Access control

The goal of our work is to (a) capture people's expectations and surprises in using mobile apps in a scalable manner, and to (b) summarize these perceptions in a simple format to help people make better trust decisions. Our main idea is analyzing privacy in the form of people's expectations about what an app will and won't do, focusing on where an app breaks people's expectations. We are building an App Scanner that combines automated scanning techniques with crowdsourcing.

Cloud computing offers many benefits to users, including increased availability and flexibility of resources, and efficiency of equipment. However, privacy concerns are becoming a major barrier to users transitioning to cloud computing. The privilege design of existing cloud platforms creates great challenges in ensuring the trustworthiness of cloud by granting too much power to the cloud administrators, who could launch serious insider attacks by abusing the administrative privileges.

Computers and people live in a world governed by policy. At the lowest level, policies determine how information flows within networks; at the highest level, they describe how users' personal information is shared across applications. Of course, end-users, as policy authors, make mistakes: rules can have unintended consequences and multiple policies can interact in ways that their authors didn't intend. Users can benefit from tools to help them understand the policies they write and maintain. Policy analysis refers to rigorous methods for detecting these situations before they cause harm.

The ubiquity of computing technology and the Internet have created an age of big data that has the potential to greatly enhance the efficiency of our societies and the well-being of all people. The trend comes with problems that threaten to prevent or undermine the benefits. An immediate concern is how to fuse, integrate and analyze data while respecting privacy, security and usage concerns. A second issue is allowing data to remain distributed, enabling its owners to maintain and control quality as well as to enforce security and privacy policies.

A fundamental but challenging issue in information security is secure sharing and management of sensitive data and information among numerous organizations that form large-scale e-enterprises. Today, an increasing number of enterprises are using the Internet for managing and sharing users? and enterprise information through online databases. However, security and privacy of data is an overriding concern currently limiting the proliferation of information technology.