TY - GEN
T1 - Sensibility testbed
T2 - 19th International Workshop on Mobile Computing Systems and Applications, HotMobile 2018
AU - Zhuang, Yanyan
AU - Rafetseder, Albert
AU - Hu, Yu
AU - Tian, Yuan
AU - Cappos, Justin
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/2/12
Y1 - 2018/2/12
N2 - Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks. In this work, we present a platform, Sensibility Testbed, for automated enforcement of the privacy policies set by IRBs. Our platform enforces such policies when a researcher runs code on mobile devices. The enforcement mechanism is a set of obfuscation layers in a secure sandbox, that can be customized for any level of IRB compliance, and can be augmented by policies set by the device owner.
AB - Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks. In this work, we present a platform, Sensibility Testbed, for automated enforcement of the privacy policies set by IRBs. Our platform enforces such policies when a researcher runs code on mobile devices. The enforcement mechanism is a set of obfuscation layers in a secure sandbox, that can be customized for any level of IRB compliance, and can be augmented by policies set by the device owner.
KW - Policy enforcement
KW - Privacy protections
UR - http://www.scopus.com/inward/record.url?scp=85048520047&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85048520047&partnerID=8YFLogxK
U2 - 10.1145/3177102.3177120
DO - 10.1145/3177102.3177120
M3 - Conference contribution
AN - SCOPUS:85048520047
T3 - HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications
SP - 113
EP - 118
BT - HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications
PB - Association for Computing Machinery, Inc
Y2 - 12 February 2018 through 13 February 2018
ER -