Browse Prior Art Database

System, Method and Apparatus for Optimizing Privacy Enforcement via Interaction Analysis

IP.com Disclosure Number: IPCOM000248189D
Publication Date: 2016-Nov-07
Document File: 2 page(s) / 46K

Publishing Venue

The IP.com Prior Art Database

Abstract

Efficient privacy enforcement where based on offline analysis of a multiplicity of applications, statistical correlations (e.g. computed via log-linear analysis) are determined between releases of private fields; these correlations then govern the synthesis of a runtime tracking policy; and finally, the tracking scheme (e.g. taint analysis) is applied at runtime to a subject application via code instrumentation

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 53% of the total text.

Page 01 of 2

System, ,

Method and Apparatus for Optimizing Privacy Enforcement via Interaction

      Method and Apparatus for Optimizing Privacy Enforcement via Interaction Analysis

Motivation

====================

Mobile devices often make access to, and release, private user information (e.g., the user's SIM/device ID, location, contacts, etc)

While some use cases are justified (e.g., authentication or location-based services), there are also less justified scenarios (e.g., contextual advertising or analytics that are sometimes overly intrusive) Privacy Enforcement

====================

Privacy enforcement is a collective term that captures runtime techniques to detect, and mitigate, privacy threats

Several such systems are available:

TaintDroid [Enck]

MockDroid [Beresford]

AppFence [Hornyack]

Challenges

====================

Performance overhead:

Privacy enforcement involves runtime tracking of private fields and transformations thereof (often in the form of taint tracking)

There is inherent overhead in propagating tracking labels Memory footprint:

Fine-grained tracking necessitates per-object labels

The memory cost of these labels can become significant [Bell]

Our Solution: Outline

====================

Find out the connections between different private fields (e.g., age and gender)

Adapt the enforcement system according to the uncovered association rules

If fields A and B are strongly related, then we can track them as a single unit

If fields A and B are inversely related, then once A is released we can coarsen tracking of B (and vice versa)

Large-scale analysis of 1,462 Apps from 25 different c...