ABSTRACT
Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers' institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks.
In this work, we present a platform, Sensibility Testbed, for automated enforcement of the privacy policies set by IRBs. Our platform enforces such policies when a researcher runs code on mobile devices. The enforcement mechanism is a set of obfuscation layers in a secure sandbox, that can be customized for any level of IRB compliance, and can be augmented by policies set by the device owner.
- Justin Cappos, Armon Dadgar, Jeff Rasley, Justin Samuel, Ivan Beschastnikh, Cosmin Barsan, Arvind Krishnamurthy, and Thomas Anderson 2010. Retaining sandbox containment despite bugs in privileged memory-safe code Proceedings of the 17th ACM conference on Computer and communications security. ACM, 212--223. Google ScholarDigital Library
- Supriyo Chakraborty, Chenguang Shen, Kasturi Rangan Raghavan, Yasser Shoukry, Matt Millar, and Mani Srivastava 2014. ipShield: a framework for enforcing context-aware privacy 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14). USENIX Association, 143--156. Google ScholarDigital Library
- William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth 2014. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), Vol. 32, 2 (2014), 5. Google ScholarDigital Library
- Marco Gruteser and Dirk Grunwald 2003. Anonymous usage of location-based services through spatial and temporal cloaking Proceedings of the 1st international conference on Mobile systems, applications and services. ACM, 31--42. Google ScholarDigital Library
- Shashank Holavanalli, Don Manuel, Vishwas Nanjundaswamy, Brian Rosenberg, Feng Shen, Steven Y. Ko, and Lukasz Ziarek 2013. Flow permissions for android. In Automated Software Engineering (ASE), 2013 IEEE/ACM 28th International Conference on. IEEE, 652--657. Google ScholarDigital Library
- Apu Kapadia, Nikos Triandopoulos, Cory Cornelius, Daniel Peebles, and David Kotz. 2008. AnonySense: Opportunistic and privacy-preserving context collection. Pervasive Computing. Springer, 280--297. Google ScholarDigital Library
- Chucri A. Kardous and Peter B. Shaw 2014. Evaluation of smartphone sound measurement applicationsa). The Journal of the Acoustical Society of America, Vol. 135, 4 (2014), EL186--EL192.Google ScholarCross Ref
- Emiliano Miluzzo, Alexander Varshavsky, Suhrid Balakrishnan, and Romit Roy Choudhury. 2012. Tapprints: your finger taps have fingerprints. In Proceedings of the 10th international conference on Mobile systems, applications, and services. ACM, 323--336. Google ScholarDigital Library
- Mohamed F. Mokbel, Chi-Yin Chow, and Walid G. Aref. 2006. The new Casper: query processing for location services without compromising privacy Proceedings of the 32nd international conference on Very large data bases. VLDB Endowment, 763--774. Google ScholarDigital Library
- Anandatirtha Nandugudi, Anudipa Maiti, Taeyeon Ki, Fatih Bulut, Murat Demirbas, Tevfik Kosar, Chunming Qiao, Steven Y. Ko, and Geoffrey Challen. 2013. Phonelab: A large programmable smartphone testbed. Proceedings of First International Workshop on Sensing and Big Data Mining. ACM, 1--6. Google ScholarDigital Library
- Michael Reininger, Seth Miller, Yanyan Zhuang, and Justin Cappos 2015. A First Look at Vehicle Data Collection via Smartphone Sensors Sensors Applications Symposium (SAS), 2015 IEEE. IEEE.Google Scholar
- Zhi Xu, Kun Bai, and Sencun Zhu 2012. Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks. ACM, 113--124. Google ScholarDigital Library
- Yanyan Zhuang, Jianping Pan, Yuanqian Luo, and Lin Cai. 2011. Time and location-critical emergency message dissemination for vehicular ad-hoc networks. Selected Areas in Communications, IEEE Journal on, Vol. 29, 1 (2011), 187--196. Google ScholarDigital Library
- Sebastian Zimmeck, Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shomir Wilson, Norman Sadeh, Steven M. Bellovin, and Joel Reidenberg 2017. Automated analysis of privacy requirements for mobile apps Proceedings of the Network and Distributed System Security (NDSS) Symposium, Vol. Vol. 2017.Google Scholar
Index Terms
- Sensibility Testbed: Automated IRB Policy Enforcement in Mobile Research Apps
Recommendations
A posteriori compliance control
SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologiesWhile preventative policy enforcement mechanisms can provide theoretical guarantees that policy is correctly enforced, they have limitations in practice. They are inflexible when unanticipated circumstances arise, and most are either inflexible with ...
Privacy policy enforcement in enterprises with identity management solutions
PST '06: Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business ServicesPeople are usually asked by enterprises and other organizations to disclose their personal information to access web services and engage in business interactions. Enterprises need this information to enable their business processes. This is unlikely to ...
Attitudes Towards the Use of COVID-19 Apps and Its Associated Factors
HCI for Cybersecurity, Privacy and TrustAbstractSince early 2020, the COVID-19 pandemic has been significantly changing people’s daily lives as social activities are limited to slow down the spread of the novel coronavirus. New technologies, especially mobiles apps, have been widely applied to ...
Comments