Project B1

Privacy Enforcement for Third-Party Software

Principal Investigators

Bernd Finkbeiner

E1 3 506
66123 Saarbrücken

+49 681 302 5632
finkbeiner(Replace this parenthesis with the @ sign)

Christian Hammer

August-Bebel-Str. 89
14482 Potsdam

+49 331 977-3041
+49 331 977-3042
hammer(Replace this parenthesis with the @ sign)

PhD Students

Peter Faymonville

E1 1 1.08
66123 Saarbrücken

+49 681 302 5622
faymonville(Replace this parenthesis with the @ sign)

David Pfaff

E9 1 3.04
66123 Saarbrücken

+49 681 302 71919
david.pfaff(Replace this parenthesis with the @ sign)

Leander Tentrup

E1 1 1.16.2
66123 Saarbrücken

+49 681 302 5476
leander.tentrup(Replace this parenthesis with the @ sign)

Jenny Hotzkow

E9 1 2.13
66123 Saarbrücken

+49 681 302 70744
jenny.hotzkow(Replace this parenthesis with the @ sign)

Project Summary

When running third-party software on a device, user privacy is often not honored even by software from trusted entities. Recent incidents with mobile applications that silently transferred the complete address book (e.g., Twitter or Facebook) to their servers, and a study showing that many of the top Web sites on the internet leak personal data in an unintended way, illustrate that this threat is real and users have to protect their privacy actively. We envision a mechanism that allows the user to enforce precise restrictions on the information flow in an application, even if these restrictions are not offered as an option in the application, or may in fact run contrary to the objectives of the (potentially disingenuous) developer of the application. For example, the policy “Do not transmit any audio before a call was initiated and after the call has been completed” restricts the information flow far more precisely than a standard access control policy. Using temporal logics for hyperproperties as a formalization of such precise information flow policies, we will investigate a wide spectrum of enforcement algorithms for our policies, partition applications according to the principle of least privilege for more efficient enforcement, and evaluate our enforcement mechanisms on representative Web and mobile apps with complex information flow properties and privacy guarantees.

Role Within the Collaborative Research Center


Open Positions

This project has no open positions.