Fadi Mohsen

Private and Anonymous Data Storage and Distribution in Cloud

Cloud storage systems have received extensive attention in recent years. Many individuals and business organizations are beginning to move their data to cloud environments. It becomes increasingly important to investigate secure file storage in cloud environments. In this paper, we present a secure distributed file distribution system in which the customers can directly choose appropriate design parameters and service providers. In our scheme, we use novel coding techniques that almost achieve the Shannon information bound with very efficient coding and decoding process. Our evaluations show the correctness and efficiency of the coding scheme. We show that the problem to find the satisfying file distribution under certain cost and security constraints is NP-hard, and present the Satisfiability Modulo Theories (SMT) formalization to find the satisfying data share distribution with cost and security constraints. The SMT formalization is flexible to be applied to other threshold based cloud file distribution system and can accommodate other constraints. We also analyse the security of the scheme by defining the security metric (compromising probability) for both the eavesdropping and DoS attackers and show that one must carefully choose design parameters to achieve the required security.

The Listening Patterns to System Events by Benign and Malicious Android Apps

Mobile applications have become an integral component of modern mobile operating systems. The usage pattern for these apps have increased tremendously the last ten years. At the same time, the security and privacy risks of these apps have also expanded in number and severity. In this paper, we spot the light on a critical component of Android mobile applications called Broadcast receivers. We focus on these receivers that are deliberately developed to listen to systems actions and events. The number of these actions has increased tremendously since the initial release of Android operating system. We showed that how such a component can pose serious privacy risks on users without their knowledge and awareness. We first illustrate a prototype of an attack that was possible due to the use of Broadcast receivers. We then show the results of analyzing a large dataset of malicious and benign Android applications in terms of their Broadcast receivers usages. Our prototype shows that with the use of Broadcast receivers the location privacy of users can be compromised, moreover, the dataset analysis results present that the usage of Broadcast receivers by malicious applications is remarkably higher than benign applications. Finally, we end with some conclusions and recommendations.