3 research outputs found
Constraining application behaviour by generating languages
Writing a platform for reactive applications which enforces operational
constraints is difficult, and has been approached in various ways. In this
experience report, we detail an approach using an embedded DSL which can be
used to specify the structure and permissions of a program in a given
application domain. Once the developer has specified which components an
application will consist of, and which permissions each one needs, the
specification itself evaluates to a new, tailored, language. The final
implementation of the application is then written in this specialised
environment where precisely the API calls associated with the permissions which
have been granted, are made available.
Our prototype platform targets the domain of mobile computing, and is
implemented using Racket. It demonstrates resource access control (e.g.,
camera, address book, etc.) and tries to prevent leaking of private data.
Racket is shown to be an extremely effective platform for designing new
programming languages and their run-time libraries. We demonstrate that this
approach allows reuse of an inter-component communication layer, is convenient
for the application developer because it provides high-level building blocks to
structure the application, and provides increased control to the platform
owner, preventing certain classes of errors by the developer.Comment: 8 pages, 8th European Lisp Symposiu
Comparing Privacy Control Methods for Smartphone Platforms
Abstract-Nowadays, many important applications are performed through mobile phones. It is essential to ensure that users' private information is not leaked through those applications. In this paper, we perform a comparison on privacy control methods implemented on the Android and iOS platforms based on the Bellotti and Sellen's framework. The comparison helps understand the discrepancies existent between the users' expectations for privacy and the privacy control methods currently implemented in Android and iOS. To better address users' privacy concerns, we propose a programming model for platform designers to improve privacy. Our initial study on 60 privacy bugs show that using the proposed programming models, 14 Android and 5 iOS privacy bugs can be eliminated