Privacy Preserving Data Mining Lecture 3 Non-Cryptographic Approaches for Preserving Privacy
Towards Privacy -Preserving Mobile Apps: A...
Transcript of Towards Privacy -Preserving Mobile Apps: A...
![Page 1: Towards Privacy -Preserving Mobile Apps: A …publish.illinois.edu/science-of-security-lablet/files/...Towards Privacy -Preserving Mobile Apps: A Balancing Act DengfengLi1, Wing Lam1,](https://reader035.fdocuments.net/reader035/viewer/2022062922/5f0836a17e708231d420e5d2/html5/thumbnails/1.jpg)
TowardsPrivacy-PreservingMobileApps:ABalancingActDengfeng Li1,WingLam1,WeiYang1,Zhengkai Wu1,Xusheng Xiao2,TaoXie1
1(UniversityofIllinoisatUrbana-Champaign,email:[email protected])2(CaseWesternReserveUniversity,email:[email protected])
Objective• Maximizeutilitieswhileminimizingtheamountofsensitiveinformationexposedtoprotectusers'appusagedata
Motivation• Collectingsomehighlysensitiveinformationprovideslittleornobenefittowardsdeliveringanapp’sutilities• Existingtechniqueslackcustomizedsolutionstopreserveuserprivacyatdifferentlevelswhiledeliveringuser-desirablelevelofutilityefficacy(e.g.,thenumberofenabledfeatures)
Example– Appdisplaysvideosonlyifsomesensitiveinformationispreviouslysenttoaremoteserver[1]
1.Sensitive-InputDetection• LeverageUIrendering,geometricallayoutanalysis,andNLPtoidentifysensitiveinputfields• Leveragesstaticdataflowanalysistodetectsensitiveinformation(suchasaGPSlocation)obtainedfromthesystem
4.Privacy-PreservingBalancing• Anonymizevarioussensitiveinformationwhileassuringthatthelevelofutilityefficacyisaboveauser-predefinedthreshold
3.Privacy-PolicyComplianceChecking• Checkwhetherthesensitiveinformationcollectedbyanappisprivacypreservingagainstthedeclaredprivacypolicy• Conductstaticdataflowanalysisontheappanditsbackendservertogenerateausagesummaryoftheobtainedsensitiveinformation• LeverageNLPtoannotatedeclaredprivacypolicytoextractkeyfeaturesrelatedtosensitive-informationusage• Checkgeneratedusagesummarywithextractedkeyfeaturesforinconsistencies
2.Utility-ImpactAnalysis• Anonymizeeachinput,andmeasureitsimpactontheutilitiesofanapp andproduceanutilityreport• Providemeasurementtoshowhoweachinputcontributestoanapp’sutilities
Proposedframework
[1]AndroidMalwarePromisesVideoWhileStealingContacts:https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-promises-video-while-stealing-contacts/
ThismaterialisbaseduponworksupportedbytheMarylandProcurementOfficeunderContractNo.H98230-14-C-0141