9,413 research outputs found
The Transitivity of Trust Problem in the Interaction of Android Applications
Mobile phones have developed into complex platforms with large numbers of
installed applications and a wide range of sensitive data. Application security
policies limit the permissions of each installed application. As applications
may interact, restricting single applications may create a false sense of
security for the end users while data may still leave the mobile phone through
other applications. Instead, the information flow needs to be policed for the
composite system of applications in a transparent and usable manner. In this
paper, we propose to employ static analysis based on the software architecture
and focused data flow analysis to scalably detect information flows between
components. Specifically, we aim to reveal transitivity of trust problems in
multi-component mobile platforms. We demonstrate the feasibility of our
approach with Android applications, although the generalization of the analysis
to similar composition-based architectures, such as Service-oriented
Architecture, can also be explored in the future
Developing Predictive Molecular Maps of Human Disease through Community-based Modeling
The failure of biology to identify the molecular causes of disease has led to disappointment in the rate of development of new medicines. By combining the power of community-based modeling with broad access to large datasets on a platform that promotes reproducible analyses we can work towards more predictive molecular maps that can deliver better therapeutics
Scalable Discovery and Continuous Inventory of Personal Data at Rest in Cloud Native Systems
Cloud native systems are processing large amounts of personal data through
numerous and possibly multi-paradigmatic data stores (e.g., relational and
non-relational databases). From a privacy engineering perspective, a core
challenge is to keep track of all exact locations, where personal data is being
stored, as required by regulatory frameworks such as the European General Data
Protection Regulation. In this paper, we present Teiresias, comprising i) a
workflow pattern for scalable discovery of personal data at rest, and ii) a
cloud native system architecture and open source prototype implementation of
said workflow pattern. To this end, we enable a continuous inventory of
personal data featuring transparency and accountability following
DevOps/DevPrivOps practices. In particular, we scope version-controlled
Infrastructure as Code definitions, cloud-based storages, and how to integrate
the process into CI/CD pipelines. Thereafter, we provide iii) a comparative
performance evaluation demonstrating both appropriate execution times for
real-world settings, and a promising personal data detection accuracy
outperforming existing proprietary tools in public clouds.Comment: Preprint of 2022-09-09 before final copy-editing of an accepted
peer-reviewed paper to appear in the Proceedings of the 20th International
Conference on Service-Oriented Computing ICSOC 202
- …