• Document: ipshield: A Framework For Enforcing Context-Aware Privacy
  • Size: 1.46 MB
  • Uploaded: 2019-04-16 03:12:51
  • Status: Successfully converted


Some snippets from your converted document:

ipShield: A Framework For Enforcing ­ Context-Aware Privacy Supriyo Chakraborty, Chenguang Shen, Kasturi Rangan Raghavan, Yasser Shoukry, Matt Millar, and Mani Srivastava, University of California, Los Angeles https://www.usenix.org/conference/nsdi14/technical-sessions/presentation/chakraborty This paper is included in the Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’14). April 2–4, 2014 • Seattle, WA, USA ISBN 978-1-931971-09-6 Open access to the Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’14) is sponsored by USENIX ipShield: A Framework For Enforcing Context-Aware Privacy Supriyo Chakraborty, Chenguang Shen, Kasturi Rangan Raghavan, Yasser Shoukry, Matt Millar, Mani Srivastava University of California, Los Angeles Abstract install time, a user can either grant access to all the re- quested resources or opt to not use the app at all. But Smart phones are used to collect and share personal despite these provisions, cases of privacy violations by data with untrustworthy third-party apps, often leading third-party apps are rampant [33, 6, 55]. We observe to data misuse and privacy violations. Unfortunately, multiple problems with the current privacy mechanisms state-of-the-art privacy mechanisms on Android provide in Android. First, only a select set of sensors such as inadequate access control and do not address the vulner- GPS, camera, bluetooth are considered to be privacy- abilities that arise due to unmediated access to so-called prone and have their access mediated through protected innocuous sensors on these phones. We present ipShield, APIs [3]. Other onboard sensors such as accelerometer, a framework that provides users with greater control over gyroscope, light, etc. are considered to be innocuous, re- their resources at runtime. ipShield performs monitoring quiring no user permission. This specific vulnerability of of every sensor accessed by an app and uses this infor- unrestricted access to accelerometer and gyroscope data mation to perform privacy risk assessment. The risks are has been exploited to mount keylogging attacks [43], conveyed to the user as a list of possible inferences that and for reconstruction of travel trajectories [31]. Sec- can be drawn using the shared sensor data. Based on ond, various studies [52, 28], to understand users’ per- user-configured lists of allowed and private inferences, a ception of privacy in general and their understanding of recommendation consisting of binary privacy actions on Android permissions in particular, reveal that users are individual sensors is generated. Finally, users are pro- often oblivious to the implications of granting access to vided with options to override the recommended actions a particular type of sensor or resource on their phone at and manually configure context-aware fine-grained pri- install time. However, the perception quickly changes vacy rules. We implemented ipShield by modifying the to one of concern when apprised of the various sensitive AOSP on a Nexus 4 phone. Our evaluation indicates inferences that could be drawn using the shared data. Fi- that running ipShield incurs negligible CPU and mem- nally, users only have a binary choice of either accepting ory overhead and only a small reduction in battery life. all the requested permissions or not installing the app at all. Once installed, users do not have any provision to 1 Introduction revoke or modify the access restrictions during runtime. Smartphones have evolved from mere communica- Prior research have tried to address some of the above tion devices into sensing platforms supporting a sprawl- problems. TaintDroid [24] extends the Android OS by ing ecosystem of apps which thrive on the continu- adding taint bits to sensitive information and then track- ous and unobtrusive collection of personal sensory data. ing the flow of those bits through third-party apps to de- This data is often used by the apps to draw inferences tect malicious behavior. However, tainting sensor data about our personal, social, work a

Recently converted files (publicly available):