Tracking Information Flow via Delayed Output: Addressing Privacy in IoT and Emailing Apps
Paper in proceeding, 2018
This paper focuses on tracking information flow in the presence of delayed output. We motivate the need to address delayed output in the domains of IoT apps and email marketing. We discuss the threat of privacy leaks via delayed output in code published by malicious app makers on popular IoT app platforms. We discuss the threat of privacy leaks via delayed output in non-malicious code on popular platforms for email-driven marketing. We present security characterizations of projected noninterference and projected weak secrecy to capture information flows in the presence of delayed output in malicious and non-malicious code, respectively. We develop two security type systems: for information flow control in potentially malicious code and for taint tracking in non-malicious code, engaging read and write security types to soundly enforce projected noninterference and projected weak secrecy.
Author
Iulia Bastys
Chalmers, Computer Science and Engineering (Chalmers), Information Security
Frank Piessens
KU Leuven
Andrei Sabelfeld
Chalmers, Computer Science and Engineering (Chalmers), Information Security
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
03029743 (ISSN) 16113349 (eISSN)
Vol. 11252 LNCS 19-37
23rd Nordic Conference on Secure IT Systems, NordSec 2018
Oslo, Norway,
Oslo, Norway,
Subject Categories
Computer and Information Science
DOI
10.1007/978-3-030-03638-6_2