18,823 research outputs found
Hague Conference Conventions and the United States: A European View
From a European perspective, international cooperation in litigation does not primarily require the safeguarding of governmental interests, but the equitable balancing of the interests of plaintiffs and defendants. A European view of the role of US procedures in Hague Conference conventions is presented
After Over-Privileged Permissions: Using Technology and Design to Create Legal Compliance
Consumers in the mobile ecosystem can putatively protect their privacy with the use of application permissions. However, this requires the mobile device owners to understand permissions and their privacy implications. Yet, few consumers appreciate the nature of permissions within the mobile ecosystem, often failing to appreciate the privacy permissions that are altered when updating an app. Even more concerning is the lack of understanding of the wide use of third-party libraries, most which are installed with automatic permissions, that is permissions that must be granted to allow the application to function appropriately. Unsurprisingly, many of these third-party permissions violate consumers’ privacy expectations and thereby, become “over-privileged” to the user. Consequently, an obscurity of privacy expectations between what is practiced by the private sector and what is deemed appropriate by the public sector is exhibited. Despite the growing attention given to privacy in the mobile ecosystem, legal literature has largely ignored the implications of mobile permissions. This article seeks to address this omission by analyzing the impacts of mobile permissions and the privacy harms experienced by consumers of mobile applications. The authors call for the review of industry self-regulation and the overreliance upon simple notice and consent. Instead, the authors set out a plan for greater attention to be paid to socio-technical solutions, focusing on better privacy protections and technology embedded within the automatic permission-based application ecosystem
Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android
A common security architecture, called the permission-based security model
(used e.g. in Android and Blackberry), entails intrinsic risks. For instance,
applications can be granted more permissions than they actually need, what we
call a "permission gap". Malware can leverage the unused permissions for
achieving their malicious goals, for instance using code injection. In this
paper, we present an approach to detecting permission gaps using static
analysis. Our prototype implementation in the context of Android shows that the
static analysis must take into account a significant amount of
platform-specific knowledge. Using our tool on two datasets of Android
applications, we found out that a non negligible part of applications suffers
from permission gaps, i.e. does not use all the permissions they declare
Keeping Context In Mind: Automating Mobile App Access Control with User Interface Inspection
Recent studies observe that app foreground is the most striking component
that influences the access control decisions in mobile platform, as users tend
to deny permission requests lacking visible evidence. However, none of the
existing permission models provides a systematic approach that can
automatically answer the question: Is the resource access indicated by app
foreground? In this work, we present the design, implementation, and evaluation
of COSMOS, a context-aware mediation system that bridges the semantic gap
between foreground interaction and background access, in order to protect
system integrity and user privacy. Specifically, COSMOS learns from a large set
of apps with similar functionalities and user interfaces to construct generic
models that detect the outliers at runtime. It can be further customized to
satisfy specific user privacy preference by continuously evolving with user
decisions. Experiments show that COSMOS achieves both high precision and high
recall in detecting malicious requests. We also demonstrate the effectiveness
of COSMOS in capturing specific user preferences using the decisions collected
from 24 users and illustrate that COSMOS can be easily deployed on smartphones
as a real-time guard with a very low performance overhead.Comment: Accepted for publication in IEEE INFOCOM'201
Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android
A common security architecture is based on the protection of certain
resources by permission checks (used e.g., in Android and Blackberry). It has
some limitations, for instance, when applications are granted more permissions
than they actually need, which facilitates all kinds of malicious usage (e.g.,
through code injection). The analysis of permission-based framework requires a
precise mapping between API methods of the framework and the permissions they
require. In this paper, we show that naive static analysis fails miserably when
applied with off-the-shelf components on the Android framework. We then present
an advanced class-hierarchy and field-sensitive set of analyses to extract this
mapping. Those static analyses are capable of analyzing the Android framework.
They use novel domain specific optimizations dedicated to Android.Comment: IEEE Transactions on Software Engineering (2014). arXiv admin note:
substantial text overlap with arXiv:1206.582
Longitude : a privacy-preserving location sharing protocol for mobile applications
Location sharing services are becoming increasingly popular. Although many location sharing services allow users to set up privacy policies to control who can access their location, the use made by service providers remains a source of concern. Ideally, location sharing providers and middleware should not be able to access users’ location data without their consent. In this paper, we propose a new location sharing protocol called Longitude that eases privacy concerns by making it possible to share a user’s location data blindly and allowing the user to control who can access her location, when and to what degree of precision. The underlying cryptographic algorithms are designed for GPS-enabled mobile phones. We describe and evaluate our implementation for the Nexus One Android mobile phone
- …