Home
Resource
Data protection via virtual micro security perimeters
PDF
PDF format is widely accepted and good for printing.
Plug-in required
PDF-1(14.72 MB)
Citation & Export
View Usage Statistics
Staff View

Citation & Export
Hide

Simple citation

Salles-Loustau, Gabriel. Data protection via virtual micro security perimeters. Retrieved from https://doi.org/doi:10.7282/T3RB7827

Export

Click here for information about Citation Management Tools at Rutgers.

Statistics
Hide

Description

TitleData protection via virtual micro security perimeters
NameSalles-Loustau, Gabriel (author); Zonouz, Saman (chair); Rutgers University; School of Graduate Studies
Date Created2018
Other Date2018-05 (degree)
SubjectElectrical and Computer Engineering, Computer security, Data protection
Extent1 online resource (xi, 122 p. : ill.)
DescriptionMobile devices have become the platform of reference for data consumption. Between personal and work related usages, users entrust their mobile devices to handle data from different sources with different sensitivity. Unfortunately, mobile device platforms are not designed to accommodate these usages and fail to provide adequate security mechanisms to guaranty users data protection or even isolation across sources. This thesis focuses on client-oriented data protection solutions for embedded devices and more specifically smartphone-based operating systems. Three main aspects are explored. First, this thesis introduces the concept of virtual micro security perimeters, or in short data capsules, as a new primitive to track and protect user data on smartphone devices. Data capsules consist in a set of data associated to a specific provenance or to a specific device usage (e.g., work vs personal). Contrary to security through compartmentalization solutions that often provide an inflexible isolation for data or execution environments, capsules leverage information flow tracking techniques as a primitive to track and protect capsules data. This approach enables the use of any application the user might like to access data of different sensitivity while still providing strong data protection guaranties. We present an implementation and an evaluation of this approach through a prototype developed on top of the Android operating system. Second, we propose a new approach to detect sensor-based data flows via the inspection of numerical operations and their operands. This approach uses numerical operations computed values as a flow detection mechanism rather than labels or taints that are commonly used in information flow tracking systems. We evaluate our approach through the implementation of a prototype that run as a third-party application and that does not require any system changes. This solution generates a minimal computation and space overhead while not sacrificing the flow detection accuracy. Finally, we present a data protection solution for point-of-care devices that greatly reduce the trusted computing-based for data protection by using a hardware-based domain specific scrambling mechanism for point-of-care medical devices.
NotePh.D.
NoteIncludes bibliographical references
Noteby Gabriel Salles-Loustau
Genretheses, ETD doctoral
Persistent URLhttps://doi.org/doi:10.7282/T3RB7827
Languageeng
CollectionSchool of Graduate Studies Electronic Theses and Dissertations
Organization NameRutgers, The State University of New Jersey
RightsThe author owns the copyright to this work.
Version 8.5.5
Rutgers University Libraries - Copyright ©2024