Embed Size (px)
Citation preview
TowardsPrivacy-PreservingMobileApps:ABalancingActDengfeng Li1,WingLam1,WeiYang1,Zhengkai Wu1,Xusheng Xiao2,TaoXie1
1(UniversityofIllinoisatUrbana-Champaign,email:[email protected])2(CaseWesternReserveUniversity,email:[email protected])
Objective• Maximizeutilitieswhileminimizingtheamountofsensitiveinformationexposedtoprotectusers'appusagedata
Motivation• Collectingsomehighlysensitiveinformationprovideslittleornobenefittowardsdeliveringanapp’sutilities• Existingtechniqueslackcustomizedsolutionstopreserveuserprivacyatdifferentlevelswhiledeliveringuser-desirablelevelofutilityefficacy(e.g.,thenumberofenabledfeatures)
Example– Appdisplaysvideosonlyifsomesensitiveinformationispreviouslysenttoaremoteserver[1]
1.Sensitive-InputDetection• LeverageUIrendering,geometricallayoutanalysis,andNLPtoidentifysensitiveinputfields• Leveragesstaticdataflowanalysistodetectsensitiveinformation(suchasaGPSlocation)obtainedfromthesystem
4.Privacy-PreservingBalancing• Anonymizevarioussensitiveinformationwhileassuringthatthelevelofutilityefficacyisaboveauser-predefinedthreshold
3.Privacy-PolicyComplianceChecking• Checkwhetherthesensitiveinformationcollectedbyanappisprivacypreservingagainstthedeclaredprivacypolicy• Conductstaticdataflowanalysisontheappanditsbackendservertogenerateausagesummaryoftheobtainedsensitiveinformation• LeverageNLPtoannotatedeclaredprivacypolicytoextractkeyfeaturesrelatedtosensitive-informationusage• Checkgeneratedusagesummarywithextractedkeyfeaturesforinconsistencies
2.Utility-ImpactAnalysis• Anonymizeeachinput,andmeasureitsimpactontheutilitiesofanapp andproduceanutilityreport• Providemeasurementtoshowhoweachinputcontributestoanapp’sutilities
Proposedframework
[1]AndroidMalwarePromisesVideoWhileStealingContacts:https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-promises-video-while-stealing-contacts/
ThismaterialisbaseduponworksupportedbytheMarylandProcurementOfficeunderContractNo.H98230-14-C-0141
