In the wake of the Facebook data breach scandal, users begin to realize how vulnerable their per-sonal data is and how blindly they trust the online social networks (OSNs) by giving them an inordinate amount of private data that touch on unlimited areas of their lives. In particular, stud-ies show that users sometimes reveal too much information or unintentionally release regretful messages, especially when they are careless, emotional, or unaware of privacy risks. Additionally, friends on social media platforms are also found to be adversarial and may leak one’s private in-formation. Threats from within users’ friend networks – insider threats by human or bots – may be more concerning because they are much less likely to be mitigated through existing solutions, e.g., the use of privacy settings. Therefore, we argue that the key component of privacy protection in social networks is protecting sensitive/private content, i.e. privacy as having the ability to control dissemination of information. A mechanism to automatically identify potentially sensitive/private posts and alert users before they are posted is urgently needed.

In this dissertation, we propose a context-aware, text-based quantitative model for private information assessment, namely PrivScore, which is expected to serve as the foundation of a privacy leakage alerting mechanism. We first solicit diverse opinions on the sensitiveness of private information from crowdsourcing workers, and examine the responses to discover a perceptual model behind the consensuses and disagreements. We then develop a computational scheme using deep neural networks to compute a context-free PrivScore (i.e., the “consensus” privacy score among average users). Finally, we integrate tweet histories, topic preferences and social contexts to generate a per-sonalized context-aware PrivScore. This privacy scoring mechanism could be employed to identify potentially-private messages and alert users to think again before posting them to OSNs. Such a mechanism could also benefit non-human users such as social media chatbots.​

Dynamic binary translation is the process of translating instruction code from one architecture to another while it executes, i.e., dynamically. As modern applications are becoming larger, more complex and more dynamic, the tools to manipulate these programs are also becoming increasingly complex. DynamoRIO is one such dynamic binary translation tool that targets the most common IA-32 (a.k.a. x86) architecture on the most popular operating systems - Windows and Linux. DynamoRIO includes applications ranging from program analysis and understanding to profiling, instrumentation, optimization, improving software security, and more. However, even considering all of these optimization techniques, DynamoRIO still has the limitations of performance and memory usage, which restrict deployment scalability. The goal of my thesis is to break down the various aspects which contribute to the overhead burden and evaluate which factors directly contribute to this overhead. This thesis will discuss all of these factors in further detail. If the process can be streamlined, this application will become more viable for widespread adoption in a variety of areas. We have used industry standard Mi benchmarks in order to evaluate in detail the amount and distribution of the overhead in DynamoRIO. Our statistics from the experiments show that DynamoRIO executes a large number of additional instructions when compared to the native execution of the application. Furthermore, these additional instructions are involved in building the basic blocks, linking, trace creation, and resolution of indirect branches, all of which in return contribute to the frequent exiting of the code cache. We will discuss in detail all of these overheads, show statistics of instructions for each overhead, and finally show the observations and analysis in this defense.

The Internet of Things is been a rapidly growing field that offers improved data collection, analysis and automation as solutions for everyday problems. A smart-city is one major example where these solutions can be applied to issues with urbanization. And while these solutions can help improve the quality of live of the citizens, there are always security & privacy risks. Data collected in a smart-city can infringe upon the privacy of users and reveal potentially harmful information. One example is a surveillance system in a smart city. Research shows that people are less likely to commit crimes if they are being watched. Video footage can also be used by law enforcement to track and stop criminals. But it can also be harmful if accessible to untrusted users. A malicious user who can gain access to a surveillance system can potentially use that information to harm others. There are researched methods that can be used to encrypt the video feed, but then it is only accessible to the system owner. Polls show that public opinion of surveillance systems is declining even if they provide increased security because of the lack of transparency in the system. Therefore, it is vital for the system to be able to do its intended purpose while also preserving privacy and holding malicious users accountable. 

To help resolve these issues with privacy & accountability and to allow for collaboration, we propose Corvus, an IoT surveillance system that targets smart communities. Corvus is a collaborative blockchain based surveillance system that uses context-based image captioning to anonymously describe events & people detected. These anonymous captions are stored on the immutable blockchain and are accessible by other users. If they find the description from another camera relevant to their own, they can request the raw video footage if necessary. This system supports collaboration between cameras from different networks, such as between two neighbors with their own private camera networks. This paper will explore the design of this system and how it can be used as a privacy-preserving, but translucent & accountable approach to smart-city surveillance. Our contributions include exploring a novel approach to anonymizing detected events and designing the surveillance system to be privacy-preserving and collaborative.