Nokia Research Center

Privacy Policies Change

Management for

Smartphones

Debmalya Biswas

Nokia Research Center, Switzerland

MUCS 20121

Nokia Research Center

Smart phones

Sensors

The average smartphone nowadays consists of many sensors:

• GPS

• Accelerometer

• Bluetooth, Wifi

• Proximity

• Rotation

• Magnetometer

• Ambient Light

MUCS 20122

Nokia Research Center

Smart phones

Intelligent and Contextual Apps

• GPS – Real-time precise location

• Accelerometer - Activity, e.g. the speed at which the user is moving his

hand

• Compass – the direction

• Bluetooth – Nearby people

Traditional input devices, e.g. Camera, Microphone

and

sources of information, e.g Messeges, Address book, Pics, Vids (file

system in general)

MUCS 20123

Nokia Research Center

State of the Art

Install-time verification

• Certification: Centrazilized certification by the App Store

• Capabilities based access control model:

• Capabilites here refers to group of phone resources

• Apps have to declare the phone capabilities/resources they need to access

• If allowed by user, the app is installed with tokens to access the requested resources.

• Certification + Capabilities

Many real-life cases of malicious apps bypassing the above safeguards.

MUCS 20124

Nokia Research Center

Missing Aspects

Run-time parameters

• Frequency: An app A is allowed to access a sensor S only with a certain

frequency.

• A weather app does not need to access your location every 5 seconds.

Contextual parameters

• Time, Location:

• An app A is NOT allowed to access the phone’s camera/microphone when the user is in

(location) Offce.

MUCS 20125

Nokia Research Center

Real-time and Contextual Policies

• Sequence of invocation:

• Implicitly includes the list of allowed sensors

• Frequency: of access f.

• Time range: (sT, eT) and r.

• r refers to the recurrence patterns e.g. daily, weekly, yearly

• Location: Set of allowed locations L.

• Can refer to both geogrpahic (e.g. city, country) and semantic locations (e.g. home, office)

MUCS 20126

Nokia Research Center

Policy Language

Metric Temporal Logic

• Only sensors s1, s2 and s3 can be invoked; s2 within 30 mins of s1’s

invocation, folllowed by s3 within the next 40 minutes.

• Logical operators: AND ˄, OR ˅, NOT¬

• Temporal operators: Past ♦, Furture ◊

• Metric: Quantification [sT, eT]

Formalism can be used to express both App profiles AP and User

privacy policies uP.

MUCS 20127

Nokia Research Center

Conflict Detection

App profile aP:

sens(s1,fa, …, {l1,la}) ˄ ◊[5,15] sens(s2,f2, …)

User privacy profile uP:

sens(s1,fu, …, {l1,lu})

• List of sensors:

• Conflict: s2 is not allowed by user

• Frequency:

• Conflict: fa > fu

• Location:

• Conflict: la is not allowed by user

MUCS 20128

Nokia Research Center

Conflict Resolution

App profile aP:

sens(s1,fa, …, {l1,la}) ˄ ◊[5,15] sens(s2,f2, …)

User privacy profile uP:

sens(s1,fu, …, {l1,lu})

• Reject the app.

• Relax user privacy profile:

• uP: sens(s1,fa, …, {l1,lu,la}) ˄ ◊[5,15]

sens(s2,f2, …)

MUCS 20129

Nokia Research Center

Policy Evolution

App profile aP:

sens(s1,fa, …, {l1,la}) ˄ ◊[5,15] sens(s2,f2, …)

User privacy profile uP:

sens(s1,fu, …, {l1,lu})

• Relax:

• uP: sens(s1,fa, …, {l1,lu,la}) ˄ ◊[5,15]

sens(s2,f2, …)

• Restrict:

• uP: sens(s1,fa, …, {l1,la}) ˄ ◊[5,15]

sens(s2,f2, …)

MUCS 201210

Nokia Research Center

Policy Evolution

• Policies evolve over time

• Security advisories

• Change in physical characteristics, e.g. location, occupation

• Restrict:

• Re-evaluate already installed apps to see if they are still compliant

• Relax:

• Re-evaluate previously rejected apps to see if they are now compliant

• Maintain log of rejected apps categorized by their conflict types

• Relax + Restrict:

• Policy change can be both relaxing and restricting at the same time

MUCS 201211

Nokia Research Center

Conclusion

• Problem: Regulating access by 3rd party apps to sensors on the phones.

• Expressive install-time privacy policy language

• Run-time and contextual parameters

• Temporal Logics based conflict detect and resolution.

• Policy evolution categorization

• Can lead to installation of previously rejected apps

• Automated validation of installed apps in the event of any policy changes

MUCS 201212

Nokia Research Center

Thank You

&

Questions

MUCS 201213