Browse Prior Art Database

Method and Apparatus for Protecting Unstructured Data in Untrusted Mobile Application Environments

IP.com Disclosure Number: IPCOM000240764D
Publication Date: 2015-Feb-26
Document File: 2 page(s) / 40K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is the concept of an "application origin" for the mobile device environment along with a framework that allows data owners to specify in-context policies while providing data to untrusted third-party mobile applications. This method and apparatus protect unstructured data in untrusted mobile application environments.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 2

Method and Apparatus for Protecting Unstructured Data in Untrusted Mobile Application Environments

Mobile applications often rely on user data, such as geolocation coordinates, to satisfy certain functionality. Applications typically use two ways to retrieve such data. First, the application taps into the device's resources, such as the sensors or storage. These items are administered by the mobile platform and the associated structure and semantics of access is well defined. Such items are classified as structured data. Second, the applications also directly collect data items from the user , using the application-controlled interfaces. Such items, classified as unstructured data, include passwords, emails, social media posts, etc., and require the user to have an understanding of the application's visual interface .

In modern mobile platforms, applications can obtain structured data such as location or contacts using well-defined Application Programming Interfaces (APIs). These APIs are protected by the platform by means of a capability -based permission system. The operating systems vary in the way the permissions are granted. For example, users approve the permissions at install time in one platform , while such approval is done at the time of first use in another. Previous research [1] has also developed mechanisms to provide complimentary protection for structured data .

On the other hand, protection of unstructured data has been largely ignored and left at the mercy of the applications. Unfortunately, mobile applications are often found to be vulnerable or malicious [2] and hence cannot to be trusted for protecting the personal data of the users. In many cases, the malicious applications are repackaged versions of the applications that can make it to the user's device via official or unofficial application markets. Since many service providers also enable third parties to develop applications that can interact with the associated servers, users are often unaware of the level of trustworthiness of the application being used .

A system-driven solution is needed to protect a user's sensitive data items from being leaked.

The novel contribution is a framework that allows data owners (i.e., the mobile users and the service providers) to specify in-context policies while providing data to untrusted third-party mobile applications. The owners tag any data that is contributed and then associate these tags with specific security and privacy policies. The framework tracks the flow of information from the contributed data items (sources) to the external entities

with whom the data is shared (sinks) and prevents any data sharing that goes against the associated policies; it prevents data leaks. The novel framework makes such policy associations less disruptive for the user by developing user-friendly specification mechanisms that monitor any...