Visible to the public Biblio

Found 548 results

Filters: First Letter Of Last Name is B  [Clear All Filters]
A [B] C D E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
B M, Chandrakala, Linga Reddy, S C.  2019.  Proxy Re-Encryption using MLBC (Modified Lattice Based Cryptography). 2019 International Conference on Recent Advances in Energy-efficient Computing and Communication (ICRAECC). :1—5.
In last few years, Proxy Re-Encryption has been used for forwarding the encrypted message to the user, these users are the one who has not been a part of encryption. In the past several scheme were developed in order to provide the efficient and secure proxy re-encryption. However, these methodology mainly focused on features like maximum key privacy, minimal trust proxy and others. In such cases the efficiency and security was mainly ignored. Hence, in order to provide the efficient and secure proxy re-encryption, we proposed an algorithm named as MLBC (Modified Lattice Based Cryptography) is proposed. Our method is based on the PKE (Public Key Encryption) and it provides more efficiency when compared to the other cryptography technique. Later in order to evaluate the algorithm simulation is done based on several parameter such as encryption time, proxy key generation time, Re-encryption time and Total computation time. Later, it is compared with the existing algorithm and the plotted graph clearly shows that our algorithm outperforms the existing algorithm.
B. Boyadjis, C. Bergeron, S. Lecomte.  2015.  "Auto-synchronized selective encryption of video contents for an improved transmission robustness over error-prone channels". 2015 IEEE International Conference on Image Processing (ICIP). :2969-2973.

Selective encryption designates a technique that aims at scrambling a message content while preserving its syntax. Such an approach allows encryption to be transparent towards middle-box and/or end user devices, and to easily fit within existing pipelines. In this paper, we propose to apply this property to a real-time diffusion scenario - or broadcast - over a RTP session. The main challenge of such problematic is the preservation of the synchronization between encryption and decryption. Our solution is based on the Advanced Encryption Standard in counter mode which has been modified to fit our auto-synchronization requirement. Setting up the proposed synchronization scheme does not induce any latency, and requires no additional bandwidth in the RTP session (no additional information is sent). Moreover, its parallel structure allows to start decryption on any given frame of the video while leaving a lot of room for further optimization purposes.

B. C. M. Cappers, J. J. van Wijk.  2015.  "SNAPS: Semantic network traffic analysis through projection and selection". 2015 IEEE Symposium on Visualization for Cyber Security (VizSec). :1-8.

Most network traffic analysis applications are designed to discover malicious activity by only relying on high-level flow-based message properties. However, to detect security breaches that are specifically designed to target one network (e.g., Advanced Persistent Threats), deep packet inspection and anomaly detection are indispensible. In this paper, we focus on how we can support experts in discovering whether anomalies at message level imply a security risk at network level. In SNAPS (Semantic Network traffic Analysis through Projection and Selection), we provide a bottom-up pixel-oriented approach for network traffic analysis where the expert starts with low-level anomalies and iteratively gains insight in higher level events through the creation of multiple selections of interest in parallel. The tight integration between visualization and machine learning enables the expert to iteratively refine anomaly scores, making the approach suitable for both post-traffic analysis and online monitoring tasks. To illustrate the effectiveness of this approach, we present example explorations on two real-world data sets for the detection and understanding of potential Advanced Persistent Threats in progress.

B. Gu, Y. Fang, P. Jia, L. Liu, L. Zhang, M. Wang.  2015.  "A New Static Detection Method of Malicious Document Based on Wavelet Package Analysis". 2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP). :333-336.

More and more advanced persistent threat attacks has happened since 2009. This kind of attacks usually use more than one zero-day exploit to achieve its goal. Most of the times, the target computer will execute malicious program after the user open an infected compound document. The original detection method becomes inefficient as the attackers using a zero-day exploit to structure these compound documents. Inspired by the detection method based on structural entropy, we apply wavelet analysis to malicious document detection system. In our research, we use wavelet analysis to extract features from the raw data. These features will be used todetect whether the compound document was embed malicious code.

B. Yang, E. Martiri.  2015.  "Using Honey Templates to Augment Hash Based Biometric Template Protection". 2015 IEEE 39th Annual Computer Software and Applications Conference. 3:312-316.

Hash based biometric template protection schemes (BTPS), such as fuzzy commitment, fuzzy vault, and secure sketch, address the privacy leakage concern on the plain biometric template storage in a database through using cryptographic hash calculation for template verification. However, cryptographic hashes have only computational security whose being cracked shall leak the biometric feature in these BTPS; and furthermore, existing BTPS are rarely able to detect during a verification process whether a probe template has been leaked from the database or not (i.e., being used by an imposter or a genuine user). In this paper we tailor the "honeywords" idea, which was proposed to detect the hashed password cracking, to enable the detectability of biometric template database leakage. However, unlike passwords, biometric features encoded in a template cannot be renewed after being cracked and thus not straightforwardly able to be protected by the honeyword idea. To enable the honeyword idea on biometrics, diversifiability (and thus renewability) is required on the biometric features. We propose to use BTPS for his purpose in this paper and present a machine learning based protected template generation protocol to ensure the best anonymity of the generated sugar template (from a user's genuine biometric feature) among other honey ones (from synthesized biometric features).

Ba-Hutair, M. N., Kamel, I..  2016.  A New Scheme for Protecting the Privacy and Integrity of Spatial Data on the Cloud. 2016 IEEE Second International Conference on Multimedia Big Data (BigMM). :394–397.

As the amount of spatial data gets bigger, organizations realized that it is cheaper and more flexible to keep their data on the Cloud rather than to establish and maintain in-house huge data centers. Though this saves a lot for IT costs, organizations are still concerned about the privacy and security of their data. Encrypting the whole database before uploading it to the Cloud solves the security issue. But querying the database requires downloading and decrypting the data set, which is impractical. In this paper, we propose a new scheme for protecting the privacy and integrity of spatial data stored in the Cloud while being able to execute range queries efficiently. The proposed technique suggests a new index structure to support answering range query over encrypted data set. The proposed indexing scheme is based on the Z-curve. The paper describes a distributed algorithm for answering range queries over spatial data stored on the Cloud. We carried many simulation experiments to measure the performance of the proposed scheme. The experimental results show that the proposed scheme outperforms the most recent schemes by Kim et al. in terms of data redundancy.

Baba, Asif Iqbal, Jaeger, Manfred, Lu, Hua, Pedersen, Torben Bach, Ku, Wei-Shinn, Xie, Xike.  2016.  Learning-Based Cleansing for Indoor RFID Data. Proceedings of the 2016 International Conference on Management of Data. :925–936.

RFID is widely used for object tracking in indoor environments, e.g., airport baggage tracking. Analyzing RFID data offers insight into the underlying tracking systems as well as the associated business processes. However, the inherent uncertainty in RFID data, including noise (cross readings) and incompleteness (missing readings), pose challenges to high-level RFID data querying and analysis. In this paper, we address these challenges by proposing a learning-based data cleansing approach that, unlike existing approaches, requires no detailed prior knowledge about the spatio-temporal properties of the indoor space and the RFID reader deployment. Requiring only minimal information about RFID deployment, the approach learns relevant knowledge from raw RFID data and uses it to cleanse the data. In particular, we model raw RFID readings as time series that are sparse because the indoor space is only partly covered by a limited number of RFID readers. We propose the Indoor RFID Multi-variate Hidden Markov Model (IR-MHMM) to capture the uncertainties of indoor RFID data as well as the correlation of moving object locations and object RFID readings. We propose three state space design methods for IR-MHMM that enable the learning of parameters while contending with raw RFID data time series. We solely use raw uncleansed RFID data for the learning of model parameters, requiring no special labeled data or ground truth. The resulting IR-MHMM based RFID data cleansing approach is able to recover missing readings and reduce cross readings with high effectiveness and efficiency, as demonstrated by extensive experimental studies with both synthetic and real data. Given enough indoor RFID data for learning, the proposed approach achieves a data cleansing accuracy comparable to or even better than state-of-the-art techniques requiring very detailed prior knowledge, making our solution superior in terms of both effectiveness and employability.

Babaie, T., Chawla, S., Ardon, S., Yue Yu.  2014.  A unified approach to network anomaly detection. Big Data (Big Data), 2014 IEEE International Conference on. :650-655.

This paper presents a unified approach for the detection of network anomalies. Current state of the art methods are often able to detect one class of anomalies at the cost of others. Our approach is based on using a Linear Dynamical System (LDS) to model network traffic. An LDS is equivalent to Hidden Markov Model (HMM) for continuous-valued data and can be computed using incremental methods to manage high-throughput (volume) and velocity that characterizes Big Data. Detailed experiments on synthetic and real network traces shows a significant improvement in detection capability over competing approaches. In the process we also address the issue of robustness of network anomaly detection systems in a principled fashion.

Babasaheb, Desai Rahul, Raman, Indhumathi.  2018.  Survey on Fault Tolerance and Security in Mobile Ad Hoc Networks (MANETs). 2018 3rd International Conference for Convergence in Technology (I2CT). :1–5.
Providing fault tolerance in Mobile Ad hoc Networks (MANETs) is very tricky activity as nodes migrate from one place to other place and changes network topology. Also MANET is very susceptible for various attacks like DoS attacks etc. So providing security to MANET is also very difficult job. Multipath protocols provide better results than unipath protocols. Multipath protocols provide fault tolerance but many multipath protocols for MANETs not targeted security issues. Distributed and cooperative security that means Intrusion Detection System (IDS) gives better security to MANETs. In this paper we have discussed many confronts and concerns regarding fault tolerance and IDS.
Babay, Amy, Schultz, John, Tantillo, Thomas, Amir, Yair.  2018.  Toward an Intrusion-Tolerant Power Grid: Challenges and Opportunities. 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS). :1321–1326.
While cyberattacks pose a relatively new challenge for power grid control systems, commercial cloud systems have needed to address similar threats for many years. However, technology and approaches developed for cloud systems do not necessarily transfer directly to the power grid, due to important differences between the two domains. We discuss our experience adapting intrusion-tolerant cloud technologies to the power domain and describe the challenges we have encountered and potential directions for overcoming those obstacles.
Babay, Amy, Tantillo, Thomas, Aron, Trevor, Platania, Marco, Amir, Yair.  2018.  Network-Attack-Resilient Intrusion-Tolerant SCADA for the Power Grid. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :255–266.
As key components of the power grid infrastructure, Supervisory Control and Data Acquisition (SCADA) systems are likely to be targeted by nation-state-level attackers willing to invest considerable resources to disrupt the power grid. We present Spire, the first intrusion-tolerant SCADA system that is resilient to both system-level compromises and sophisticated network-level attacks and compromises. We develop a novel architecture that distributes the SCADA system management across three or more active sites to ensure continuous availability in the presence of simultaneous intrusions and network attacks. A wide-area deployment of Spire, using two control centers and two data centers spanning 250 miles, delivered nearly 99.999% of all SCADA updates initiated over a 30-hour period within 100ms. This demonstrates that Spire can meet the latency requirements of SCADA for the power grid.
Babay, Amy, Schultz, John, Tantillo, Thomas, Beckley, Samuel, Jordan, Eamon, Ruddell, Kevin, Jordan, Kevin, Amir, Yair.  2019.  Deploying Intrusion-Tolerant SCADA for the Power Grid. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :328–335.

While there has been considerable research on making power grid Supervisory Control and Data Acquisition (SCADA) systems resilient to attacks, the problem of transitioning these technologies into deployed SCADA systems remains largely unaddressed. We describe our experience and lessons learned in deploying an intrusion-tolerant SCADA system in two realistic environments: a red team experiment in 2017 and a power plant test deployment in 2018. These experiences resulted in technical lessons related to developing an intrusion-tolerant system with a real deployable application, preparing a system for deployment in a hostile environment, and supporting protocol assumptions in that hostile environment. We also discuss some meta-lessons regarding the cultural aspects of transitioning academic research into practice in the power industry.

Babenko, Ludmila, Maro, Ekaterina, Anikeev, Maxim.  2016.  Modeling of Algebraic Analysis of GOST+ Cipher in SageMath. Proceedings of the 9th International Conference on Security of Information and Networks. :100–103.

In this paper we present results of algebraic analysis of GOST⌖ algorithm in SageMath environment. Using the GOST⌖ as the example we explore basic stages of algebraic analysis of any symmetric block cipher based on Feistel network. We construct sets of boolean equations for five encryption rounds and determine the number of known text pairs for which the key can be found with the probability of 1. The algebraic analysis of five rounds of GOST⌖ allowed to find a 160-bit encryption key with the probability of 1 for five known text pairs within 797.21 s; the search for the solution took 24.66 s.

Babenko, Mikhail, Redvanov, Aziz Salimovich, Deryabin, Maxim, Chervyakov, Nikolay, Nazarov, Anton, Al-Galda, Safwat Chiad, Vashchenko, Irina, Dvoryaninova, Inna, Nepretimova, Elena.  2019.  Efficient Implementation of Cryptography on Points of an Elliptic Curve in Residue Number System. 2019 International Conference on Engineering and Telecommunication (EnT). :1—5.

The article explores the question of the effective implementation of arithmetic operations with points of an elliptic curve given over a prime field. Given that the basic arithmetic operations with points of an elliptic curve are the operations of adding points and doubling points, we study the question of implementing the arithmetic operations of adding and doubling points in various coordinate systems using the weighted number system and using the Residue Number System (RNS). We have shown that using the fourmodule RNS allows you to get an average gain for the operation of adding points of the elliptic curve of 8.67% and for the operation of doubling the points of the elliptic curve of 8.32% compared to the implementation using the operation of modular multiplication with special moduli from NIST FIPS 186.

Babiker, M., Khalifa, O. O., Htike, K. K., Hassan, A., Zaharadeen, M..  2017.  Automated daily human activity recognition for video surveillance using neural network. 2017 IEEE 4th International Conference on Smart Instrumentation, Measurement and Application (ICSIMA). :1–5.

Surveillance video systems are gaining increasing attention in the field of computer vision due to its demands of users for the seek of security. It is promising to observe the human movement and predict such kind of sense of movements. The need arises to develop a surveillance system that capable to overcome the shortcoming of depending on the human resource to stay monitoring, observing the normal and suspect event all the time without any absent mind and to facilitate the control of huge surveillance system network. In this paper, an intelligent human activity system recognition is developed. Series of digital image processing techniques were used in each stage of the proposed system, such as background subtraction, binarization, and morphological operation. A robust neural network was built based on the human activities features database, which was extracted from the frame sequences. Multi-layer feed forward perceptron network used to classify the activities model in the dataset. The classification results show a high performance in all of the stages of training, testing and validation. Finally, these results lead to achieving a promising performance in the activity recognition rate.

Babkin, Sergey, Epishkina, Anna.  2019.  Authentication Protocols Based on One-Time Passwords. 2019 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). :1794–1798.
Nowadays one-time passwords are used in a lot of areas of information technologies including e-commerce. A few vulnerabilities in authentication protocols based on one-time passwords are widely known. In current work, we analyze authentication protocols based on one-time passwords and their vulnerabilities. Both simple and complicated protocols which are implementing cryptographic algorithms are reviewed. For example, an analysis of relatively old Lamport's hash-chain protocol is provided. At the same time, we examine HOTP and TOTP protocols which are actively used nowadays. The main result of the work are conclusions about the security of reviewed protocols based on one-time passwords.
Babour, A., Khan, J.I..  2014.  Tweet Sentiment Analytics with Context Sensitive Tone-Word Lexicon. Web Intelligence (WI) and Intelligent Agent Technologies (IAT), 2014 IEEE/WIC/ACM International Joint Conferences on. 1:392-399.

In this paper we propose a twitter sentiment analytics that mines for opinion polarity about a given topic. Most of current semantic sentiment analytics depends on polarity lexicons. However, many key tone words are frequently bipolar. In this paper we demonstrate a technique which can accommodate the bipolarity of tone words by context sensitive tone lexicon learning mechanism where the context is modeled by the semantic neighborhood of the main target. Performance analysis shows that ability to contextualize the tone word polarity significantly improves the accuracy.

Babu, S., Markose, S..  2018.  IoT Enabled Robots with QR Code Based Localization. 2018 International Conference on Emerging Trends and Innovations In Engineering And Technological Research (ICETIETR). :1–5.

Robots are sophisticated form of IoT devices as they are smart devices that scrutinize sensor data from multiple sources and observe events to decide the best procedural actions to supervise and manoeuvre objects in the physical world. In this paper, localization of the robot is addressed by QR code Detection and path optimization is accomplished by Dijkstras algorithm. The robot can navigate automatically in its environment with sensors and shortest path is computed whenever heading measurements are updated with QR code landmark recognition. The proposed approach highly reduces computational burden and deployment complexity as it reflects the use of artificial intelligence to self-correct its course when required. An Encrypted communication channel is established over wireless local area network using SSHv2 protocol to transfer or receive sensor data(or commands) making it an IoT enabled Robot.

Babu, T. Kishore, Guruprakash, C. D..  2019.  A Systematic Review of the Third Party Auditing in Cloud Security: Security Analysis, Computation Overhead and Performance Evaluation. 2019 3rd International Conference on Computing Methodologies and Communication (ICCMC). :86–91.
Cloud storage offers a considerable efficiency and security to the user's data and provide high flexibility to the user. The hackers make attempt of several attacks to steal the data that increase the concern of data security in cloud. The Third Party Auditing (TPA) method is introduced to check the data integrity. There are several TPA methods developed to improve the privacy and efficiency of the data integrity checking method. Various methods involved in TPA, have been analyzed in this review in terms of function, security and overall performance. Merkel Hash Tree (MHT) method provides efficiency and security in checking the integrity of data. The computational overhead of the proof verify is also analyzed in this review. The communication cost of the most TPA methods observed as low and there is a need of improvement in security of the public auditing.
Babu, V., Kumar, R., Nguyen, H. H., Nicol, D. M., Palani, K., Reed, E..  2017.  Melody: Synthesized datasets for evaluating intrusion detection systems for the smart grid. 2017 Winter Simulation Conference (WSC). :1061–1072.

As smart grid systems become increasingly reliant on networks of control devices, attacks on their inherent security vulnerabilities could lead to catastrophic system failures. Network Intrusion Detection Systems(NIDS) detect such attacks by learning traffic patterns and finding anomalies in them. However, availability of data for robust training and evaluation of NIDS is rare due to associated operational and security risks of sharing such data. Consequently, we present Melody, a scalable framework for synthesizing such datasets. Melody models both, the cyber and physical components of the smart grid by integrating a simulated physical network with an emulated cyber network while using virtual time for high temporal fidelity. We present a systematic approach to generate traffic representing multi-stage attacks, where each stage is either emulated or recreated with a mechanism to replay arbitrary packet traces. We describe and evaluate the suitability of Melodys datasets for intrusion detection, by analyzing the extent to which temporal accuracy of pertinent features is maintained.

Back, J., Kim, J., Lee, C., Park, G., Shim, H..  2017.  Enhancement of Security against Zero Dynamics Attack via Generalized Hold. 2017 IEEE 56th Annual Conference on Decision and Control (CDC). :1350–1355.

Zero dynamics attack is lethal to cyber-physical systems in the sense that it is stealthy and there is no way to detect it. Fortunately, if the given continuous-time physical system is of minimum phase, the effect of the attack is negligible even if it is not detected. However, the situation becomes unfavorable again if one uses digital control by sampling the sensor measurement and using the zero-order-hold for actuation because of the `sampling zeros.' When the continuous-time system has relative degree greater than two and the sampling period is small, the sampled-data system must have unstable zeros (even if the continuous-time system is of minimum phase), so that the cyber-physical system becomes vulnerable to `sampling zero dynamics attack.' In this paper, we begin with its demonstration by a few examples. Then, we present an idea to protect the system by allocating those discrete-time zeros into stable ones. This idea is realized by employing the so-called `generalized hold' which replaces the zero-order-hold.

Backes, M., Keefe, K., Valdes, A..  2017.  A microgrid ontology for the analysis of cyber-physical security. 2017 Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES). :1–6.
The IEC 61850 protocol suite for electrical sub-station automation enables substation configuration and design for protection, communication, and control. These power system applications can be formally verified through use of object models, common data classes, and message classes. The IEC 61850-7-420 DER (Distributed Energy Resource) extension further defines object classes for assets such as types of DER (e.g., energy storage, photovoltaic), DER unit controllers, and other DER-associated devices (e.g., inverter). These object classes describe asset-specific attributes such as state of charge, capacity limits, and ramp rate. Attributes can be fixed (rated capacity of the device) dynamic (state of charge), or binary (on or off, dispatched or off-line, operational or fault state). We sketch out a proposed ontology based on the 61850 and 61850-7-420 DER object classes to model threats against a micro-grid, which is an electrical system consisting of controllable loads and distributed generation that can function autonomously (in island mode) or connected to a larger utility grid. We consider threats against the measurements on which the control loop is based, as well as attacks against the control directives and the communication infrastructure. We use this ontology to build a threat model using the ADversary View Security Evaluation (ADVISE) framework, which enables identification of attack paths based on adversary objectives (for example, destabilize the entire micro-grid by reconnecting to the utility without synchronization) and helps identify defender strategies. Furthermore, the ADVISE method provides quantitative security metrics that can help inform trade-off decisions made by system architects and controls.
Backes, M., Berrang, P., Bieg, M., Eils, R., Herrmann, C., Humbert, M., Lehmann, I..  2017.  Identifying Personal DNA Methylation Profiles by Genotype Inference. 2017 IEEE Symposium on Security and Privacy (SP). :957–976.

Since the first whole-genome sequencing, the biomedical research community has made significant steps towards a more precise, predictive and personalized medicine. Genomic data is nowadays widely considered privacy-sensitive and consequently protected by strict regulations and released only after careful consideration. Various additional types of biomedical data, however, are not shielded by any dedicated legal means and consequently disseminated much less thoughtfully. This in particular holds true for DNA methylation data as one of the most important and well-understood epigenetic element influencing human health. In this paper, we show that, in contrast to the aforementioned belief, releasing one's DNA methylation data causes privacy issues akin to releasing one's actual genome. We show that already a small subset of methylation regions influenced by genomic variants are sufficient to infer parts of someone's genome, and to further map this DNA methylation profile to the corresponding genome. Notably, we show that such re-identification is possible with 97.5% accuracy, relying on a dataset of more than 2500 genomes, and that we can reject all wrongly matched genomes using an appropriate statistical test. We provide means for countering this threat by proposing a novel cryptographic scheme for privately classifying tumors that enables a privacy-respecting medical diagnosis in a common clinical setting. The scheme relies on a combination of random forests and homomorphic encryption, and it is proven secure in the honest-but-curious model. We evaluate this scheme on real DNA methylation data, and show that we can keep the computational overhead to acceptable values for our application scenario.

Backes, M., Rieck, K., Skoruppa, M., Stock, B., Yamaguchi, F..  2017.  Efficient and Flexible Discovery of PHP Application Vulnerabilities. 2017 IEEE European Symposium on Security and Privacy (EuroS P). :334–349.

The Web today is a growing universe of pages and applications teeming with interactive content. The security of such applications is of the utmost importance, as exploits can have a devastating impact on personal and economic levels. The number one programming language in Web applications is PHP, powering more than 80% of the top ten million websites. Yet it was not designed with security in mind and, today, bears a patchwork of fixes and inconsistently designed functions with often unexpected and hardly predictable behavior that typically yield a large attack surface. Consequently, it is prone to different types of vulnerabilities, such as SQL Injection or Cross-Site Scripting. In this paper, we present an interprocedural analysis technique for PHP applications based on code property graphs that scales well to large amounts of code and is highly adaptable in its nature. We implement our prototype using the latest features of PHP 7, leverage an efficient graph database to store code property graphs for PHP, and subsequently identify different types of Web application vulnerabilities by means of programmable graph traversals. We show the efficacy and the scalability of our approach by reporting on an analysis of 1,854 popular open-source projects, comprising almost 80 million lines of code.

Backes, Michael, Bugiel, Sven, Huang, Jie, Schranz, Oliver.  2016.  POSTER: The ART of App Compartmentalization. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :1811–1813.

On Android, advertising libraries are commonly integrated with their host apps. Since the host and advertising components share the application's sandbox, advertisement code inherits all permissions and can access host resources with no further approval needed. Motivated by the privacy risks of advertisement libraries as already shown in the literature, this poster introduces an Android Runtime (ART) based app compartmentalization mechanism to achieve separation between trusted app code and untrusted library code without system modification and application rewriting. With our approach, advertising libraries will be isolated from the host app and the original app will be partitioned into two sub-apps that run independently, with the host app's resources and permissions being protected by Android's app sandboxing mechanism. ARTist [1], a compiler-based Android app instrumentation framework, is utilized here to recreate the communication channels between host and advertisement library. The result is a robust toolchain on device which provides a clean separation of developer-written app code and third-party advertisement code, allowing for finer-grained access control policies and information flow control without OS customization and application rebuilding.