東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

FindBook

Google Book

Amazon

博客來

Principled Flow Tracking in IoT and Low-Level Applications.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Principled Flow Tracking in IoT and Low-Level Applications./
作者:	Bastys, Iulia.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2022,
面頁冊數:	334 p.
附註:	Source: Dissertations Abstracts International, Volume: 83-11, Section: B.
Contained By:	Dissertations Abstracts International83-11B.
標題:	Language. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=29101148
ISBN:	9798426885776

Principled Flow Tracking in IoT and Low-Level Applications.
Bastys, Iulia.

Principled Flow Tracking in IoT and Low-Level Applications. - Ann Arbor : ProQuest Dissertations & Theses, 2022 - 334 p.

Source: Dissertations Abstracts International, Volume: 83-11, Section: B.

Thesis (Ph.D.)--Chalmers Tekniska Hogskola (Sweden), 2022.

This item must not be sold to any third party vendors.

Significant fractions of our lives are spent digitally, connected to and dependent on Internet-based applications, be it through the Web, mobile, or IoT. All such applications have access to and are entrusted with private user data, such as location, photos, browsing habits, private feed from social networks, or bank details.In this thesis, we focus on IoT and Web(Assembly) apps. We demonstrate IoT apps to be vulnerable to attacks by malicious app makers who are able to bypass the sandboxing mechanisms enforced by the platform to stealthy exfiltrate user data. We further give examples of carefully crafted WebAssembly code abusing the semantics to leak user data.We are interested in applying language-based technologies to ensure application security due to the formal guarantees they provide. Such technologies analyze the underlying program and track how the information flows in an application, with the goal of either statically proving its security, or preventing insecurities from happening at runtime. As such, for protecting against the attacks on IoT apps, we develop both static and dynamic methods, while for securing WebAssembly apps we describe a hybrid approach, combining both.While language-based technologies provide strong security guarantees, they are still to see a widespread adoption outside the academic community where they emerged.In this direction, we outline six design principles to assist the developer in choosing the right security characterization and enforcement mechanism for their system.We further investigate the relative expressiveness of two static enforcement mechanisms which pursue fine- and coarse-grained approaches for tracking the flow of sensitive information in a system. Finally, we provide the developer with an automatic method for reducing the manual burden associated with some of the language-based enforcements.

ISBN: 9798426885776Subjects--Topical Terms:

643551
Language.

Principled Flow Tracking in IoT and Low-Level Applications.
LDR:02912nmm a2200325 4500 001 2352224
005 20221118093848.5
008 241004s2022 ||||||||||||||||| ||eng d
020 $a 9798426885776
035 $a (MiAaPQ)AAI29101148
035 $a (MiAaPQ)Chalmers_SE528209
035 $a AAI29101148
040 $a MiAaPQ $c MiAaPQ
100 1 $a Bastys, Iulia. $3 3691844
245 1 0 $a Principled Flow Tracking in IoT and Low-Level Applications.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2022
300 $a 334 p.
500 $a Source: Dissertations Abstracts International, Volume: 83-11, Section: B.
500 $a Advisor: Sabelfeld, Andrei.
502 $a Thesis (Ph.D.)--Chalmers Tekniska Hogskola (Sweden), 2022.
506 $a This item must not be sold to any third party vendors.
520 $a Significant fractions of our lives are spent digitally, connected to and dependent on Internet-based applications, be it through the Web, mobile, or IoT. All such applications have access to and are entrusted with private user data, such as location, photos, browsing habits, private feed from social networks, or bank details.In this thesis, we focus on IoT and Web(Assembly) apps. We demonstrate IoT apps to be vulnerable to attacks by malicious app makers who are able to bypass the sandboxing mechanisms enforced by the platform to stealthy exfiltrate user data. We further give examples of carefully crafted WebAssembly code abusing the semantics to leak user data.We are interested in applying language-based technologies to ensure application security due to the formal guarantees they provide. Such technologies analyze the underlying program and track how the information flows in an application, with the goal of either statically proving its security, or preventing insecurities from happening at runtime. As such, for protecting against the attacks on IoT apps, we develop both static and dynamic methods, while for securing WebAssembly apps we describe a hybrid approach, combining both.While language-based technologies provide strong security guarantees, they are still to see a widespread adoption outside the academic community where they emerged.In this direction, we outline six design principles to assist the developer in choosing the right security characterization and enforcement mechanism for their system.We further investigate the relative expressiveness of two static enforcement mechanisms which pursue fine- and coarse-grained approaches for tracking the flow of sensitive information in a system. Finally, we provide the developer with an automatic method for reducing the manual burden associated with some of the language-based enforcements.
590 $a School code: 0419.
650 4 $a Language. $3 643551
650 4 $a Java. $3 517732
650 4 $a Privacy. $3 528582
650 4 $a Annotations. $3 3561780
650 4 $a Enforcement. $3 3564162
650 4 $a Access control. $3 1458437
650 4 $a Semantics. $3 520060
650 4 $a Computer science. $3 523869
650 4 $a Linguistics. $3 524476
690 $a 0679
690 $a 0984
690 $a 0290
710 2 $a Chalmers Tekniska Hogskola (Sweden). $3 1913472
773 0 $t Dissertations Abstracts International $g 83-11B.
790 $a 0419
791 $a Ph.D.
792 $a 2022
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=29101148