Prajit Kumar Das

Demo: FaceBlock: privacy-aware pictures for google glass

Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services

CyberTwitter: using Twitter to generate alerts for cybersecurity threats and vulnerabilities

In order to secure vital personal and organizational system we require timely intelligence on cybersecurity threats and vulnerabilities. Intelligence about these threats is generally available in both overt and covert sources like the National Vulnerability Database, CERT alerts, blog posts, social media, and dark web resources. Intelligence updates about cybersecurity can be viewed as temporal events that a security analyst must keep up with so as to secure a computer system. We describe CyberTwitter, a system to discover and analyze cybersecurity intelligence on Twitter and serve as a OSINT (Open-source intelligence) source. We analyze real time information updates, in form of tweets, to extract intelligence about various possible threats. We use the Semantic Web RDF to represent the intelligence gathered and SWRL rules to reason over extracted intelligence to issue alerts for security analysts.

App behavioral analysis using system calls

System calls provide an interface to the services made available by an operating system. As a result, any functionality provided by a software application eventually reduces to a set of fixed system calls. Since system calls have been used in literature, to analyze program behavior we made an assumption that analyzing the patterns in calls made by a mobile application would provide us insight into its behavior. In this paper, we present our preliminary study conducted with 534 mobile applications and the system calls made by them. Due to a rising trend of mobile applications providing multiple functionalities, our study concluded, mapping system calls to functional behavior of a mobile application was not straightforward. We use Weka tool with manually annotated application behavior classes and system call features in our experiments, to show that using such features achieves mediocre F1-measure at best. Thus leading to the conclusion that system calls were not sufficient features for mobile application behavior classification.

ACM HotMobile 2013 poster: an energy efficient semantic context model for managing privacy on smartphones

We describe a method to carry out energy efficient privacy preservation on a mobile smartphone. Our work is based on a study of an Android smartphones component-wise energy consumption pattern and is based on a three-fold approach to ensure efficient execution of privacy policies, based on user and app context modeled using semantic web technologies.

Capturing Policies for Fine-Grained Access Control on Mobile Devices

As of 2016, there are more mobile devices than humans on earth. Today, mobile devices are a critical part of our lives and often hold sensitive corporate and personal data. As a result, they are a lucrative target for attackers, and managing data privacy and security on mobile devices has become a vital issue. Existing access control mechanisms in most devices are restrictive and inadequate. They do not take into account the context of a device and its user when making decisions. In many cases, the access granted to a subject should change based on the context of a device. Such fine-grained, context-sensitive access control policies have to be personalized too. In this paper, we present a system i.e. Mithril that uses policies represented in Semantic Web technologies and captured using user feedback, to handle access control on mobile devices. We present an iterative feedback process to capture user specific policy. We also present a policy violation metric that allows us to decide when the capture process is complete.