This paper presents a hierarchical architecture named as the software defined Internet of Vehicles(SDIV). Facilitated by the architecture, a MAC layer aware pseudonym(MAP) scheme is proposed to resist the new attack. In the MAP, RSU clouds coordinate vehicles to change their transmission slots and pseudonyms simultaneously in the mix-zones by measuring the privacy level quantitatively. Security analysis and extensive simulations are conducted to show that the scheme provides reliable safety message broadcasting, improves the location privacy and network throughput in the Io V.
文摘In software-defined networking(SDN),controllers are sinks of information such as network topology collected from switches.Organizations often like to protect their internal network topology and keep their network policies private.We borrow techniques from secure multi-party computation(SMC)to preserve the privacy of policies of SDN controllers about status of routers.On the other hand,the number of controllers is one of the most important concerns in scalability of SMC application in SDNs.To address this issue,we formulate an optimization problem to minimize the number of SDN controllers while considering their reliability in SMC operations.We use Non-Dominated Sorting Genetic Algorithm II(NSGA-II)to determine the optimal number of controllers,and simulate SMC for typical SDNs with this number of controllers.Simulation results show that applying the SMC technique to preserve the privacy of organization policies causes only a little delay in SDNs,which is completely justifiable by the privacy obtained.
文摘针对现有访问控制方法未针对云计算隐私保护特征且缺少动态隐私授权机制,无法在运行过程中自适应保护隐私数据的不足,通过对基于角色的访问控制(RBAC)模型进行信任度和隐私使用行为扩展,提出了一种面向云计算SaaS层隐私保护的访问控制模型TBRBAC。在此基础上,提出了一种SaaS服务信任度评估和动态更新机制,给出了基于TBRBAC(Trust and Behavior based RBAC)模型的自适应隐私访问控制系统的体系结构、执行流程以及授权分析算法,讨论了自适应访问控制流程的合理性,并通过实例分析和实验验证说明了本文方法的可行性和有效性。该方法能够实现运行时动态隐私授权及细粒度的隐私访问控制,增强了云计算环境下隐私数据的安全保护。
