New Techniques for Trustworthy Mobile Computing

Open Access
Author:
Chen, Xin
Graduate Program:
Computer Science and Engineering
Degree:
Doctor of Philosophy
Document Type:
Dissertation
Date of Defense:
October 16, 2015
Committee Members:
  • Sencun Zhu, Dissertation Advisor
  • Sencun Zhu, Committee Chair
  • Guohong Cao, Committee Member
  • Wang Chien Lee, Committee Member
  • Le Bao, Committee Member
Keywords:
  • Trust management
  • Tactical networks
  • Android security
  • Mobile privacy
  • Static taint analysis
Abstract:
Technology advances in wireless networking have engendered a new era of computing, called mobile computing, in which users carrying portable devices have access to shared networks regardless of their physical locations. The new computing paradigm provides users with seamless access to networked services, and therefore, revolutionizes the way how computers are used. While more and more users enjoy the convenient networked services brought by mobile computing, the unique characteristics of mobile computing in communication channels (e.g., WiFi, GSM, Bluetooth, NFC, SMS), in hardware (e.g., PDA, smartphone and wearable device) and in software (e.g., Palm OS, Apple iOS, Google Android) also have raised many new concerns on trust, security and privacy. In this dissertation, we present our studies on two types of mobile networks: tactical networks and mobile phone networks. For tactical networks, we elaborate our study about operational trust management and attack-resilient reputation management. Specifically, we first present Zigzag, a partial mutual revocation based trust management scheme, which allows rapid impeachment of identified malicious nodes, and then propose GlobalTrust, an attack-resilient reputation system for tactical networks, which aims at optimizing reputation assessment by identifying malicious nodes, and meanwhile, providing the consistency and resiliency. For mobile phone networks, we first present DroidLid, an automated functionality-aware privacy leakage analysis for Android applications. Prior approaches to detecting privacy leakage on smartphones primarily focused on the discovery of sensitive information flows but did not justify whether the leaked sensitive information flow is intended or not. In this study, we formulate it as a justification problem, which aims to justify the purpose of every sensitive information transmission in an app. We solve the justification problem by bridging the gap between the sensitive information transmission and application functions. Moreover, we propose SweetDroid, a calling-context-sensitive, fine-grained privacy policy enforcement framework for Android OS. Our policy enforcement framework is able to distinguish sensitive data requests at different calling contexts and applies different policy rules automatically. The policy enforcement framework takes an important step towards applying the contextual integrity theory for mobile applications. The design, implementation, demonstrations, and evaluation of proposed studies are elaborated in the dissertation.