Title :
User-aware privacy control via extended static-information-flow analysis
Author :
Xusheng Xiao ; Tillmann, Nikolai ; Fahndrich, M. ; De Halleux, Jonathan ; Moskal, M.
Author_Institution :
North Carolina State Univ., Raleigh, NC, USA
Abstract :
Applications in mobile-marketplaces may leak private user information without notification. Existing mobile platforms provide little information on how applications use private user data, making it difficult for experts to validate applications and for users to grant applications access to their private data. We propose a user-aware privacy control approach, which reveals how private information is used inside applications. We compute static information flows and classify them as safe/unsafe based on a tamper analysis that tracks whether private data is obscured before escaping through output channels. This flow information enables platforms to provide default settings that expose private data only for safe flows, thereby preserving privacy and minimizing decisions required from users. We built our approach into TouchDevelop, an application-creation environment that allows users to write scripts on mobile devices and install scripts published by other users. We evaluate our approach by studying 546 scripts published by 194 users.
Keywords :
data privacy; information analysis; mobile computing; user interfaces; TouchDevelop environment; mobile marketplace; mobile platform; private user information; static-information-flow analysis; tamper analysis; user script writing; user-aware privacy control; Information Flow Analysis; Mobile Application; Privacy Control;
Conference_Titel :
Automated Software Engineering (ASE), 2012 Proceedings of the 27th IEEE/ACM International Conference on
Conference_Location :
Essen
Print_ISBN :
978-1-4503-1204-2
DOI :
10.1145/2351676.2351689
