A Socially-Aware Operating System for Trustworthy Computing Daniela Oliveira 1 , Dhiraj Murthy 1 , Henric Johnson 2 , S. Felix Wu 3 , Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology 3 University of California at Davis IEEE Workshop on Semantics, Security and Privacy September 21, 2011
25
Embed
A Socially-Aware Operating System for Trustworthy Computing
A Socially-Aware Operating System for Trustworthy Computing. Daniela Oliveira 1 , Dhiraj Murthy 1 , Henric Johnson 2 , S. Felix Wu 3 , Roozbeh Nia 3 and Jeff Rowe 3 1 Bowdoin College 2 Blekinge Institute of Technology 3 University of California at Davis. - PowerPoint PPT Presentation
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
A Socially-Aware Operating System for Trustworthy Computing
Daniela Oliveira1 , Dhiraj Murthy1, Henric Johnson2, S. Felix Wu3, Roozbeh Nia3 and Jeff Rowe3
1Bowdoin College2Blekinge Institute of Technology3University of California at Davis
IEEE Workshop on Semantics, Security and PrivacySeptember 21, 2011
Introduction
Limitations of Traditional Defense Solutions
The Challenge of Computing with Social Trust
The Socially-Aware OS
Applications, Benefits and Threats
Concluding Remarks
Outline
OSNs: rise in popularity; Malware landscape complex; Internet: social platform
◦ What can be trusted?
OSNs and the Malware Landscape
Internet
Based on social trust;
OS, architecture and applications should become socially-aware;
OSN users assign/have inferred trust values for friends and objects;
Continuum trusted-untrusted.
A Trustworthy Computing Paradigm
Distinguishing Benign x Malicious Signature, Behavior, Information-flow
models:◦ Automated, rigid and threat-specific.
Shift to Web-based computer paradigm:◦ Users accomplish most of their computing need
with browser.
What if we leverage social trust to distinguish a continuum of trusted/untrusted?
◦ Flexibility
◦ Diversity
◦ Stronger security policies
How can we think differently?
Signature-based◦ Defeated by code obfuscation, polymorphism,
metamorphism◦ Cannot prevent zero-day attacks
Behavior-based◦ Susceptible to false positives◦ Depends of relevant training data
Information flow-based◦ Usually assumes all data from the Internet as
untrusted: too restrictive
Traditional Defense Solutions
Unpredictability
Diversity
Continuum of trust/untrusted values
Human role
What is Missing?
In Sociology:◦ Essential commodity◦ Functional pre-requisite for society
Tool for making trustworthy decisions◦ Risk and uncertainty◦ An added bonus?
Computing with Social Trust◦ New research area
Social Trust
Operating systems manages:
◦ Processes;
◦ Memory;
◦ File systems;
◦ I/O devices;
The Socially- Aware Framework
Operating systems manages:
◦ Processes;
◦ Memory;
◦ File systems;
◦ I/O devices;
◦ Social trust
The Socially- Aware Framework
The Socially-Aware OS
People user is connected to: email addresses
Objects: URLs, files, IP addresses, files; Privacy preserved: only sharable objects
User Trust Repository
20 Years of Linux: http://www.cnn.com/2011/TECH/gaming.gadgets/08/25/linux.20/index.html?hpt=hp_bn7