Tracking Information Flow via Delayed Output: Addressing Privacy in IoT and Emailing Apps
Paper in proceedings, 2018

This paper focuses on tracking information flow in the presence of delayed output. We motivate the need to address delayed output in the domains of IoT apps and email marketing. We discuss the threat of privacy leaks via delayed output in code published by malicious app makers on popular IoT app platforms. We discuss the threat of privacy leaks via delayed output in non-malicious code on popular platforms for email-driven marketing. We present security characterizations of projected noninterference and projected weak secrecy to capture information flows in the presence of delayed output in malicious and non-malicious code, respectively. We develop two security type systems: for information flow control in potentially malicious code and for taint tracking in non-malicious code, engaging read and write security types to soundly enforce projected noninterference and projected weak secrecy.

Author

Iulia Bastys

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Frank Piessens

KU Leuven

Andrei Sabelfeld

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 11252 LNCS 19-37

23rd Nordic Conference on Secure IT Systems, NordSec 2018
Oslo, Norway,

Subject Categories

Computer and Information Science

DOI

10.1007/978-3-030-03638-6_2

More information

Latest update

1/11/2019