About the Event
Data dissemination is the process of forwarding data among multiple parties. Protecting data during its dissemination requires deploying mechanisms that take into consideration the full data lifecycle (from data creation through their dissemination to partial or total destruction, known as evaporation or apoptosis, respectively).
We discuss Active Bundles, our solution for protecting sensitive data during their dissemination covering the entire data lifecycle. An Active Bundle is a container with a payload of sensitive data, metadata, and embedded virtual machine. We show how this solution can protect sensitive data from their disclosure to unauthorized parties.
A virtual machine (VM) is a critical element of the Active Bundle solution. The four promising approaches for implementing the active bundle's VM, still under investigation, include: (i) using trusted third party, (ii) using existing mobile agent protection solutions, (iii) using existing secure computing approaches, and (iv) using code obfuscation.
We address these approaches in turn. First, we sketch a simple implementation of an active bundle's virtual machine based on using trusted third parties. Second, Active Bundles with their virtual machines can be implemented using the mobile agent mechanism. We survey and evaluate qualitatively nine different solutions proposed for protecting confidentiality of mobile agents in cases when they provide output to visited malicious hosts (as Active Bundles do). Third, a mobile agent implementing Active Bundles is an autonomous application, that is, a set of programs communicating with each other in such a way that the application is able to self-govern and is independent in its decision making. We investigate solutions for protecting confidentiality of autonomous applications known in the literature as secure computing with encrypted data/functions. We investigate the possibility of having a secure autonomous sequential VM that simulates an encrypted autonomous application. Fourth, we sketch a new method for using secure computing for program obfuscation. It transforms the control flow graph of the original program to a complete directed graph, and couples the source program P with a padding program PP to obtain an obfuscated program OP that includes concurrent programs.
Dr. Leszek Lilien is an Assistant Professor of Computer Science at Western Michigan University, Kalamazoo, Michigan. He received Ph.D. and M.S. degrees in Computer Science from University of Pittsburgh, and his Master of Engineering degree in Electronics/Computer Engineering from Wroclaw University of Technology, Wroclaw, Poland.
Dr. Lilien’s research focuses on opportunistic capability utilization networks, a specialized kind of ad hoc networks; as well as on privacy (including protecting privacy in sensitive data dissemination), trust and security in pervasive and open computing systems. He has published to date over 50 refereed journal and conference papers, and six book chapters. Ph.D. students working with him have received a number of best paper and best poster awards.
Dr. Lilien serves on the editorial boards of five journals. He organized and chaired the International Workshops on Specialized Ad Hoc Networks and Systems (SAHNS 2007 and SAHNS 2009), held in conjunction with the IEEE International Conferences on Distributed Computing Systems (ICDCS 2007 and ICDCS 2009). He is a Senior Member of IEEE.