5 research outputs found
Collateral damage of Facebook third-party applications: a comprehensive study
Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the applications nor by Facebook and they have not given consent. This paper presents a detailed multi-faceted study on the collateral information collection of the applications on Facebook. To investigate the views of the users, we designed a questionnaire and collected the responses of 114 participants. The results show that participants are concerned about the collateral information collection and in particular about the lack of notification and of mechanisms to control the data collection. Based on real data, we compute the likelihood of collateral information collection affecting users: we show that the probability is significant and greater than 80% for popular applications such as TripAdvisor. We also demonstrate that a substantial amount of profile data can be collected by applications, which enables application providers to profile users. To investigate whether collateral information collection is an issue to users’ privacy we analysed the legal framework in light of the General Data Protection Regulation. We provide a detailed analysis of the entities involved and investigate which entity is accountable for the collateral information collection. To provide countermeasures, we propose a privacy dashboard extension that implements privacy scoring computations to enhance transparency toward collateral information collection. Furthermore, we discuss alternative solutions highlighting other countermeasures such as notification and access control mechanisms, cryptographic solutions and application auditing. To the best of our knowledge this is the first work that provides a detailed multi-faceted study of this problem and that analyses the threat of user profiling by application providers
Workload Interleaving with Performance Guarantees in Data Centers
In the era of global, large scale data centers residing in clouds, many applications and users share the same pool of resources for the purposes of reducing energy and operating costs, and of improving availability and reliability. Along with the above benefits, resource sharing also introduces performance challenges: when multiple workloads access the same resources concurrently, contention may occur and introduce delays in the performance of individual workloads. Providing performance isolation to individual workloads needs effective management methodologies. The challenges of deriving effective management methodologies lie in finding accurate, robust, compact metrics and models to drive algorithms that can meet different performance objectives while achieving efficient utilization of resources. This dissertation proposes a set of methodologies aiming at solving the challenging performance isolation problem in workload interleaving in data centers, focusing on both storage components and computing components. at the storage node level, we focus on methodologies for better interleaving user traffic with background workloads, such as tasks for improving reliability, availability, and power savings. More specifically, a scheduling policy for background workload based on the statistical characteristics of the system busy periods and a methodology that quantitatively estimates the performance impact of power savings are developed. at the storage cluster level, we consider methodologies on how to efficiently conduct work consolidation and schedule asynchronous updates without violating user performance targets. More specifically, we develop a framework that can estimate beforehand the benefits and overheads of each option in order to automate the process of reaching intelligent consolidation decisions while achieving faster eventual consistency. at the computing node level, we focus on improving workload interleaving at off-the-shelf servers as they are the basic building blocks of large-scale data centers. We develop priority scheduling middleware that employs different policies to schedule background tasks based on the instantaneous resource requirements of the high priority applications running on the server node. Finally, at the computing cluster level, we investigate popular computing frameworks for large-scale data intensive distributed processing, such as MapReduce and its Hadoop implementation. We develop a new Hadoop scheduler called DyScale to exploit capabilities offered by heterogeneous cores in order to achieve a variety of performance objectives
DISCOVERING ANOMALOUS BEHAVIORS BY ADVANCED PROGRAM ANALYSIS TECHNIQUES
As soon as a technology started to be used by the masses, ended
up as a target of the investigation of bad guys that write
malicious software with the only and explicit intent to damage
users and take control of their systems to perform different
types of fraud. Malicious programs, in fact, are a serious threat
for the security and privacy of billions of users. The bad guys
are the main characters of this unstoppable threat which improves
as the time goes by. At the beginning it was pure computer
vandalism, then turned into petty theft followed by cybercrime,
cyber espionage, and finally gray market business. Cybercrime is
a very dangerous threat which consists of, for instance, stealing
credentials of bank accounts, sending SMS to premium number,
stealing user sensitive information, using resources of infected
computer to develop e.g., spam business, DoS, botnets, etc. The
interest of the cybercrime is to intentionally create malicious
programs for its own interest, mostly lucrative. Hence, due to
the malicious activity, cybercriminals have all the interest in
not being detected during the attack, and developing their
programs to be always more resilient against anti-malware
solution. As a proof that this is a dangerous threat, the FBI
reported a decline in physical crime and an increase of
cybercrime. In order to deal with the increasing number of exploits found in
legacy code and to detect malicious code which leverages every
subtle hardware and software detail to escape from malware
analysis tools, the security research community started to
develop and improve various code analysis techniques (static,
dynamic or both), with the aim to detect the different forms of
stealthy malware and to individuate security bugs in legacy
code. Despite the improvement of the research solutions, yet the
current ones are inadequate to face new stealthy and mobile
malware. Following such a line of research, in this dissertation,
we present new program analysis techniques that aim to improve
the analysis environment and deal with mobile malware. To perform
malware analysis, behavior analysis technique is the prominent:
the actions that a program is performing during its real-time
execution are collected to understand its behavior. Nevertheless,
they suffer of some limitations. State-of-the-Art malware
analysis solutions rely on emulated execution environment to
prevent the host to get infected, quickly recover to a pristine
state, and easily collect process information. A drawback of
these solutions is the non-transparency, that is, the execution
environment does not faithfully emulate the physical end-user
environment, which could lead to end up with incomplete
results. In fact, malicious programs could detect when they are
monitored in such environment, and thus modifying their behavior
to mislead the analysis and avoid detection. On the contrary, a
faithful emulator would drastically reduce the chance of
detection of the analysis environment from the analyzed
malware. To this end, we present EmuFuzzer, a novel testing
methodology specific for CPU emulators, based on fuzzing to
verify whether the CPU is properly emulated or not. Another
shortcoming regards the stimulation of the analyzed
application. It is not uncommon that an application exhibit
certain behaviors only when exercised with specific events (i.e.,
button click, insert text, socket connection, etc.). This flaw is
even exacerbated when analyzing mobile application. At this aim,
we introduce CopperDroid, a program analysis tool built on top of
QEMU to automatically perform out-of-the-box dynamic behavior
analysis of Android malware. To this end, CopperDroid presents a
unified analysis to characterize low-level OS-specific and
high-level Android-specific behaviors