per user policy enforcement on mobile apps through
play

Per-user Policy Enforcement on Mobile Apps through Network Functions - PowerPoint PPT Presentation

Jan 11, 2024 •364 likes •515 views

Per-user Policy Enforcement on Mobile Apps through Network Functions Virtualization Workshop on Mobility in the Evolving Internet Architecture Sep. 11, 2014, Maui, Hawaii, USA Yong Liao, Mario Baldi, Amedeo Sapio Gyan Ranjan, Alok Tongaonkar,

  1. Per-user Policy Enforcement on Mobile Apps through Network Functions Virtualization Workshop on Mobility in the Evolving Internet Architecture Sep. 11, 2014, Maui, Hawaii, USA Yong Liao, Mario Baldi, Amedeo Sapio Gyan Ranjan, Alok Tongaonkar, Fulvio Risso Ruben Torres, Antonio Nucci Politecnico di Torino Narus, Inc. Amedeo Sapio amedeo.sapio@polito.it

  2. Motivation Courtesy of SEN Technologies Amedeo Sapio amedeo.sapio@polito.it 2

  3. Motivation Amedeo Sapio amedeo.sapio@polito.it 3

  4. Motivation • Smartphones can collect a wide range of data • Different mobile apps have different vulnerabilities • Mobile apps traffic is largely undistinguishable from web traffic • Different mobile apps can use the same remote end-point • Use of encrypted connections by mobile apps is increasing • Different roles within an organization have different security clearances and necessities Amedeo Sapio amedeo.sapio@polito.it 4

  5. MAPPER Mobile Apps Personal Policy Enforcement Router • Network-based approach • Mobile apps aware policies • Device independent policies Bob’s Security • Per-user defined policies profile • Uniform protection among different APs • HTTPS support Bob’s Alice’s security security profile profile Amedeo Sapio amedeo.sapio@polito.it 5

  6. Mobile Application Identification Module App Flows profile XML summary MAI Features App Features Lookup Categorization Extraction Application Rule Metadata Categories (Identifiers) set Amedeo Sapio amedeo.sapio@polito.it 6

  7. FROG – Flexible and pROGrammable network node Dedicated lightweight VM for each user • Policy enforcement FROG node VM VM • Traffic segregation User 1 User 2 • Dynamic allocation Mobile App Network Filter monitor • Flexible policy definition Parental Firewall control Hypervisor Amedeo Sapio amedeo.sapio@polito.it 7

  8. MAPPER Architecture Network applications • Smart Wireless Access Point Marketplace • User dedicated lightweight VMs Content Filter Mobile app filter • Mobile Apps Identification engine Malware Firewall Detector • TLS proxy (MiMP) Parental MiMP bridge Network Control • Application content filtering Monitor MAPPER Mobile Application MiMP FROG Identification Module Management Server VM VM Mobile App User 1 User 2 Metadata Categorization Module Users & User Groups Classified policies VM Flows Parsed HTTP flows User 3 Permissions Rule App ID Mobility Classifier Engine Hypervisor Amedeo Sapio amedeo.sapio@polito.it 8

  9. MAPPER workflow Virtualization layer 1. IP redirection MAPPER User 2. TLS proxying GEX 1 PEX 4 3. Summary extraction 5 MAI Mobile App Filter 4. App Identification GEX 2 1 5. Policy consistency MiMP Bridge MiMP Server NIC 2 6. Policy enforcement 2 - 3 - 6 Hypervisor PEX : P ersonal EX ecution Environment NIC 1 GEX : G lobal EX ecution Environment MAI : M obile A pplication I dentification module Client MiMP : M an- i n-the- M iddle P roxy Amedeo Sapio amedeo.sapio@polito.it 9

  10. Evaluation – Single user Average throughput 500 requests for (MByte/s) 1 KB file Response time CDF ms Amedeo Sapio amedeo.sapio@polito.it 10

  11. Evaluation – Multi user Memory MB 500 online search queries Number of clients CPU RAM Throughput Response time 1 user 16.13% 3261 MB 104 Kb/s 778.8 ms 2 users 21.57% 3392 MB 102 Kb/s 751.6 ms Amedeo Sapio amedeo.sapio@polito.it 11

  12. Conclusions • MAPPER leverages Network Functions Virtualization for implementing fine-grained policies on mobile devices. • Policies can be designed according to:  Mobile apps  Categories  Devices • The system can easily scale to a large number of users exploiting load distribution and cloud computing. • Future studies will be directed towards performance improvements and additional functionalities. Amedeo Sapio amedeo.sapio@polito.it 12

  13. Questions? Amedeo Sapio amedeo.sapio@polito.it

  14. Thank you! Amedeo Sapio Gyan Ranjan amedeo.sapio@polito.it granjan@narus.com Fulvio Risso Alok Tongaonkar fulvio.risso@polito.it atongaonkar@narus.com Yong Liao Ruben Torres yliao@narus.com rtorres@narus.com Mario Baldi Antonio Nucci mbaldi@narus.com anucci@narus.com Amedeo Sapio amedeo.sapio@polito.it

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Educational Mobile Apps Dr. Agnieszka (Aga) Palalas October 2013 1 Educational Mobile Apps

Educational Mobile Apps Dr. Agnieszka (Aga) Palalas October 2013 1 Educational Mobile Apps

Educational Mobile Apps Dr. Agnieszka (Aga) Palalas October 2013 1 Educational Mobile Apps Outcome : To determine the key benefits and uses of mobile apps inside and outside the classroom. To identify the main issues to be considered when

620 views • 14 slides
Mobile Apps INFM 603 Week 10 Agenda Questions Mobile Apps HCI Project

Mobile Apps INFM 603 Week 10 Agenda Questions Mobile Apps HCI Project

Mobile Apps INFM 603 Week 10 Agenda Questions Mobile Apps HCI Project discussions Native Apps Live on device Access to all device features GPS, accelerometer, compass, list of contacts Written for specific

654 views • 38 slides
Contextual Factors in Mobile Security and Privacy Policy Enforcement Mobile Services and Edge

Contextual Factors in Mobile Security and Privacy Policy Enforcement Mobile Services and Edge

Contextual Factors in Mobile Security and Privacy Policy Enforcement Mobile Services and Edge Computing Workshop, Helsinki, 28.7.2016 Markus Miettinen Technische Universitt Darmstadt 28.07.2016 | Fachbereich Informatik | Lehrstuhl

542 views • 30 slides
Mobile Apps in the Marketplace Mobile Technology Association of Michigan 1 Mobile Apps in the

Mobile Apps in the Marketplace Mobile Technology Association of Michigan 1 Mobile Apps in the

Mobile Apps in the Phone: (248) 470-3257 Email: Linda@GoMobileMichigan.org Marketplace Twitter: twitter.com/GoMobileMI Mobile Apps in the Marketplace Mobile Technology Association of Michigan 1 Mobile Apps in the Phone: (248)

611 views • 32 slides
Please remember to mute your speakers. VA Mobile Discussion Series For audio, please dial in using

Please remember to mute your speakers. VA Mobile Discussion Series For audio, please dial in using

Please remember to mute your speakers. VA Mobile Discussion Series For audio, please dial in using VANTS: 1-800-767-1750 pc: 32523# Thank you for joining. We will begin shortly. How We Deploy New VA Mobile Apps VA MOBILE SECURE APPS REQUIRE USER

1.11k views • 67 slides
Delivering Delight to Mobile App Customers Our Apps. PRESENTATION NAME GOES HERE 2013 2015

Delivering Delight to Mobile App Customers Our Apps. PRESENTATION NAME GOES HERE 2013 2015

Delivering Delight to Mobile App Customers Our Apps. PRESENTATION NAME GOES HERE 2013 2015 2016/2017 New features in Adobe Mobile The Lott Mobile Apps are Tatts.com Mobile Apps Services are released to launched (Tatts.com

396 views • 24 slides
Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

WELCOME Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of information An App is a piece of so ware (a program) that needs to be installed on Mobile Apps are device specific, meaning that an App that runs

268 views • 12 slides
10 th Stakeholders Forum Harnessing mobile apps and social media for product safety Phil

10 th Stakeholders Forum Harnessing mobile apps and social media for product safety Phil

10 th Stakeholders Forum Harnessing mobile apps and social media for product safety Phil Tregunno, MHRA WEB-RADR Consortium Mobile Apps Mobile technology Apps Launched Package under development for other MS by the end of the project

368 views • 17 slides
Responsive Webapps & Mobile Apps Mobile-friendly CSS frameworks and introduction to mobile

Responsive Webapps & Mobile Apps Mobile-friendly CSS frameworks and introduction to mobile

Responsive Webapps & Mobile Apps Mobile-friendly CSS frameworks and introduction to mobile apps CS 370 SE Practicum, Cengiz Gnay (Some slides courtesy of Eugene Agichtein and the Internets) CS 370, Gnay (Emory) Responsive Webapps &

1.21k views • 67 slides
Building Pinterests Mobile Apps Mike Beltzner Product Manager Garrett Moon Mobile Team

Building Pinterests Mobile Apps Mike Beltzner Product Manager Garrett Moon Mobile Team

Building Pinterests Mobile Apps Mike Beltzner Product Manager Garrett Moon Mobile Team (iOS) Discover Pinterest Engineers Building Pinterests Mobile Apps Pinterest and mobile Launched iPhone app in 2011 Summer of Apps in

625 views • 36 slides
Mobile Apps Marketing strategies November 23 2015 Mohamed Abdeljalil Managing Director &

Mobile Apps Marketing strategies November 23 2015 Mohamed Abdeljalil Managing Director &

Mobile Apps Marketing strategies November 23 2015 Mohamed Abdeljalil Managing Director & Co-Founder of MIMV Technology MOBILE APPS: Time for Introduction ! 2 App IS Millions of Apps are released in the App stores, hundreds are

664 views • 49 slides
mobile measurements: the mobile app / OS perspective Why understanding mobile app performance is

mobile measurements: the mobile app / OS perspective Why understanding mobile app performance is

mobile measurements: the mobile app / OS perspective Why understanding mobile app performance is hard cellular performance matters to some apps most demanding apps multiplayer gaming VoIP video chat somewhat demanding web

806 views • 52 slides
WELCOME How to build Mobile apps for Magento stores Jenny Ta Max Ta Marketing manager CTO

WELCOME How to build Mobile apps for Magento stores Jenny Ta Max Ta Marketing manager CTO

WELCOME How to build Mobile apps for Magento stores Jenny Ta Max Ta Marketing manager CTO SimiCart.com| Magento in a mobile app Agenda - Opportunities to come - Hurdles to overcome - Build mobile apps. Without mobile coding - Q&A

570 views • 23 slides
Mobile Apps for Use in the City a living lab event about smart city mobile apps 26-27 January

Mobile Apps for Use in the City a living lab event about smart city mobile apps 26-27 January

Mobile Apps for Use in the City a living lab event about smart city mobile apps 26-27 January 2013, Sofia Dr Stavri Nikolov Digital Spaces Living Lab Founding Director stavri.nikolov@digitalspaces.info Digital Spaces Living Lab (DSLL) PLAYS

307 views • 29 slides
X A M A R I N . F O R M S F O R B E G I N N E R S A B O U T M E Tom Soderling Sr. Mobile Apps

X A M A R I N . F O R M S F O R B E G I N N E R S A B O U T M E Tom Soderling Sr. Mobile Apps

X A M A R I N . F O R M S F O R B E G I N N E R S A B O U T M E Tom Soderling Sr. Mobile Apps Developer @ Polaris Industries; Ride Command Xamarin.Forms enthusiast DevOps hobbyist & machine learning beginner 4 year XCMD Blog:

607 views • 43 slides
Mobile and Touch-Based Web Applications Corsin Decurtins Welcome Please switch off your mobile

Mobile and Touch-Based Web Applications Corsin Decurtins Welcome Please switch off your mobile

Mobile und Touch-Basierte Web Applikationen Mobile and Touch-Based Web Applications Corsin Decurtins Welcome Please switch off your mobile phones ... No wait! Introduction Mobile Applications Apps Web Apps Facebook cnn.com Gmail Twitter

797 views • 53 slides
Early validation of level 1b using the NESDIS real-time system November 2001 AIRS science team

Early validation of level 1b using the NESDIS real-time system November 2001 AIRS science team

Early validation of level 1b using the NESDIS real-time system November 2001 AIRS science team meeting NOAA/NESDIS Mitch Goldberg Walter Wolf Lihang Zhou Yanni Qu Murty Divarkarla Topics Early validation of

549 views • 15 slides
On Selecting the Right Optimizations for Virtual Machine Migration Senthil Nathan N , Umesh

On Selecting the Right Optimizations for Virtual Machine Migration Senthil Nathan N , Umesh

On Selecting the Right Optimizations for Virtual Machine Migration Senthil Nathan N , Umesh Bellur, Purushottam Kulkarni Systems and Networks Group (SynerG) Department of Computer Science and Engineering Indian Institute of Technology Bombay

682 views • 27 slides
Precision targets for luminometry at the LHC from theoretical perspective V.A. Khoze ( IPPP,

Precision targets for luminometry at the LHC from theoretical perspective V.A. Khoze ( IPPP,

Precision targets for luminometry at the LHC from theoretical perspective V.A. Khoze ( IPPP, Durham ) (Manchester, St. Petersburg, Helsinki & Rockefeller) 1 11% 5% 1-2% 2011 ~ 3.4% (ATLAS) ~ 4% (CMS) 2 PLAN Introduction (10

1.26k views • 64 slides
ScrambleSuit: A Polymorphic Network Protocol to Circumvent Censorship Philipp Winter 1 , Tobias

ScrambleSuit: A Polymorphic Network Protocol to Circumvent Censorship Philipp Winter 1 , Tobias

ScrambleSuit: A Polymorphic Network Protocol to Circumvent Censorship Philipp Winter 1 , Tobias Pulls 1 , and J urgen Fu 2 1 Karlstad University 2 FH Hagenberg November 4, 2013 Using Tor in China GFW actively probes bridges! . . . and

690 views • 24 slides
An Empirical Model of HTTP Network Traffic Bruce A. Mah bmah@ca.sandia.gov University of

An Empirical Model of HTTP Network Traffic Bruce A. Mah bmah@ca.sandia.gov University of

An Empirical Model of HTTP Network Traffic Bruce A. Mah bmah@ca.sandia.gov University of California at Berkeley and Sandia National Laboratories T Y O I F S R C E A V A L I I F N O U R L L E E I G H T

572 views • 15 slides
I T Security @ EC Challenges & Experiences Francisco Garca Morn Director General DG I

I T Security @ EC Challenges & Experiences Francisco Garca Morn Director General DG I

I T Security @ EC Challenges & Experiences Francisco Garca Morn Director General DG I nform atics European Com m ission Context What we do Experiences Policies 1. Context Economical recovery The 2020 Challenges Jobs,

714 views • 44 slides
Markov Jabberwocky: fesh , excenture , and the like John Kerl Department of Mathematics,

Markov Jabberwocky: fesh , excenture , and the like John Kerl Department of Mathematics,

Markov Jabberwocky: fesh , excenture , and the like John Kerl Department of Mathematics, University of Arizona August 26, 2009 J. Kerl (Arizona) Markov Jabberwocky: fesh , excenture , and the like August 26, 2009 1 / 18 Lewis Carrolls

1.41k views • 18 slides
XASM: A Cross-Enclave Composition Mechanism for Exascale System Software Noah Evans, Kevin

XASM: A Cross-Enclave Composition Mechanism for Exascale System Software Noah Evans, Kevin

XASM: A Cross-Enclave Composition Mechanism for Exascale System Software Noah Evans, Kevin Pedretti, Brian Kocoloski, John Lange, Michael Lang, Patrick G. Bridges nevans@sandia.gov 6/1/16 Sandia National Laboratories is a multi-program

647 views • 38 slides

More recommend