Navigating MazeMap: indoor human mobility, spatio-logical ties and future potential

Global navigation systems and location-based services have found their way into our daily lives. Recently, indoor positioning techniques have also been proposed, and there are several live or trial systems already operating. In this paper, we present insights from MazeMap, the first live indoor/outdoor positioning and navigation system deployed at a large university campus in Norway. Our main contribution is a measurement case study; we show the spatial and temporal distribution of MazeMap geo-location and wayfinding requests, construct the aggregated human mobility map of the campus and find strong logical ties between different locations. On one hand, our findings are specific to the venue; on the other hand, the nature of available data and insights coupled with our discussion on potential usage scenarios for indoor positioning and location-based services predict a successful future for these systems and applications.Comment: 6 pages, accepted at PerMoby Workshop at IEEE PerCom 201

The Price of Privacy in Collaborative Learning

Machine learning algorithms have reached mainstream status and are widely deployed in many applications. The accuracy of such algorithms depends significantly on the size of the underlying training dataset; in reality a small or medium sized organization often does not have enough data to train a reasonably accurate model. For such organizations, a realistic solution is to train machine learning models based on a joint dataset (which is a union of the individual ones). Unfortunately, privacy concerns prevent them from straightforwardly doing so. While a number of privacy-preserving solutions exist for collaborating organizations to securely aggregate the parameters in the process of training the models, we are not aware of any work that provides a rational framework for the participants to precisely balance the privacy loss and accuracy gain in their collaboration. In this paper, we model the collaborative training process as a two-player game where each player aims to achieve higher accuracy while preserving the privacy of its own dataset. We introduce the notion of Price of Privacy, a novel approach for measuring the impact of privacy protection on the accuracy in the proposed framework. Furthermore, we develop a game-theoretical model for different player types, and then either find or prove the existence of a Nash Equilibrium with regard to the strength of privacy protection for each player

Towards Systematic Specification of Non-Functional Requirements for Sharing Economy Services

Sharing Economy (SE) systems use technologies to enable sharing of physical assets and services among individuals. This allows optimisation of resources, thus contributing to the re-use principle of Circular Economy. In this paper, we assess existing SE services and identify their challenges in areas that are not technically connected to their core functionality but are essential in creating trust: information security and privacy, personal data protection and fair economic incentives. Existing frameworks for elicitation of non-functional requirements are heterogeneous in their focus and domain specific. Hence, we propose to develop a holistic methodology for non-functional requirements specification for SE systems following a top-down-top approach. A holistic methodology considering non-functional requirements is essential and can assist in the analysis and design of SE systems in a systematic and unified way applied from the early stages of the system development

SafeLib: a practical library for outsourcing stateful network functions securely

A recent trend is to outsource virtual network functions (VNFs) to a third-party service provider, such as a public cloud. Since the cloud is usually not trusted, redirecting enterprise traffic to such an entity introduces security concerns. In addition to protecting enterprise traffic, it is also desirable to protect VNF code, policies and states. Existing outsourcing solutions fall short in either supporting stateful VNFs, catering for all security requirements, or providing adequate performance.In this paper we present SafeLib, a trusted hardware based outsourcing solution built on Intel SGX. SafeLib provides i) support for stateful VNFs, ii) support for illegal SGX instructions by integrating Graphene-SGX, iii) protection of both packet headers and payload for enterprise user traffic, VNF policies and VNF code, and iv) integration of libVNF for streamlined VNF development. Our performance evaluation shows that SafeLib scales properly for multiple cores, and introduces a reasonable performance overhead. We also outline plans to further improve SafeLib to satisfy even more stringent functional, security and performance requirements

Towards protected VNFs for multi-operator service delivery

Value-added 5G verticals are foreseen to be delivered as a service chain over multiple network operators with extensive outsourcing of Virtual Network Functions (VNFs). In this short paper we introduce the initial design of SafeLib, a software middlebox platform based on Intel SGX, which protects user traffic, VNF code, policy input and state in such scenarios, while also retaining high performance. Augmenting the smart integration of existing hardware and software building blocks with new secure elements, the SafeLib architecture shows considerable promise in a carrier-grade service context

Securing Outsourced VNFs: Challenges, State of the Art, and Future Directions

It is becoming increasingly common for enterprises to outsource network functions to a third party provider such as a public cloud. Besides its well documented benefits in cost and flexibility, outsourcing also introduces security issues. Peeking into or modifying traffic destined to the cloud are not the only threats we have to deal with; it can also be desirable to protect VNF code, input policies, and states from a malicious cloud provider. In recent years several solutions have been proposed toward mitigating the threats of outsourcing VNFs, using either cryptographic or trusted hardware- based mechanisms (the latter typically applying SGX). In this article, we provide an overview of methods for protecting the security of outsourced network functions. We introduce the challenges and emerging requirements, analyze the state of the art, and identify the gaps between the requirements and existing solutions. Furthermore, we outline a potential way to fill these gaps in order to devise a more complete solution