Abstract
Applications in mobile marketplaces may leak private user information without notification. Existing mobile platforms provide little information on how applications use private user data, making it difficult for experts to validate applications and for users to grant applications access to their private data. We propose a user-aware-privacy-control approach, which reveals how private information is used inside applications. We compute static information flows and classify them as safe/unsafe based on a tamper analysis that tracks whether private data is obscured before escaping through output channels. This flow information enables platforms to provide default settings that expose private data for only safe flows, thereby preserving privacy and minimizing decisions required from users. We build our approach into TouchDevelop, an application-creation environment that allows users to write scripts on mobile devices and install scripts published by other users. We evaluate our approach by studying 546 scripts published by 194 users, and the results show that our approach effectively reduces the need to make access-granting choices to only 10.1 % (54) of all scripts. We also conduct a user survey that involves 50 TouchDevelop users to assess the effectiveness and usability of our approach. The results show that 90 % of the users consider our approach useful in protecting their privacy, and 54 % prefer our approach over other privacy-control approaches.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Data types in TouchDevelop are called kinds.
Meta data and comment statements are excluded for LOC computation.
Due to a bug of the online survey system, we lost part of the data for Q7. We can recover only part of the results based on our best efforts, and cannot provide exact rankings for the other two privacy-control approaches.
References
Askarov, A., Myers, A.: A semantic framework for declassification and endorsement. Programming Languages and Systems. LNCS, vol. 6012, pp. 64–84. Springer, Heidelberg (2010)
Budi, A., Lo, D., Jiang, L., Lucia: Kb-anonymity: a model for anonymized behaviour-preserving test and debugging data. In: Proceedings of PLDI, pp. 447–457 (2011)
Castro, M., Costa, M., Martin, J.-P.: Better bug reporting with better privacy. In: Proceedings of ASPLOS, pp. 319–328 (2008)
Clause, J., Orso, A.: Camouflage: automated anonymization of field data. In: Proceedings of ICSE, pp. 21–30 (2011)
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252 (1977)
Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19, 236–243 (1976)
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20, 504–513 (1977)
Egele, M., Kruegel, C., Kirda, E., Vigna, G.: PiOS: detecting privacy leaks in iOS applications. In: Proceedings of NDSS (2011)
Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of OSDI, pp. 1–6 (2010)
Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of USENIX Security Symposium (2011)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of CCS, pp. 235–245 (2009)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of CCS (2011)
Felt, A. P., Finifter, M., Chin, E., Hanna, S., and Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of SPSM, pp. 3–14 (2011)
Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Proceedings of WebApps (2011)
Ferrante, J., Ottenstein, K.J.: The program dependence graph and its use in optimization. ACM Trans. Program. Lang. Syst. 9, 319–349 (1987)
Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J.: Vision: automated security validation of mobile apps at app markets. In: Proceedings of MCS, pp. 21–26 (2011)
Grechanik, M., Csallner, C., Fu, C., Xie, Q.: Is data privacy always good for software testing? In: Proceedings of ISSRE, pp. 368–377 (2010)
Heintze, N., Riecke, J.G.: The SLam calculus: Programming with secrecy and integrity. In: Proceedings of POPL, pp. 365–377 (1998)
Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of CCS, pp. 639–652 (2011)
Howard, F.: Malware with your mocha: obfuscation and anti-emulation tricks inmalicious javascript. http://www.sophos.com/security/technical-papers/malware_with_your_mocha.pdf. Accessed Sept 2011
Kang, M.G., McCamant, S., Poosankam, P., Song, D.: DTA++: Dynamic taint analysis with targeted control-flow propagation. In: Proceedings of NDSS, San Diego, CA, February (2011)
Li, S., Xie, T., Tillmann, N.: A comprehensive field study of end-user programming on mobile devices. In: Proceedings of VL/HCC (2013)
MICROSOFT: What is user account control? http://windows.microsoft.com/en-US/windows-vista/What-is-User-Account-Control (2011)
Myers, A.C.: JFlow: practical mostly-static information flow control. In: Proceedings of POPL, pp. 228–241 (1999)
Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol. 9(4), 410–442 (2000)
Roesner, F.: User-driven access control: a new model for granting permissions in modern operating systems. Qualifying Examination Project, University of Washington, June (2011)
Roy, I., Porter, D.E., Bond, M.D., Mckinley, K.S., Witchel, E.: Laminar: practical fine-grained decentralized information flow control. In: Proceedings of PLDI, pp. 63–74 (2009)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Select. Areas Commun. 21, 5–19 (2002)
Saltzer, J. H., Schroeder, M. D.: The protection of information in computer systems. In: Proceedings of the IEEE, pp. 1278–1308 (1975)
Shieh, S.-P., Gligor, V. D.: Auditing the use of covert storage channels in secure systems. In: Proceedings of Oakland, pp. 285–295 (1990)
Taneja, K., Grechanik, M., Ghani, R., Xie, T.: Testing software in age of data privacy: a balancing act. In: Proceedings of ESEC/FSE, pp. 201–211 (2011)
Tillmann, N., Moskal, M., de Halleux, J.: Touchdevelop - programming cloud-connected mobile devices via touchscreen. Microsoft Technical Report MSR-TR-2011-49 (2011)
TouchDevelop. http://research.microsoft.com/en-us/projects/touchdevelop/ (2011). Accessed 21 Aug 2014
Vidas, T., Christin, N., Cranor, L.: Curbing Android permission creep. In: Proceedings of W2SP, Oakland, CA, May (2011)
Wetherall, D., Choffnes, D., Greenstein, B., Han, S., Hornyack, P., Jung, J., Schechter, S., Wang, X.: Privacy revelations for web and mobile apps. In: Proceedings of HotOS, pp. 21–21, Berkeley, CA, USA (2011). USENIX Association.
Xiao, X., Tillmann, N., Fähndrich, M., de Halleux, J., Moskal, M.: User-aware privacy control via extended static-information-flow analysis. In: Proceedings of ASE, pp. 80–89 (2012)
Xie, Y., Aiken, A.: Static detection of security vulnerabilities in scripting languages. In: Proceedings of USENIX Security (2006)
Zhu, D.Y., Jung, J., Song, D., Kohno, T., Wetherall, D.: TaintEraser: Protecting sensitive data leaks using application-level taint tracking, pp. 142–154. SIGOPS Operating Systems Review (2011)
Author information
Authors and Affiliations
Corresponding author
Additional information
This work was primarily done when Xusheng Xiao was at Microsoft Research as an intern.
This paper is an extended version of our previous work published at ASE 2012 (Xiao et al. 2012). Our previous work introduced the concept of user-aware privacy control via extended-information-flow analysis. In this work, we present a performance evaluation of our analysis and a user survey of the deployed system built based on our analysis.
Rights and permissions
About this article
Cite this article
Xiao, X., Tillmann, N., Fahndrich, M. et al. User-aware privacy control via extended static-information-flow analysis. Autom Softw Eng 22, 333–366 (2015). https://doi.org/10.1007/s10515-014-0166-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10515-014-0166-y