Sensibility testbed: Automated IRB policy enforcement in mobile research apps

Yanyan Zhuang; Albert Rafetseder; Yu Hu; Yuan Tian; Justin Cappos

doi:10.1145/3177102.3177120

Sensibility testbed: Automated IRB policy enforcement in mobile research apps

Yanyan Zhuang, Albert Rafetseder, Yu Hu, Yuan Tian, Justin Cappos

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks. In this work, we present a platform, Sensibility Testbed, for automated enforcement of the privacy policies set by IRBs. Our platform enforces such policies when a researcher runs code on mobile devices. The enforcement mechanism is a set of obfuscation layers in a secure sandbox, that can be customized for any level of IRB compliance, and can be augmented by policies set by the device owner.

Original language	English (US)
Title of host publication	HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications
Publisher	Association for Computing Machinery, Inc
Pages	113-118
Number of pages	6
Volume	2018-February
ISBN (Electronic)	9781450356305
DOIs	https://doi.org/10.1145/3177102.3177120
State	Published - Feb 12 2018
Event	19th International Workshop on Mobile Computing Systems and Applications, HotMobile 2018 - Tempe, United States Duration: Feb 12 2018 → Feb 13 2018

Other

Other	19th International Workshop on Mobile Computing Systems and Applications, HotMobile 2018
Country	United States
City	Tempe
Period	2/12/18 → 2/13/18

Fingerprint

Testbeds

Application programs

Mobile devices

Smartphones

Network protocols

Keywords

Policy enforcement
Privacy protections

ASJC Scopus subject areas

Human-Computer Interaction
Computer Science Applications
Software
Computer Networks and Communications

Cite this

Zhuang, Y., Rafetseder, A., Hu, Y., Tian, Y., & Cappos, J. (2018). Sensibility testbed: Automated IRB policy enforcement in mobile research apps. In HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications (Vol. 2018-February, pp. 113-118). Association for Computing Machinery, Inc. https://doi.org/10.1145/3177102.3177120

Sensibility testbed : Automated IRB policy enforcement in mobile research apps. / Zhuang, Yanyan; Rafetseder, Albert; Hu, Yu; Tian, Yuan; Cappos, Justin.

HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications. Vol. 2018-February Association for Computing Machinery, Inc, 2018. p. 113-118.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Zhuang, Y, Rafetseder, A, Hu, Y, Tian, Y & Cappos, J 2018, Sensibility testbed: Automated IRB policy enforcement in mobile research apps. in HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications. vol. 2018-February, Association for Computing Machinery, Inc, pp. 113-118, 19th International Workshop on Mobile Computing Systems and Applications, HotMobile 2018, Tempe, United States, 2/12/18. https://doi.org/10.1145/3177102.3177120

Zhuang Y, Rafetseder A, Hu Y, Tian Y, Cappos J. Sensibility testbed: Automated IRB policy enforcement in mobile research apps. In HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications. Vol. 2018-February. Association for Computing Machinery, Inc. 2018. p. 113-118 https://doi.org/10.1145/3177102.3177120

Zhuang, Yanyan ; Rafetseder, Albert ; Hu, Yu ; Tian, Yuan ; Cappos, Justin. / Sensibility testbed : Automated IRB policy enforcement in mobile research apps. HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications. Vol. 2018-February Association for Computing Machinery, Inc, 2018. pp. 113-118

@inproceedings{aa90510f3c154c0ba107c9aef3ca46aa,

title = "Sensibility testbed: Automated IRB policy enforcement in mobile research apps",

abstract = "Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks. In this work, we present a platform, Sensibility Testbed, for automated enforcement of the privacy policies set by IRBs. Our platform enforces such policies when a researcher runs code on mobile devices. The enforcement mechanism is a set of obfuscation layers in a secure sandbox, that can be customized for any level of IRB compliance, and can be augmented by policies set by the device owner.",

keywords = "Policy enforcement, Privacy protections",

author = "Yanyan Zhuang and Albert Rafetseder and Yu Hu and Yuan Tian and Justin Cappos",

year = "2018",

month = "2",

day = "12",

doi = "10.1145/3177102.3177120",

language = "English (US)",

volume = "2018-February",

pages = "113--118",

booktitle = "HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications",

publisher = "Association for Computing Machinery, Inc",

}

TY - GEN

T1 - Sensibility testbed

T2 - Automated IRB policy enforcement in mobile research apps

AU - Zhuang, Yanyan

AU - Rafetseder, Albert

AU - Hu, Yu

AU - Tian, Yuan

AU - Cappos, Justin

PY - 2018/2/12

Y1 - 2018/2/12

N2 - Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks. In this work, we present a platform, Sensibility Testbed, for automated enforcement of the privacy policies set by IRBs. Our platform enforces such policies when a researcher runs code on mobile devices. The enforcement mechanism is a set of obfuscation layers in a secure sandbox, that can be customized for any level of IRB compliance, and can be augmented by policies set by the device owner.

AB - Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks. In this work, we present a platform, Sensibility Testbed, for automated enforcement of the privacy policies set by IRBs. Our platform enforces such policies when a researcher runs code on mobile devices. The enforcement mechanism is a set of obfuscation layers in a secure sandbox, that can be customized for any level of IRB compliance, and can be augmented by policies set by the device owner.

KW - Policy enforcement

KW - Privacy protections

UR - http://www.scopus.com/inward/record.url?scp=85048520047&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85048520047&partnerID=8YFLogxK

U2 - 10.1145/3177102.3177120

DO - 10.1145/3177102.3177120

M3 - Conference contribution

AN - SCOPUS:85048520047

VL - 2018-February

SP - 113

EP - 118

BT - HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications

PB - Association for Computing Machinery, Inc

ER -

Access to Document

10.1145/3177102.3177120