Sensibility testbed: Automated IRB policy enforcement in mobile research apps

Yanyan Zhuang, Albert Rafetseder, Yu Hu, Yuan Tian, Justin Cappos

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks. In this work, we present a platform, Sensibility Testbed, for automated enforcement of the privacy policies set by IRBs. Our platform enforces such policies when a researcher runs code on mobile devices. The enforcement mechanism is a set of obfuscation layers in a secure sandbox, that can be customized for any level of IRB compliance, and can be augmented by policies set by the device owner.

    Original languageEnglish (US)
    Title of host publicationHotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications
    PublisherAssociation for Computing Machinery, Inc
    Pages113-118
    Number of pages6
    ISBN (Electronic)9781450356305
    DOIs
    StatePublished - Feb 12 2018
    Event19th International Workshop on Mobile Computing Systems and Applications, HotMobile 2018 - Tempe, United States
    Duration: Feb 12 2018Feb 13 2018

    Publication series

    NameHotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications
    Volume2018-February

    Other

    Other19th International Workshop on Mobile Computing Systems and Applications, HotMobile 2018
    Country/TerritoryUnited States
    CityTempe
    Period2/12/182/13/18

    Keywords

    • Policy enforcement
    • Privacy protections

    ASJC Scopus subject areas

    • Human-Computer Interaction
    • Computer Science Applications
    • Software
    • Computer Networks and Communications

    Fingerprint

    Dive into the research topics of 'Sensibility testbed: Automated IRB policy enforcement in mobile research apps'. Together they form a unique fingerprint.

    Cite this