Corpus ID: 221139328

Making Distributed Mobile Applications SAFE: Enforcing User Privacy Policies on Untrusted Applications with Secure Application Flow Enforcement

  title={Making Distributed Mobile Applications SAFE: Enforcing User Privacy Policies on Untrusted Applications with Secure Application Flow Enforcement},
  author={Adriana Szekeres and Irene Zhang and Katelin Bailey and Isaac Ackerman and Haichen Shen and Franziska Roesner and Dan R. K. Ports and Arvind Krishnamurthy and Henry M. Levy},
Today's mobile devices sense, collect, and store huge amounts of personal information, which users share with family and friends through a wide range of applications. Once users give applications access to their data, they must implicitly trust that the apps correctly maintain data privacy. As we know from both experience and all-too-frequent press articles, that trust is often misplaced. While users do not trust applications, they do trust their mobile devices and operating systems… 
LensCap: split-process framework for fine-grained visual privacy control for augmented reality apps
LensCap, a split-process app design framework, in which the app is split into a camera-handling visual process and a connectivity- handling network process, is introduced, which confirms that visual privacy can be preserved with an insignificant latency penalty.


Hails: Protecting data privacy in untrusted web applications
A new web framework, Hails, is presented that adds mandatory access control and a declarative policy language to the familiar MVC architecture and is demonstrated through, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.
Secure Data Preservers for Web Services
This work examines a novel proposal wherein a user who hands off her data to a web service has complete choice over the code and policies that constrain access to her data, and evaluates the cost of privacy in the framework by characterizing the performance overhead compared to the status quo.
AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users
A knowledge base of mappings between API calls and fine-grained privacy-related behaviors is created and high-level behavior profiles of application behavior are produced to analyze users' opinions about how applications affect their privacy.
User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems
This paper takes the approach of user-driven access control, whereby permission granting is built into existing user actions in the context of an application, rather than added as an afterthought via manifests or system prompts.
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
TaintDroid is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data and enabling realtime analysis by leveraging Android’s virtualized execution environment.
Building Web Applications on Top of Encrypted Data Using Mylar
Mylar is presented, a platform for building web applications, which protects data confidentiality against attackers with full access to servers, and stores sensitive data encrypted on the server, and decrypts that data only in users' browsers.
Riverbed: Enforcing User-defined Privacy Constraints in Distributed Web Services
The Riverbed runtime places all data with compatible policies into the same universe (i.e., the same isolated instance of the full web service) and allows Riverbed to work with unmodified, legacy software; unlike prior IFC systems, it does not require developers to reason about security lattices, or manually annotate code with labels.
Securing Embedded User Interfaces: Android and Beyond
This paper explores the requirements for a system to support secure embedded user interfaces by systematically analyzing existing systems like browsers, smartphones, and research systems and evaluates the implementation using case studies that rely on embedded interfaces.
RIFLE: An Architectural Framework for User-Centric Information-Flow Security
It is proved that, contrary to statements in the literature, run-time systems like RIFLE are no less secure than existing language-based techniques, and the performance cost is reasonable.
A CleanRoom Approach to BYOA : Bring Your Own Apps
In this paper, we present CleanRoom, a new app platform designed to protect confidentiality in a Bring Your Own Apps (BYOA) world in which employees use their own third-party apps to create, edit,