πbox: A Platform for Privacy-Preserving Apps

Description
πbox: A Platform for Privacy-Preserving Apps Sangmin Lee, Edmund L. Wong, Deepak Goel, Mike Dahlin, Vitaly Shmatikov The University of Texas at Austin % paid attention 17% paid attention 3% understood

Please download to get full document.

View again

of 82
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Information
Category:

Crosswords

Publish on:

Views: 9 | Pages: 82

Extension: PDF | Download: 0

Share
Transcript
πbox: A Platform for Privacy-Preserving Apps Sangmin Lee, Edmund L. Wong, Deepak Goel, Mike Dahlin, Vitaly Shmatikov The University of Texas at Austin 17% paid attention 17% paid attention 3% understood From Android permissions: User attention, comprehension, and behavior. In SOUPS 2012. 300,000 app publishers! Shifting user trust from 300,000 app publishers... Shifting user trust from 300,000 app publishers... to a few well known brands Shifting user trust from 300,000 app publishers... to a few well known brands that many already trust πbox A platform that allows users to use untrusted apps while providing explicit and useful privacy guarantees Confine apps for STRONG PRIVACY aggregate channel sharing channel aggregate channel sharing channel Platform channels for FUNCTIONALITY Outline How are apps confined within the sandbox? How does the aggregate channel work? How does the sharing channel work? What guarantees are provided to users? What is the applicability and overhead of πbox? Outline How are apps confined within the sandbox? How does the aggregate channel work? How does the sharing channel work? What guarantees are provided to users? What is the applicability and overhead of πbox? Per-user, per-app sandbox Per-user, per-app sandbox Per-user, per-app sandbox X Per-user, per-app sandbox Per-user, per-app sandbox spans device and cloud Per-user, per-app sandbox spans device and cloud Private vault read/write (e.g., settings, search history) Per-user, per-app sandbox spans device and cloud Content storage shared read-only, per-app (e.g., map data, media) Private vault read/write Per-user, per-app sandbox spans device and cloud Outline How are apps confined within the sandbox? How does the aggregate channel work? How does the sharing channel work? What guarantees are provided to users? What is the applicability and overhead of πbox? Just set it and forget it! The Ronco Showtime Rotisserie Oven Just set it and forget it! The Ronco Showtime Rotisserie Oven ... App Publisher πbox Aggregate channel (shared write only) releasing true values enable app to signal to publisher ... one counter per ad App Publisher Counter for ad x Just set it and forget it! The Ronco Showtime Rotisserie Oven πbox Aggregate channel (shared write only) releasing true values enable app to signal to publisher ... App Publisher Counter for ad x πbox Aggregate channel (shared write only) releasing true values enable app to signal to publisher ... App Publisher Counter for ad x πbox Aggregate channel (shared write only) releasing true values enable app to signal to publisher ... App Publisher Counter for ad x πbox Aggregate channel (shared write only) releasing true values enable app to signal to publisher ... App Publisher Counter for ad x πbox Aggregate channel (shared write only) releasing true values enable app to signal to publisher ... App Publisher Counter for ad x πbox Aggregate channel (shared write only) uses differential privacy to bound information leak ... App Publisher Counter for ad x πbox Aggregate channel (shared write only) uses differential privacy to bound information leak ... random noise App Publisher Counter for ad x + πbox Aggregate channel (shared write only) uses differential privacy to bound information leak ... App Publisher Counter for ad x + πbox Aggregate channel (shared write only) uses differential privacy to bound information leak ... App Publisher Counter for ad x + πbox Aggregate channel (shared write only) uses differential privacy to bound information leak see paper for other types of counters (delayed, top-k) Outline How are apps confined within the sandbox? How does the aggregate channel work? How does the sharing channel work? What guarantees are provided to users? What is the applicability and overhead of πbox? what is shared when it is shared with whom it is shared what is shared when it is shared with whom it is shared what is shared when it is shared with whom it is shared π π Dialog box displayed by πbox π Dialog box displayed by πbox πbox asks whom to share with π Dialog box displayed by πbox πbox asks whom to share with Users know when and with whom sharing occurs π Dialog box displayed by πbox πbox asks whom to share with Users know when and with whom sharing occurs πbox confirms content to share π Dialog box displayed by πbox πbox asks whom to share with Users know when and with whom sharing occurs πbox confirms content to share Users may not know what is shared (steganography) π Dialog box displayed by πbox πbox asks whom to share with Difficult for publishers to gain access to private data Users know when and with whom sharing occurs πbox confirms content to share Users may not know what is shared (steganography) Outline How are apps confined within the sandbox? How does the aggregate channel work? How does the sharing channel work? What guarantees are provided to users? What is the applicability and overhead of πbox? ... Extended sandbox Counter for ad x + Aggregate channel bounded information leak π Sharing channel controlled sharing ... Extended sandbox strong confinement Counter for ad x + Aggregate channel bounded information leak π Sharing channel controlled sharing ... Extended sandbox strong confinement Counter for ad x + Aggregate channel bounded information leak π Sharing channel controlled sharing ... Extended sandbox strong confinement Counter for ad x + Aggregate channel bounded information leak π Sharing channel controlled sharing Extended sandbox strong confinement USER%WELCOME Extended sandbox strong confinement NO%RISK%TO%PRIVACY ... Extended sandbox strong confinement + Counter for ad x + Aggregate channel bounded information leak ... Extended sandbox Counter for ad x strong confinement + USER%GUIDANCE%SUGGESTED MINIMAL%RISK%TO%PRIVACY + Aggregate channel bounded information leak ... Extended sandbox strong confinement + Counter for ad x + Aggregate channel bounded information leak + π Sharing channel controlled sharing ... Extended sandbox strong confinement + Counter for ad x + Aggregate channel bounded information leak USER%STRONGLY%CAUTIONED + MAY%LEAK%INFORMATION%WHEN%SHARING π Sharing channel controlled sharing Outline How are apps confined within the sandbox? How does the aggregate channel work? How does the sharing channel work? What guarantees are provided to users? What is the applicability and overhead of πbox? Three questions 1. Can real applications benefit from πbox? 2. How much implementation effort is needed to use πbox? 3. What is the overhead of using πbox? Paid Free Arcade/Action Books Brain/Puzzles Business Cards/Casino Casual Comics Communication Education Entertainment Finance Health/Fitness Lifestyle Live Wallpaper Media/Video Medical Music/Audio News/Magazines Personalization Photography Productivity Racing Shopping Social Sports Sports Games Tools Transportation Travel/Local Weather % of paid apps are green 67% of free apps are yellow From Google Play (as of Feb. 2013). Based on developer s description. Core functionality only. Password Manager Transcription with feedback News Reader with ads and sharing Password Manager USER%WELCOME NO%RISK%TO%PRIVACY Transcription with feedback News Reader with ads and sharing Password Manager USER%WELCOME NO%RISK%TO%PRIVACY Transcription with feedback USER%GUIDANCE%SUGGESTED MINIMAL%RISK%TO%PRIVACY News Reader with ads and sharing Password Manager USER%WELCOME NO%RISK%TO%PRIVACY Transcription with feedback USER%GUIDANCE%SUGGESTED MINIMAL%RISK%TO%PRIVACY News Reader with ads and sharing USER%STRONGLY%CAUTIONED MAY%LEAK%INFORMATION%WHEN%SHARING Password Manager USER%WELCOME NO%RISK%TO%PRIVACY Transcription with feedback USER%GUIDANCE%SUGGESTED MINIMAL%RISK%TO%PRIVACY News Reader with ads and sharing USER%STRONGLY%CAUTIONED MAY%LEAK%INFORMATION%WHEN%SHARING OsmAnd open-source navigation app changed 174 lines (out of 119,147) USER%WELCOME NO%RISK%TO%PRIVACY ServStream open-source media streaming app changed 133 lines (out of 13,193) USER%WELCOME NO%RISK%TO%PRIVACY Server overheads 20 Light workload With πbox 300 Calculating SHA256 over server-generated 1 MB data Latency (ms) Without πbox Throughput (ops/sec) Throughput (ops/sec) πbox Protects users privacy from untrusted apps Provides explicit and simple privacy guarantees Thank you!
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks