Privacy Enforcement for Third-Party Software
+49 331 977-3041
+49 331 977-3042
hammer(Replace this parenthesis with the @ sign)cs.uni-potsdam.de
+49 681 302 71919
david.pfaff(Replace this parenthesis with the @ sign)cispa.saarland
+49 681 302 70744
jenny.hotzkow(Replace this parenthesis with the @ sign)cispa.saarland
When running third-party software on a device, user privacy is often not honored even by software from trusted entities. Recent incidents with mobile applications that silently transferred the complete address book (e.g., Twitter or Facebook) to their servers, and a study showing that many of the top Web sites on the internet leak personal data in an unintended way, illustrate that this threat is real and users have to protect their privacy actively. We envision a mechanism that allows the user to enforce precise restrictions on the information flow in an application, even if these restrictions are not offered as an option in the application, or may in fact run contrary to the objectives of the (potentially disingenuous) developer of the application. For example, the policy “Do not transmit any audio before a call was initiated and after the call has been completed” restricts the information flow far more precisely than a standard access control policy. Using temporal logics for hyperproperties as a formalization of such precise information flow policies, we will investigate a wide spectrum of enforcement algorithms for our policies, partition applications according to the principle of least privilege for more efficient enforcement, and evaluate our enforcement mechanisms on representative Web and mobile apps with complex information flow properties and privacy guarantees.
Role Within the Collaborative Research Center
This project has no open positions.