Abstract
Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks. In this work, we present a platform, Sensibility Testbed, for automated enforcement of the privacy policies set by IRBs. Our platform enforces such policies when a researcher runs code on mobile devices. The enforcement mechanism is a set of obfuscation layers in a secure sandbox, that can be customized for any level of IRB compliance, and can be augmented by policies set by the device owner.
Original language | English (US) |
---|---|
Title of host publication | HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications |
Publisher | Association for Computing Machinery, Inc |
Pages | 113-118 |
Number of pages | 6 |
Volume | 2018-February |
ISBN (Electronic) | 9781450356305 |
DOIs | |
State | Published - Feb 12 2018 |
Event | 19th International Workshop on Mobile Computing Systems and Applications, HotMobile 2018 - Tempe, United States Duration: Feb 12 2018 → Feb 13 2018 |
Other
Other | 19th International Workshop on Mobile Computing Systems and Applications, HotMobile 2018 |
---|---|
Country | United States |
City | Tempe |
Period | 2/12/18 → 2/13/18 |
Fingerprint
Keywords
- Policy enforcement
- Privacy protections
ASJC Scopus subject areas
- Human-Computer Interaction
- Computer Science Applications
- Software
- Computer Networks and Communications
Cite this
Sensibility testbed : Automated IRB policy enforcement in mobile research apps. / Zhuang, Yanyan; Rafetseder, Albert; Hu, Yu; Tian, Yuan; Cappos, Justin.
HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications. Vol. 2018-February Association for Computing Machinery, Inc, 2018. p. 113-118.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Sensibility testbed
T2 - Automated IRB policy enforcement in mobile research apps
AU - Zhuang, Yanyan
AU - Rafetseder, Albert
AU - Hu, Yu
AU - Tian, Yuan
AU - Cappos, Justin
PY - 2018/2/12
Y1 - 2018/2/12
N2 - Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks. In this work, we present a platform, Sensibility Testbed, for automated enforcement of the privacy policies set by IRBs. Our platform enforces such policies when a researcher runs code on mobile devices. The enforcement mechanism is a set of obfuscation layers in a secure sandbox, that can be customized for any level of IRB compliance, and can be augmented by policies set by the device owner.
AB - Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks. In this work, we present a platform, Sensibility Testbed, for automated enforcement of the privacy policies set by IRBs. Our platform enforces such policies when a researcher runs code on mobile devices. The enforcement mechanism is a set of obfuscation layers in a secure sandbox, that can be customized for any level of IRB compliance, and can be augmented by policies set by the device owner.
KW - Policy enforcement
KW - Privacy protections
UR - http://www.scopus.com/inward/record.url?scp=85048520047&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85048520047&partnerID=8YFLogxK
U2 - 10.1145/3177102.3177120
DO - 10.1145/3177102.3177120
M3 - Conference contribution
AN - SCOPUS:85048520047
VL - 2018-February
SP - 113
EP - 118
BT - HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications
PB - Association for Computing Machinery, Inc
ER -