Abstract: Secure storage and management of data generated by the myriad of IoT devices present new challenges in the cloud era. How do we empower the user with ownership and fine-grained access control for IoT data without sacrificing performance or security? To address this challenge, we leverage the blockchain technology to bootstrap trust, for a
Abstract: Countless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security–critical, e.g., automotive electronics, medical devices, or SCADA systems. If the underlying ICs in such applications are maliciously manipulated through hardware Trojans, the security of the entire system can be
Abstract: “A new attack that uses terrestrial radio signals to hack a wide range of Smart TVs raises an unsettling prospect—the ability of hackers to take complete control of a large number of sets at once without having physical access to any of them. The proof-of-concept exploit uses a low-cost transmitter to embed malicious
Abstract: Location data can be extremely useful to study commuting patterns and disruptions, as well as to predict real-time traffic volumes. At the same time, however, the fine-grained collection of user locations raises serious privacy concerns, as this can reveal sensitive information about the users, such as, life style, political and religious inclinations, or even
Abstract: Intel Software Guard Extension (SGX) is an extension to the x86 instruction set that enables an application to isolate code and data in a container, called enclave. SGX hardware protects the enclave code and data against a malicious operating system, hypervisor, and even low-level firmwares. In particular, the hardware protects the confidentiality of enclave
Abstract: Eye tracking devices have recently become increasingly popular as an interface between people and consumer-grade electronic devices. Due to the fact that human eyes are fast, responsive, and carry information unique to individuals, analyzing person’s gaze is particularly attractive for effortless biometric authentication. We build upon the fact that some eye movements can
Abstract: Current security systems such as Tor make use of cryptographic approaches to achieve their properties — however, common cryptographic approaches do not provide any guarantees of the code that has executed. Thanks to the commodity Intel SGX execution environment, which offers a remotely verifiable isolated execution environment called enclave, we can achieve strong security
Abstract End-users often struggle with security systems that are too difficult to use and not designed to fulfil the users’ needs. In the current age, disruptive technologies are proliferating rapidly and a plethora of devices is interconnected and exchanges data. This always-online paradigm poses significant challenges to users as the underlying information-sharing models are difficult
Abstract When data maintained in a decentralized fashion needs to be synchronized or exchanged between different databases, related data sets usually get associated with a unique identifier. While this approach facilitates cross-domain data exchange, it also comes with inherent drawbacks in terms of controllability. As data records can easily be linked, no central authority can
Abstract Different methods have been proposed to mine attribute-based access control (ABAC) rules from logs. However, in many scenarios these methods mine and validate overly permissive rules. We define a novel measure, reliability, that improves upon other standard measures like accuracy and entropy in quantifying how overly permissive a rule is. We build upon subgroup