Security in Pervasive Computing: Current Status and Open Issues

Million of wireless device users are ever on the move, becoming more dependent on their PDAs, smart phones, and other handheld devices. With the advancement of pervasive computing, new and unique capabilities are available to aid mobile societies. The wireless nature of these devices has fostered a new era of mobility. Thousands of pervasive devices are able to arbitrarily join and leave a network, creating a nomadic environment known as a pervasive ad hoc network. However, mobile devices have vulnerabilities, and some are proving to be challenging. Security in pervasive computing is the most critical challenge. Security is needed to ensure exact and accurate confidentiality, integrity, authentication, and access control, to name a few. Security for mobile devices, though still in its infancy, has drawn the attention of various researchers. As pervasive devices become incorporated in our day-to-day lives, security will increasingly becoming a common concern for all users - - though for most it will be an afterthought, like many other computing functions. The usability and expansion of pervasive computing applications depends greatly on the security and reliability provided by the applications. At this critical juncture, security research is growing. This paper examines the recent trends and forward thinking investigation in several fields of security, along with a brief history of previous accomplishments in the corresponding areas. Some open issues have been discussed for further investigation

CLOSER: A Collaborative Locality-aware Overlay SERvice

Current Peer-to-Peer (P2P) file sharing systems make use of a considerable percentage of Internet Service Providers (ISPs) bandwidth. This paper presents the Collaborative Locality-aware Overlay SERvice (CLOSER), an architecture that aims at lessening the usage of expensive international links by exploiting traffic locality (i.e., a resource is downloaded from the inside of the ISP whenever possible). The paper proves the effectiveness of CLOSER by analysis and simulation, also comparing this architecture with existing solutions for traffic locality in P2P systems. While savings on international links can be attractive for ISPs, it is necessary to offer some features that can be of interest for users to favor a wide adoption of the application. For this reason, CLOSER also introduces a privacy module that may arouse the users' interest and encourage them to switch to the new architectur

Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

Handling Confidential Data on the Untrusted Cloud: An Agent-based Approach

Cloud computing allows shared computer and storage facilities to be used by a multitude of clients. While cloud management is centralized, the information resides in the cloud and information sharing can be implemented via off-the-shelf techniques for multiuser databases. Users, however, are very diffident for not having full control over their sensitive data. Untrusted database-as-a-server techniques are neither readily extendable to the cloud environment nor easily understandable by non-technical users. To solve this problem, we present an approach where agents share reserved data in a secure manner by the use of simple grant-and-revoke permissions on shared data.Comment: 7 pages, 9 figures, Cloud Computing 201

Mobile recommender apps with privacy management for accessible and usable technologies

The paper presents the preliminary results of an ongoing survey of the use of computers and mobile devices, interest in recommender apps and knowledge and concerns about privacy issues amongst English and Italian speaking disabled people. Participants were found to be regular users of computers and mobile devices for a range of applications. They were interested in recommender apps for household items, computer software and apps that met their accessibility and other requirements. They showed greater concerns about controlling access to personal data of different types than this data being retained by the computer or mobile device. They were also willing to make tradeoffs to improve device performance

Towards defining semantic foundations for purpose-based privacy policies

We define a semantic model for purpose, based on which purpose-based privacy policies can be meaningfully expressed and enforced in a business system. The model is based on the intuition that the purpose of an action is determined by its situation among other inter-related actions. Actions and their relationships can be modeled in the form of an action graph which is based on the business processes in a system. Accordingly, a modal logic and the corresponding model checking algorithm are developed for formal expression of purpose-based policies and verifying whether a particular system complies with them. It is also shown through various examples, how various typical purpose-based policies as well as some new policy types can be expressed and checked using our model

A Framework for Aggregating Private and Public Web Archives

Personal and private Web archives are proliferating due to the increase in the tools to create them and the realization that Internet Archive and other public Web archives are unable to capture personalized (e.g., Facebook) and private (e.g., banking) Web pages. We introduce a framework to mitigate issues of aggregation in private, personal, and public Web archives without compromising potential sensitive information contained in private captures. We amend Memento syntax and semantics to allow TimeMap enrichment to account for additional attributes to be expressed inclusive of the requirements for dereferencing private Web archive captures. We provide a method to involve the user further in the negotiation of archival captures in dimensions beyond time. We introduce a model for archival querying precedence and short-circuiting, as needed when aggregating private and personal Web archive captures with those from public Web archives through Memento. Negotiation of this sort is novel to Web archiving and allows for the more seamless aggregation of various types of Web archives to convey a more accurate picture of the past Web.Comment: Preprint version of the ACM/IEEE Joint Conference on Digital Libraries (JCDL 2018) full paper, accessible at the DO

A secure, constraint-aware role-based access control interoperation framework

With the growing needs for and the benefits of sharing resources and information among different organizations, an interoperation framework that automatically integrates policies to facilitate such cross-domain sharing in a secure way is becoming increasingly important. To avoid security breaches, such policies must enforce the policy constraints of the individual domains. Such constraints may include temporal constraints that limit the times when the users can access the resources, and separation of duty (SoD) constraints. Existing interoperation solutions do not address such cross-domain temporal access control and SoDs requirements. In this paper, we propose a role-based framework to facilitate secure interoperation among multiple domains by ensuring the enforcement of temporal and SoD constraints of individual domains. To support interoperation, we do not modify the internal policies, as most of the current approaches do. We present experimental results to demonstrate our proposed framework is effective and easily realizable. © 2011 IEEE

A systematic literature review of cloud computing in eHealth

Cloud computing in eHealth is an emerging area for only few years. There needs to identify the state of the art and pinpoint challenges and possible directions for researchers and applications developers. Based on this need, we have conducted a systematic review of cloud computing in eHealth. We searched ACM Digital Library, IEEE Xplore, Inspec, ISI Web of Science and Springer as well as relevant open-access journals for relevant articles. A total of 237 studies were first searched, of which 44 papers met the Include Criteria. The studies identified three types of studied areas about cloud computing in eHealth, namely (1) cloud-based eHealth framework design (n=13); (2) applications of cloud computing (n=17); and (3) security or privacy control mechanisms of healthcare data in the cloud (n=14). Most of the studies in the review were about designs and concept-proof. Only very few studies have evaluated their research in the real world, which may indicate that the application of cloud computing in eHealth is still very immature. However, our presented review could pinpoint that a hybrid cloud platform with mixed access control and security protection mechanisms will be a main research area for developing citizen centred home-based healthcare applications