Sensibility testbed

Automated IRB policy enforcement in mobile research apps

Yanyan Zhuang, Albert Rafetseder, Yu Hu, Yuan Tian, Justin Cappos

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks. In this work, we present a platform, Sensibility Testbed, for automated enforcement of the privacy policies set by IRBs. Our platform enforces such policies when a researcher runs code on mobile devices. The enforcement mechanism is a set of obfuscation layers in a secure sandbox, that can be customized for any level of IRB compliance, and can be augmented by policies set by the device owner.

    Original languageEnglish (US)
    Title of host publicationHotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications
    PublisherAssociation for Computing Machinery, Inc
    Pages113-118
    Number of pages6
    Volume2018-February
    ISBN (Electronic)9781450356305
    DOIs
    StatePublished - Feb 12 2018
    Event19th International Workshop on Mobile Computing Systems and Applications, HotMobile 2018 - Tempe, United States
    Duration: Feb 12 2018Feb 13 2018

    Other

    Other19th International Workshop on Mobile Computing Systems and Applications, HotMobile 2018
    CountryUnited States
    CityTempe
    Period2/12/182/13/18

    Fingerprint

    Testbeds
    Application programs
    Mobile devices
    Smartphones
    Network protocols

    Keywords

    • Policy enforcement
    • Privacy protections

    ASJC Scopus subject areas

    • Human-Computer Interaction
    • Computer Science Applications
    • Software
    • Computer Networks and Communications

    Cite this

    Zhuang, Y., Rafetseder, A., Hu, Y., Tian, Y., & Cappos, J. (2018). Sensibility testbed: Automated IRB policy enforcement in mobile research apps. In HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications (Vol. 2018-February, pp. 113-118). Association for Computing Machinery, Inc. https://doi.org/10.1145/3177102.3177120

    Sensibility testbed : Automated IRB policy enforcement in mobile research apps. / Zhuang, Yanyan; Rafetseder, Albert; Hu, Yu; Tian, Yuan; Cappos, Justin.

    HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications. Vol. 2018-February Association for Computing Machinery, Inc, 2018. p. 113-118.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Zhuang, Y, Rafetseder, A, Hu, Y, Tian, Y & Cappos, J 2018, Sensibility testbed: Automated IRB policy enforcement in mobile research apps. in HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications. vol. 2018-February, Association for Computing Machinery, Inc, pp. 113-118, 19th International Workshop on Mobile Computing Systems and Applications, HotMobile 2018, Tempe, United States, 2/12/18. https://doi.org/10.1145/3177102.3177120
    Zhuang Y, Rafetseder A, Hu Y, Tian Y, Cappos J. Sensibility testbed: Automated IRB policy enforcement in mobile research apps. In HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications. Vol. 2018-February. Association for Computing Machinery, Inc. 2018. p. 113-118 https://doi.org/10.1145/3177102.3177120
    Zhuang, Yanyan ; Rafetseder, Albert ; Hu, Yu ; Tian, Yuan ; Cappos, Justin. / Sensibility testbed : Automated IRB policy enforcement in mobile research apps. HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications. Vol. 2018-February Association for Computing Machinery, Inc, 2018. pp. 113-118
    @inproceedings{aa90510f3c154c0ba107c9aef3ca46aa,
    title = "Sensibility testbed: Automated IRB policy enforcement in mobile research apps",
    abstract = "Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks. In this work, we present a platform, Sensibility Testbed, for automated enforcement of the privacy policies set by IRBs. Our platform enforces such policies when a researcher runs code on mobile devices. The enforcement mechanism is a set of obfuscation layers in a secure sandbox, that can be customized for any level of IRB compliance, and can be augmented by policies set by the device owner.",
    keywords = "Policy enforcement, Privacy protections",
    author = "Yanyan Zhuang and Albert Rafetseder and Yu Hu and Yuan Tian and Justin Cappos",
    year = "2018",
    month = "2",
    day = "12",
    doi = "10.1145/3177102.3177120",
    language = "English (US)",
    volume = "2018-February",
    pages = "113--118",
    booktitle = "HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications",
    publisher = "Association for Computing Machinery, Inc",

    }

    TY - GEN

    T1 - Sensibility testbed

    T2 - Automated IRB policy enforcement in mobile research apps

    AU - Zhuang, Yanyan

    AU - Rafetseder, Albert

    AU - Hu, Yu

    AU - Tian, Yuan

    AU - Cappos, Justin

    PY - 2018/2/12

    Y1 - 2018/2/12

    N2 - Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks. In this work, we present a platform, Sensibility Testbed, for automated enforcement of the privacy policies set by IRBs. Our platform enforces such policies when a researcher runs code on mobile devices. The enforcement mechanism is a set of obfuscation layers in a secure sandbox, that can be customized for any level of IRB compliance, and can be augmented by policies set by the device owner.

    AB - Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks. In this work, we present a platform, Sensibility Testbed, for automated enforcement of the privacy policies set by IRBs. Our platform enforces such policies when a researcher runs code on mobile devices. The enforcement mechanism is a set of obfuscation layers in a secure sandbox, that can be customized for any level of IRB compliance, and can be augmented by policies set by the device owner.

    KW - Policy enforcement

    KW - Privacy protections

    UR - http://www.scopus.com/inward/record.url?scp=85048520047&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85048520047&partnerID=8YFLogxK

    U2 - 10.1145/3177102.3177120

    DO - 10.1145/3177102.3177120

    M3 - Conference contribution

    VL - 2018-February

    SP - 113

    EP - 118

    BT - HotMobile 2018 - Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications

    PB - Association for Computing Machinery, Inc

    ER -