tkperm cross platform permission knowledge transfer to
play

TKPERM: Cross-platform Permission Knowledge Transfer to Detect - PowerPoint PPT Presentation

Jan 11, 2024 •22 likes •842 views

TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications Faysal Hossain Shezan, Kaiming Cheng, Zhen Zhang, Yinzhi Cao, Yuan Tian Permission-based Access Control Android Chrome IFTTT 2

  1. TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications Faysal Hossain Shezan, Kaiming Cheng, Zhen Zhang, Yinzhi Cao, Yuan Tian

  2. Permission-based Access Control Android Chrome IFTTT 2

  3. Permission Correlation with Description Android App 3 UBER- https://play.google.com/store/apps/details?id=com.ubercab&hl=en_US

  4. Permission Correlation with Description Location Permission Android App Requested Permission 4 UBER- https://play.google.com/store/apps/details?id=com.ubercab&hl=en_US

  5. Permission Correlation with Description The app uses your location so your Location Permission driver knows where to pick you up. Android App Requested Permission Uber Description 5 UBER- https://play.google.com/store/apps/details?id=com.ubercab&hl=en_US

  6. Permission Correlation with Description The app uses your location so your Location Permission driver knows where to pick you up. Consistent Android App Requested Permission Uber Description 6 UBER- https://play.google.com/store/apps/details?id=com.ubercab&hl=en_US

  7. What is Overprivileged? GamingHub (Chrome Extension) 7 GamingHub- https://chrome.google.com/webstore/detail/gaminghub/eafoaklfmpnpdecnhhaailihkdbhkgin

  8. What is Overprivileged? GamingHub Location Permission (Chrome Extension) Requested Permission 8 GamingHub- https://chrome.google.com/webstore/detail/gaminghub/eafoaklfmpnpdecnhhaailihkdbhkgin

  9. What is Overprivileged? Primary Features: 1. Quick & Easy Access to popular web games 2. Minimalist & Elegant Design 3. Hand Picked High Quality GamingHub Wallpapers that change according Location Permission (Chrome Extension) to mood 4. New & Exciting ways for accessing Online Content 5. Let us know what you'd like, more to come soon! Requested Permission GamingHub Description 9 GamingHub- https://chrome.google.com/webstore/detail/gaminghub/eafoaklfmpnpdecnhhaailihkdbhkgin

  10. What is Overprivileged? No Explanation for the GamingHub Usage of Location Location Permission (Chrome Extension) Permission No Match Requested Permission GamingHub Description 10 GamingHub- https://chrome.google.com/webstore/detail/gaminghub/eafoaklfmpnpdecnhhaailihkdbhkgin

  11. Challenges 11 Taken from: https://iot-analytics.com/iot-platform-companies-landscape-2020/

  12. Challenges Extensive data labeling and parameter tuning on new platforms Some platforms have limited data 12 Taken from: https://iot-analytics.com/iot-platform-companies-landscape-2020/

  13. Key Insights Permission Knowledge Location Android App Chrome App 13

  14. Solution- Transfer Learning 14

  15. Goal General framework to detect unexpected permissions 15

  16. Research Questions 1. What knowledge to transfer? (e.g., what original domain should we select, what permissions in Android should we use)? 2. How to minimize the amount of labeled data needed? 16

  17. System Overview of TKPERM Source Platform Read Contacts Access Coarse Location Access Fine Location ………. Camera 17

  18. System Overview of TKPERM Source Platform Read Contacts Access Coarse Location 1 Access Fine Location Domain ………. Selection Camera 18

  19. System Overview of TKPERM Source Platform Read Contacts Source Model Training Access 2 Coarse Location 1 Access Fine Location Domain ………. Selection Camera 19

  20. System Overview of TKPERM 3 Source Platform Read Contacts Source Model Source Model Training Access 2 Coarse Location 1 Access Fine Location Domain ………. Selection Camera 20

  21. System Overview of TKPERM 3 Target Platforms Source Platform Chrome Read Contacts Source Model Geolocation Source Model Training Access Chrome Proxy 2 Coarse Location 1 Chrome Content Access Settings Fine Location Domain ………. ………. Selection SmartThings Camera Switch 21

  22. System Overview of TKPERM 3 Target Platforms Source Platform + 4 5 Chrome Read Contacts Source Model Geolocation Source Model Training Access Chrome Proxy 2 Coarse Location Data Selection 1 Chrome Content Access Settings Fine Location Domain ………. ………. Selection SmartThings Camera Switch 22

  23. System Overview of TKPERM 3 Target Platforms Source Platform + 4 5 Chrome Read Contacts Source Model Geolocation Source Model Training Access Chrome Proxy 2 Coarse Location Data Selection + 7 6 1 Chrome Content Access Settings Fine Location Domain ………. ………. Selection SmartThings Camera Target Model Switch Training 23

  24. System Overview of TKPERM 3 Target Platforms Source Platform + 4 5 Chrome Read Contacts Source Model Geolocation Source Model Training Access Chrome Proxy 2 Coarse Location Data Selection + 7 6 1 Chrome Content Access Settings Fine Location 8 Domain ………. ………. Selection SmartThings Camera Target Model Switch Target Model Training 24

  25. System Overview of TKPERM 3 Target Platforms Source Platform + 4 5 Chrome Read Contacts Source Model Geolocation Source Model Training Access Chrome Proxy 2 Coarse Location Data Selection + 7 6 1 Chrome Content Access Settings Fine Location 8 Domain ………. ………. Selection SmartThings Camera Target Model Switch Target Model Training 25

  26. Domain Selection Research Question: What knowledge to transfer? Greedy Selection Approach Compute and aggregate source domain(s) performs 26

  27. Domain Selection Research Question: What knowledge to transfer? Greedy Selection Approach Compute and Remove source aggregate source domain(s) which domain(s) work worst performs 27

  28. Domain Selection Research Question: What knowledge to transfer? Greedy Selection Approach Compute and Find the best Remove source aggregate source combination of domain(s) which domain(s) the source work worst performs domain(s) 28

  29. Domain Selection Greedy Selection Approach Compute and Find the best Remove source aggregate source combination of domain(s) which domain(s) the source work worst performs domain(s) Research Question: What knowledge to transfer? 29

  30. Data Selection Research Question: How to minimize the amount of labeled data needed? Use source model to rank the unlabeled document 30

  31. Data Selection Research Question: How to minimize the amount of labeled data needed? Use source Pick the top 20 model to rank documents from the unlabeled the target document domain 31

  32. Data Selection Research Question: How to minimize the amount of labeled data needed? Use source Pick the top 20 Ask human model to rank documents from annotator to the unlabeled the target label data document domain 32

  33. Data Selection Use source Pick the top 20 Ask human model to rank documents from annotator to the unlabeled the target label data document domain Research Question: How to minimize the amount of labeled data needed? 33

  34. Dataset 36,193 Sentences 4,705 Sentences Android Chrome SmartThings IFTTT 292 666 Sentences Sentences 34 Available at: https://drive.google.com/drive/u/1/folders/1Yfnz-ZpBpL8lftYIdM6JtH-QKE88NcSX

  35. Dataset 36,193 Sentences 4,705 Sentences Android Chrome SmartThings IFTTT 292 666 Sentences Sentences AUTOCOG 35 AutoCog: Measuring the Description-to-permission Fidelity in Android Applications, Qu et al. (CCS 2014)

  36. Evaluation Question 1. What is the end-to-end performance of TKPERM? Question 2. What is the performance of each component in TKPERM? Question 3. What is the computation overhead of TKPERM? 36

  37. Evaluation Question 1. What is the end-to-end performance of TKPERM? Question 2. What is the performance of each component Effectiveness in TKPERM? Question 3. What is the computation overhead of TKPERM? 37

  38. Evaluation (Effectiveness) Source Domain Selection : H-divergence v/s Greedy Selection in IFTTT Platform Target Domain Source Selection Source Domain(s) F1 Evernote H-Divergence Read Calendar 75.86% Greedy Selection Coarse Location + Fine Location + Camera 83.13% BMW Lab H-Divergence Read Contact 92.30% Greedy Selection Send SMS + Record Audio 95.24% Facebook H-Divergence Read Calendar 76.09% Greedy Selection Camera 88.09% Google Calendar H-Divergence Read Calendar 91.30% Greedy Selection Read Calendar + Coarse Location 92.30% Google Contact H-Divergence Read Contacts 99.20% Greedy Selection Read Contacts 99.20% 38

  39. Evaluation (Effectiveness) Source Domain Selection : H-divergence v/s Greedy Selection in IFTTT Platform Target Domain Source Selection Source Domain(s) F1 Evernote H-Divergence Read Calendar 75.86% Greedy Selection Coarse Location + Fine Location + Camera 83.13% BMW Lab H-Divergence Read Contact 92.30% Greedy Selection Send SMS + Record Audio 95.24% Facebook H-Divergence Read Calendar 76.09% Greedy Selection Camera 88.09% Google Calendar H-Divergence Read Calendar 91.30% Greedy Selection Read Calendar + Coarse Location 92.30% Google Contact H-Divergence Read Contacts 99.20% Greedy Selection Read Contacts 99.20% 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party

TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party

TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications Faysal Hossain Shezan and Kaiming Cheng (University of Virginia); Zhen Zhang and Yinzhi Cao (Johns Hopkins University); Yuan Tian (University

598 views • 24 slides
TkDND: a cross-platform dragndrop package Georgios Petasis Software and Knowledge

TkDND: a cross-platform dragndrop package Georgios Petasis Software and Knowledge

TkDND: a cross-platform dragndrop package Georgios Petasis Software and Knowledge Engineering Laboratory, Institute of Informatics and Telecommunications, National Centre for Scientific Research Demokritos, Athens, Greece

620 views • 18 slides
KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the

KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the

KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the process of extracting knowledge from whatever source including document, manuals, case studies, etc. Knowledge elicitation is a type of the

373 views • 26 slides
Technology Transfer or Knowledge Transfer? Russ Somma, Ph.D. SommaTech,LLC Affiliate of IPS

Technology Transfer or Knowledge Transfer? Russ Somma, Ph.D. SommaTech,LLC Affiliate of IPS

Technology Transfer or Knowledge Transfer? Russ Somma, Ph.D. SommaTech,LLC Affiliate of IPS Somerset ,New Jersey Technology Transfer or Knowledge Transfer? Lets set a time frame for our discussion. Assume the last ten years! Rationale

521 views • 33 slides
Corey Clark PhD Daniel Montgomery Web Dev Platform Cross Cross Platform Browser HTML5 Web

Corey Clark PhD Daniel Montgomery Web Dev Platform Cross Cross Platform Browser HTML5 Web

Corey Clark PhD Daniel Montgomery Web Dev Platform Cross Cross Platform Browser HTML5 Web Web WebGL Socket Worker Optimized Parallel Hardware Communication Acceleration Processing Channel Web Workers JaHOVA OS Internal APIs

957 views • 38 slides
Cross-platform reversing with Frida Ole Andr Vadla Ravns Cross-platform reversing with Frida

Cross-platform reversing with Frida Ole Andr Vadla Ravns Cross-platform reversing with Frida

Cross-platform reversing with Frida Ole Andr Vadla Ravns Cross-platform reversing with Frida Motivation Existing tools often not a good fit for the task at hand Creating a new tool usually takes too much effort Short feedback

1.17k views • 37 slides
Knowledge Transfer Across Industries Pumps and Pipes Conference, Sola Strand Hotell, 17 October

Knowledge Transfer Across Industries Pumps and Pipes Conference, Sola Strand Hotell, 17 October

HILDA B LYNG, PHD STUDENT, UNIVERSITY OF STAVANGER Making Your Knowledge Mine; Knowledge Transfer Across Industries Pumps and Pipes Conference, Sola Strand Hotell, 17 October 2018 17.10.2018 The potential of cross-industry innovation

388 views • 25 slides
Knowledge Transfer Using Latent Variable Models Ayan Acharya UT Austin, Department of ECE July

Knowledge Transfer Using Latent Variable Models Ayan Acharya UT Austin, Department of ECE July

Background Concurrent Knowledge Transfer Continual Knowledge Transfer Conclusion Backup Knowledge Transfer Using Latent Variable Models Ayan Acharya UT Austin, Department of ECE July 21, 2015 Background Concurrent Knowledge Transfer

1.28k views • 58 slides
Building Consistent Cross-Platform Interfaces Building Consistent Cross-Platform Interfaces

Building Consistent Cross-Platform Interfaces Building Consistent Cross-Platform Interfaces

Building Consistent Cross-Platform Interfaces Building Consistent Cross-Platform Interfaces https:/ /bit.ly/ato2018-cross-platform https:/ /bit.ly/ato2018-cross-platform-pdf @dbanksdesign #AllThingsOpen Consistent experiences help users

1k views • 46 slides
PD3: Better Cross-Lingual Transfer By Combining Direct Transfer and Annotation Projection Steffen

PD3: Better Cross-Lingual Transfer By Combining Direct Transfer and Annotation Projection Steffen

PD3: Better Cross-Lingual Transfer By Combining Direct Transfer and Annotation Projection Steffen Ege r* , Andreas Rckle, Iryna Gurevych 27.03.2018 | Fachbereich Informatik | UKP Lab 1 Argumentation Mining Fast-growing research field

402 views • 26 slides
P r N e o s e 2 F n 0 @ r t 1 i 7 a l t l i s o n Knowledge Transfer:

P r N e o s e 2 F n 0 @ r t 1 i 7 a l t l i s o n Knowledge Transfer:

P r N e o s e 2 F n 0 @ r t 1 i 7 a l t l i s o n Knowledge Transfer: Needs to be improved AVETRA 2013 Naming and claiming a research culture in Victorian TAFE Denise Stevens, VET Development Centre, Victoria Pam

872 views • 15 slides
Managing Knowledge Transfer John Flynt Compliance Knowledge Management Specialist April 4, 2018

Managing Knowledge Transfer John Flynt Compliance Knowledge Management Specialist April 4, 2018

Managing Knowledge Transfer John Flynt Compliance Knowledge Management Specialist April 4, 2018 KM_MD_A_0015_ST Introduction This presentation provides an overview of how a knowledge transfer specialist can work with a department or team to

580 views • 8 slides
Knowledge Transfer Goals A National Science Foundation Science and Technology Center

Knowledge Transfer Goals A National Science Foundation Science and Technology Center

Knowledge Transfer Goals A National Science Foundation Science and Technology Center Knowledge transfer is critical to the growth of the Center and to maximize the scientific and societal impact Support the sharing of data, knowledge,

498 views • 11 slides
A Little Knowledge is a Dangerous Thi Thing Technology Transfer Workshops Technology Transfer

A Little Knowledge is a Dangerous Thi Thing Technology Transfer Workshops Technology Transfer

NORDUnet Nordic I nfrastructure for Research & Education A Little Knowledge is a Dangerous Thi Thing Technology Transfer Workshops Technology Transfer Workshops Training the community in new networking technologies Jerry Sobieski

660 views • 30 slides
European Network for the Advancement of Clinical Gene Transfer and Therapy Adenovirus platform

European Network for the Advancement of Clinical Gene Transfer and Therapy Adenovirus platform

E DITION NOV 2009 Sixth Framework programme EC-DG research LSHB-CT-2006-018933 European Network for the Advancement of Clinical Gene Transfer and Therapy Adenovirus platform Non viral AAV methods platform platform CLINIGENE Retrovirus

359 views • 8 slides
Technology Acquisition & Transfer What is Technology Transfer ? Technology Transfer is

Technology Acquisition & Transfer What is Technology Transfer ? Technology Transfer is

7/2/2019 Technology Acquisition & Transfer What is Technology Transfer ? Technology Transfer is the process by which technology is disseminated. It involves communication of relevant knowledge by the Transferor to the Recipient.

224 views • 11 slides
A Non-Inclusive Memory Permissions Architecture for Protection Against Cross-Layer Attacks Jesse

A Non-Inclusive Memory Permissions Architecture for Protection Against Cross-Layer Attacks Jesse

A Non-Inclusive Memory Permissions Architecture for Protection Against Cross-Layer Attacks Jesse Elwell 1 Ryan Riley 2 Nael Abu-Ghazaleh 1 Dmitry Ponomarev 1 1 State University of New York at Binghamton Department of Computer Science 2 Qatar

872 views • 76 slides
pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78

pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78

pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78 NFSv4 WG Meeting, July 28, 2010 Sorin Faibish sfaibish@emc.com David Black - EMC Mike Eisler - NetApp Jason Glasgow - Google Problem Statement

376 views • 6 slides
Regions and Permissions for Data Invariants Romain Bardou and Claude March e Septembre 2009

Regions and Permissions for Data Invariants Romain Bardou and Claude March e Septembre 2009

Regions and Permissions for Data Invariants Romain Bardou and Claude March e Septembre 2009 Regions and Permissions for Data Invariants 1 / 1 Motivation preservation of data invariants in pointer programs ownership system of Spec#

301 views • 29 slides
Hardware Supported Permission Checks On Persistent Objects for Performance and Programmability

Hardware Supported Permission Checks On Persistent Objects for Performance and Programmability

Hardware Supported Permission Checks On Persistent Objects for Performance and Programmability Tiancong Wang, Sakthikumaran Sambasivam, James Tuck twang14@ncsu.edu or jtuck@ncsu.edu 1 NVM Programming 2 NVM Programming

1.67k views • 98 slides
PRIVACY AND MOBILE DEVICES Elizabeth Schlieper Patrick Gage Kelley, Lorrie Faith Cranor, and

PRIVACY AND MOBILE DEVICES Elizabeth Schlieper Patrick Gage Kelley, Lorrie Faith Cranor, and

PRIVACY AND MOBILE DEVICES Elizabeth Schlieper Patrick Gage Kelley, Lorrie Faith Cranor, and Norman Sadeh. 2013. Privacy as Lab study with 20 participants and a Mturk survey with 366 part of the app decision- participants making

473 views • 16 slides
This Lecture General Database Security Privileges Database Security Granting

This Lecture General Database Security Privileges Database Security Granting

This Lecture General Database Security Privileges Database Security Granting Revoking Views Database Systems SQL Insertion Attacks Michael Pound Further Reading The Manga Guide to Databases, Chapter 5 Database

285 views • 7 slides
Real-time Access Control Reconfiguration By Ashish Gehani and Gershon Kedem Department of

Real-time Access Control Reconfiguration By Ashish Gehani and Gershon Kedem Department of

Real-time Access Control Reconfiguration By Ashish Gehani and Gershon Kedem Department of Computer Science, Duke University Introduction Internet growth Increasingly frequent attacks Heterogenous deployed software More

585 views • 15 slides
Agenda Virtual Memory Final Review Assembly Calling Conventions Malloc/Free

Agenda Virtual Memory Final Review Assembly Calling Conventions Malloc/Free

Agenda Virtual Memory Final Review Assembly Calling Conventions Malloc/Free Caching Questions, Evaluations Virtual Memory Used for 3 things Efficient use of main memory (RAM) Use RAM as cache for parts of

499 views • 18 slides

More recommend