CAREER: A Holistic Context-based Approach for Security and Privacy in the Era of Ubiquitous Sensing and Computing

职业：无处不在的传感和计算时代的基于上下文的整体安全和隐私方法

• 批准号: 1943351
• 负责人: Murtuza Jadliwala
• 金额: $ 49.95万
• 依托单位: University of Texas at San Antonio
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-06-01 至 2025-05-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1943351&HistoricalAwards=false
• 关键词: CAREER; Holistic; Context; based; Approach

The phenomenal growth of ubiquitous sensing and computing devices such as smartphones, wearables and Internet-of-Things (IoT) enable exciting new applications that significantly improve the health, wellness, security and quality of life of our citizens. Sensors and actuators on-board these devices, however, can also be exploited to infer sensitive information about users or to compromise their safety and cyber security. Continued progress in sensor hardware, cloud and software (including, machine learning) technologies have caused new threats to emerge which current access control models and protection mechanisms are unable to address. One critical shortcoming of existing protection mechanisms is that they do not work across different types of sensors, applications and autonomous devices housing these sensors and applications. As applications on these devices operate in an isolated fashion, they are generally unaware of the holistic contextual information about users, often resulting in grave privacy threats. This project develops a new approach to expose and harness user context at multiple operational levels to protect against uncoordinated and unregulated sensing and actuation in mobile and IoT applications. The project's educational agenda is to develop a well-integrated and hands-on curriculum in mobile and IoT security and through community-focused educational summer camps, courses and training initiatives expose the curriculum to a diverse set of students and practitioners with varying skill-levels and backgrounds including San Antonio, TX area high school students, teachers, soldiers and veteransThe project plans to uncover new security and privacy risks in modern ubiquitous sensing and computing environments comprising of functionally heterogeneous and isolated sensors and applications and evaluate their feasibility in practical settings. To enable secure and privacy-preserving sensor access by applications, the project will design a novel framework that exposes and harnesses contextual information about users both at the device and network levels for achieving fine-grained and user-approved access control. The first design, called ConWare, will harness the exposed user context at the device level by defining user-approved access bindings between these contexts and the set of allowable sensing actions on that device within those contexts. The second design, called ConWareNet, will harness the exposed user context at the communication network level to regulate applications across an autonomous set of devices using similar user-approved bindings or policies. The project will also address the issue of preventing misuse of the exposed context and will design adaptation mechanisms for these frameworks to self-adjust in a dynamic sensing and actuation environment.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

无处不在的传感和计算设备（如智能手机、可穿戴设备和物联网（IoT））的惊人增长，使令人兴奋的新应用能够显著改善我们公民的健康、健康、安全和生活质量。然而，这些设备上的传感器和执行器也可以被利用来推断有关用户的敏感信息或危及他们的安全和网络安全。传感器硬件、云和软件（包括机器学习）技术的持续进步导致了新的威胁的出现，而当前的访问控制模型和保护机制无法解决这些问题。现有保护机制的一个关键缺点是它们不能跨不同类型的传感器、应用以及容纳这些传感器和应用的自主设备工作。由于这些设备上的应用程序以孤立的方式运行，它们通常不知道有关用户的整体上下文信息，这通常会导致严重的隐私威胁。该项目开发了一种新的方法，可以在多个操作层面上暴露和利用用户上下文，以防止移动的和物联网应用中不协调和不受管制的传感和驱动。该项目的教育议程是在移动的和物联网安全方面开发一个综合良好的实践课程，并通过以社区为中心的教育夏令营，课程和培训计划将课程展示给具有不同技能水平和背景的各种学生和从业人员，包括德克萨斯州圣安东尼奥地区的高中学生，教师，该项目计划揭示现代无处不在的传感和计算环境中新的安全和隐私风险，包括功能异构和隔离的传感器和应用程序，并评估其在实际环境中的可行性。为了使应用程序能够安全和保护隐私的传感器访问，该项目将设计一个新的框架，在设备和网络级别公开和利用有关用户的上下文信息，以实现细粒度和用户批准的访问控制。第一种设计称为ConWare，将通过定义这些上下文之间的用户批准的访问绑定以及这些上下文中该设备上的一组允许的感测动作，在设备级别利用暴露的用户上下文。第二种设计称为ConWareNet，将利用通信网络级别的暴露用户上下文，使用类似的用户批准的绑定或策略来管理一组自治设备上的应用程序。该项目还将解决防止滥用暴露背景的问题，并将为这些框架设计适应机制，以便在动态传感和驱动环境中进行自我调整。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

SkinSense: Efficient vibration-based communications over human body using motion sensors

SkinSense：使用运动传感器在人体上进行基于振动的高效通信

• DOI: 10.1016/j.iot.2023.100835
• 发表时间: 2023
• 期刊: Internet of Things
• 影响因子: 5.9
• 作者: Wijewickrama, Raveen;Dohadwalla, Sameer Anis;Maiti, Anindya;Jadliwala, Murtuza;Narain, Sashank
• 通讯作者: Narain, Sashank

Background Buster: Peeking through Virtual Backgrounds in Online Video Calls

背景破坏者：浏览在线视频通话中的虚拟背景

• DOI: 10.1109/dsn53405.2022.00058
• 发表时间: 2022
• 期刊: 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN
• 作者: Sabra, Mohd;Maiti, Anindya;Jadliwala, Murtuza
• 通讯作者: Jadliwala, Murtuza

BayBFed: Bayesian Backdoor Defense for Federated Learning

• DOI: 10.1109/sp46215.2023.10179362
• 发表时间: 2023-01
• 期刊: 2023 IEEE Symposium on Security and Privacy (SP)
• 作者: Kavita Kumari;P. Rieger;H. Fereidooni;Murtuza Jadliwala;A. Sadeghi

Smart Light-Based Information Leakage Attacks

基于智能光的信息泄露攻击

• DOI: 10.1145/3417084.3417091
• 发表时间: 2020
• 期刊: GetMobile: Mobile Computing and Communications
• 作者: Maiti, Anindya;Jadliwala, Murtuza
• 通讯作者: Jadliwala, Murtuza

Acoustics to the Rescue: Physical Key Inference Attack Revisited

• 发表时间: 2021
• 作者: Soundarya Ramesh;Rui Xiao;Anindya Maiti;Jong Taek Lee;Harini Ramprasad;Ananda Kumar;Murtuza Jadliwala-Murtuza