Mosco: a privacy-aware middleware for mobile social computing

The proliferation of mobile devices coupled with Internet access is generating a tremendous amount of highly personal and sensitive data. Applications such as location-based services and quantified self harness such data to bring meaningful context to users’ behavior. As social applications are becoming prevalent, there is a trend for users to share their mobile data. The nature of online social networking poses new challenges for controlling access to private data, as compared to traditional enterprise systems. First, the user may have a large number of friends, each associated with a unique access policy. Second, the access control policies must be dynamic and fine-grained, i.e. they are content-based, as opposed to all-or-nothing. In this paper, we investigate the challenges in sharing of mobile data in social applications. We design and evaluate a middleware running on Google App Engine, named Mosco, that manages and facilitates sharing of mobile data in a privacy-preserving manner. We use Mosco to develop a location sharing and a health monitoring application. Mosco helps shorten the development process. Finally, we perform benchmarking experiments with Mosco, the results of which indicate small overhead and high scalability.

[1]  Ian Goldberg,et al.  Louis, Lester and Pierre: Three Protocols for Location Privacy , 2007, Privacy Enhancing Technologies.

[2]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[3]  Anwitaman Datta,et al.  Stream on the Sky: Outsourcing Access Control Enforcement for Stream Data to the Cloud , 2012, ArXiv.

[4]  Helen J. Wang,et al.  Enabling Security in Cloud Storage SLAs with CloudProof , 2011, USENIX ATC.

[5]  Deborah Estrin,et al.  PEIR, the personal environmental impact report, as a platform for participatory sensing systems research , 2009, MobiSys '09.

[6]  B Whyte With a little help from your friends... , 2003, Nature Reviews Drug Discovery.

[7]  Anwitaman Datta,et al.  The Blind Enforcer: On Fine-Grained Access Control Enforcement on Untrusted Clouds , 2012, IEEE Data Eng. Bull..

[8]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[9]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[10]  Alexandre M. Bayen,et al.  Virtual trip lines for distributed privacy-preserving traffic monitoring , 2008, MobiSys '08.

[11]  Xiaowei Yang,et al.  CloudCmp: Shopping for a Cloud Made Easy , 2010, HotCloud.

[12]  Yang Zhang,et al.  CarTel: a distributed mobile sensor computing system , 2006, SenSys '06.

[13]  Wenqiang Wang,et al.  City on the Sky: Extending XACML for Flexible, Secure Data Sharing on the Cloud , 2012, Journal of Grid Computing.

[14]  Saikat Guha,et al.  Koi: A Location-Privacy Platform for Smartphone Apps , 2012, NSDI.

[15]  Dan Boneh,et al.  Location Privacy via Private Proximity Testing , 2011, NDSS.

[16]  Madonna,et al.  Express Yourself , 2013 .

[17]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[18]  Vitaly Shmatikov,et al.  Airavat: Security and Privacy for MapReduce , 2010, NSDI.

[19]  Eugene Ciurana,et al.  Google App Engine , 2009 .

[20]  Minho Shin,et al.  Anonysense: privacy-aware people-centric sensing , 2008, MobiSys '08.

[21]  Ye Xu,et al.  Enabling large-scale human activity inference on smartphones using community similarity networks (csn) , 2011, UbiComp '11.