DOCSLIB.ORG

ENTRUST: Regulating Sensor Access by Cooperating

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
ENTRUST: Regulating Sensor Access by Cooperating ENTRUST: Regulating Sensor Access by Cooperating Programs via Delegation Graphs Giuseppe Petracca, Pennsylvania State University, US; Yuqiong Sun, Symantec Research Labs, US; Ahmad-Atamli Reineh, Alan Turing Institute, UK; Patrick McDaniel, Pennsylvania State University, US; Jens Grossklags, Technical University of Munich, DE; Trent Jaeger, Pennsylvania State University, US https://www.usenix.org/conference/usenixsecurity19/presentation/petracca This paper is included in the Proceedings of the 28th USENIX Security Symposium. August 14–16, 2019 • Santa Clara, CA, USA 978-1-939133-06-9 Open access to the Proceedings of the 28th USENIX Security Symposium is sponsored by USENIX. EnTrust: Regulating Sensor Access by Cooperating Programs via Delegation Graphs Giuseppe Petracca Yuqiong Sun Ahmad-Atamli Reineh Penn State University, US Symantec Research Labs, US Alan Turing Institute, UK [email protected] [email protected] [email protected] Patrick McDaniel Jens Grossklags Trent Jaeger Penn State University, US Technical University of Munich, DE Penn State University, US [email protected] [email protected] [email protected] Abstract For instance, modern operating systems now ship with Modern operating systems support a cooperating pro- voice-controlled personal assistants that may enlist apps gram abstraction that, instead of placing all function- and other system services to fulfill user requests, reach- ality into a single program, allows diverse programs to ing for a new horizon in human-computer interaction. cooperate to complete tasks requested by users. How- Unfortunately, system services are valuable targets ever, untrusted programs may exploit such interactions for adversaries because they often have more permis- to spy on users through device sensors by causing priv- sions than normal apps. In particular, system services ileged system services to misuse their permissions, or are automatically granted access to device sensors, such to forward user requests to malicious programs inadver- as the camera, microphone, and GPS. In one recent case tently. Researchers have previously explored methods reported by Gizmodo [1], a ride-sharing app took ad- to restrict access to device sensors based on the state of vantage of Apple iOS system services to track riders. the user interface that elicited the user input or based In this incident, whenever users asked their voice assis- on the set of cooperating programs, but the former ap- tant “Siri, I need a ride”, the assistant enlisted the ride- proach does not consider cooperating programs and the sharing app to process the request, which then leveraged latter approach has been found to be too restrictive for other system services to record the users’ device screens, many cases. In this paper, we propose EnTrust, an even while running in the background. Other online authorization system that tracks the processing of in- magazines have reported cases of real-world evidence put events across programs for eliciting approvals from that apps are maliciously colluding with one another to users for sensor operations. EnTrust constructs dele- collect and share users’ personal data [2, 3, 4]. gation graphs by linking input events to cooperation Such attacks are caused by system services being events among programs that lead to sensor operation tricked into using their permissions on behalf of mali- requests, then uses such delegation graphs for eliciting cious apps (confused deputy attacks [5, 6]), or malicious authorization decisions from users. To demonstrate this apps exploiting their own privileges to steal data, and approach, we implement the EnTrust authorization sys- a combination of the two. Researchers have previously tem for Android OS. In a laboratory study, we show that shown that such system services are prone to exploits attacks can be prevented at a much higher rate (47-67% that leverage permissions only available to system ser- improvement) compared to the first-use approach. Our vices [7]. Likewise, prior work has demonstrated that field study reveals that EnTrust only requires a user system services inadvertently or purposely (for function- effort comparable to the first-use approach while incur- ality reasons) depend on untrusted and possibly mali- ring negligible performance (<1% slowdown) and mem- cious apps to help them complete tasks [8]. ory overheads (5.5 KB per program). Such attacks are especially hard to prevent due to two information asymmetries. System services are being ex- 1 Introduction ploited when performing tasks on behalf of users, where: Modern operating systems, such as Android OS, Ap- (1) users do not know what processing will result from ple iOS, Windows Phone OS, and Chrome OS, support their requests and (2) services do not know what pro- a programming abstraction that enables programs to cessing users intended when making the request. Cur- cooperate to perform user commands via input event rent systems employ methods to ask users to authorize delegations. Indeed, an emergent property of modern program access to sensors, but to reduce users’ autho- operating systems is that system services are relatively rization effort they only ask on a program’s first useof simple, provide a specific functionality, and often rely on that permission. However, once authorized, a program the cooperation with other programs to perform tasks. can utilize that permission at will, enabling programs USENIX Association 28th USENIX Security Symposium 567 to spy on users as described above. To prevent such cooperating system services to obtain unauthorized ac- attacks, researchers have explored methods that bind cess to device sensors. At a high-level, our insight is to input events, including facets of the user interface used combine techniques that regulate IPC communications to elicit those inputs, to permissions to perform sen- of programs of different privilege levels with techniques sor operations [9, 10, 12]. Such methods ask users to that enable users to be aware of the permissions asso- authorize permissions for those events and reuse those ciated with an input event and decide whether to grant permissions when the same event is performed to re- such permissions for the identified flow context. The for- duce the user burden. Recent research extends the col- mer techniques identify how a task is “delegated” among lection of program execution context (e.g., data flows cooperating programs to restrict the permissions of the and/or GUI flows between windows) more comprehen- delegatee.1 The latter techniques expose more contex- sively to elicit user authorizations for sensitive opera- tual information to a user, which may be useful to make tions [16, 11]. However, none of these methods addresses effective authorization decisions. the challenge where an input event is delivered to one However, combining these two research threads re- program and then a sensor operation, in response to sults in several challenges. First, we must be able to that event, is requested by another program in a series associate input events with their resulting sensor oper- of inter-process communications, a common occurrence ations in other programs to authorize such operations in modern operating systems supporting the cooperat- relative to the input events and sequence of cooperating ing program abstraction. programs. Prior work does not track how processing re- Researchers have also explored methods to prevent sulting from input events is delegated across programs unauthorized access by regulating inter-process commu- [9, 10, 11, 12], but failing to do so results in attack nications (IPCs) and by reducing the permissions of pro- vectors exploitable by an adversary. In EnTrust, we grams that perform operations on behalf of other pro- construct delegation graphs that associate input events grams. First, prior work developed methods for block- with their resulting sensor operations across IPCs to ing IPC communications that violate policies specified authorize operations in other programs. by app developers [8, 18, 19, 21, 22]. However, such Second, multiple, concurrent input events and IPCs methods may prevent programs from cooperating as ex- may create ambiguity in tracking delegations across pro- pected. Decentralized information flow control [23, 24] cesses that must be resolved to ensure correct enforce- methods overcome this problem by allowing programs ment. Prior work either makes assumptions that are with the authority to make security decisions and make often too restrictive or require manual program annota- IPCs that may otherwise be blocked. Second, DIFC tions to express such security decisions. EnTrust lever- methods, like capability-based systems in general [34], ages the insights that input events are relatively infre- enable reduction of a program’s permissions (i.e., callee) quent, processed much more quickly than users can gen- when performing operations on behalf of other pro- erate distinct events, and are higher priority than other grams (i.e., callers). Initial proposals for reducing per- processing. It uses these insights to ensure that an un- missions simply intersected the parties’ permissions [7], ambiguous delegation path can be found connecting each which however was too restrictive because parties would input event and sensor operation, if one exists, with lit- have their permissions pruned after the interaction with tle impact on processing overhead. less privileged parties. DIFC methods, instead, provide Third, we must develop a method to determine
Load more

Recommended publications
  • Jarvis Application for Android
    Jarvis Application For Android Unenlightened or cultivated, Flemming never brims any hippocrases! Sometimes lithe Frank propound her luncher amiably, but placatory Myron inhumes fragilely or grudge assiduously. Irresolute Raleigh imagining or parchmentize some trekker refinedly, however autarchical Way worrit deceptively or knobs. We conquered bugs and its own virtual assistant apps for nearly any jarvis application for android to the android users interface design envisioned in the sample projects page with a permanent addition of them After all, set alarms, It offers higher personalization as you can choose a voice and create a name for the assistant. Amazon alexa devices and jarvis events you for jarvis app is jarvis app. Presence detected at kitchen and living rooms. VPN connection for a private internet experience. You will never miss any updates of your favorite games by turning on APKPure notifications when new updates are available. Then, it is easy and simple to use. Chat, Hollywood, and movies in many other languages. Marvel Universe that lets you contribute. App supports playback for fine virtual assistants for jarvis? Other than the basic assistant functions such as making calls, rather than check a global setting to allow installation from unknown sources, and quick. You can also visit a land of mushrooms if it sounds more like your cup of tea. You must try if you want only notes of your daily task and long dictations. Android market providing smartphones software downloads. This is because we can create a virtual machine image that already has most of the dependencies we need. CDN can quickly deliver your videos across the globe, the user does not need to set the alarm to a certain time themselves, Inc.
    [Show full text]
  • Regulating Access to System Sensors in Cooperating Programs
    Regulating Access to System Sensors in Cooperating Programs Giuseppe Petracca Jens Grossklags Patrick McDaniel Trent Jaeger Penn State University, US Technical University of Munich, DE Penn State University, US Penn State University, US [email protected] [email protected] [email protected] [email protected] Abstract—Modern operating systems such as Android, iOS, by Gizmodo [8]. Whenever users asked their voice assistants Windows Phone, and Chrome OS support a cooperating program “Siri, I need a ride”, the assistant launched the ride-sharing abstraction. Instead of placing all functionality into a single app. Leveraging the entitlement provided by the service, the program, programs cooperate to complete tasks requested by users. However, untrusted programs may exploit interactions app requested recording of users’ screens, even while running with other programs to obtain unauthorized access to system in the background. The ride-sharing app abused this service sensors either directly or through privileged services. Researchers to spy on users, while they were taking a ride. have proposed that programs should only be authorized to access However, voice assistants are just one type of application system sensors on a user-approved input event, but these methods that may be exploited by such types of attacks. Several do not account for possible delegation done by the program receiving the user input event. Furthermore, proposed delegation real-world incidents have been reported to the public, where methods do not enable users to control the use of their input malicious apps, able to track and spy on users by stealthily events accurately. In this paper, we propose ENTRUST, a system opening smartphones’ cameras, microphones, and GPS re- that enables users to authorize sensor operations that follow their ceivers, made their way through official stores such as the input events, even if the sensor operation is performed by a Apple App Store and the Google Play Store, after bypassing program different from the program receiving the input event.
    [Show full text]
  • Auswirkungen Von Big Data Auf Den Markt Der Onlinemedien
    AUSWIRKUNGEN VON BIG DATA AUF DEN MARKT DER ONLINE MEDIEN IM RAHMEN DES ABIDA - FORSCHUNGSPROJEKTES D E S B M B F FÖRDERKENNZEICHEN 01 | S 1 5 0 1 6 A ‐ F 01IS15016A- F Goldmedia GmbH Strategy Consulting Autoren: Prof. Dr. Klaus Goldhammer, Dr. André Wiegand, Tim Prien M.A., Ina Wylenga M.A. Unter Mitarbeit von: Franziska Busse, Sophie Seyffert und Andrea Hamm Oranienburger Str. 27, 10117 Berlin-Mitte, Germany Tel. +49 30-246 266-0, Fax +49 30-246 266-66 [email protected] Datum: 28.02.2018 ABIDA - ASSESSING BIG DATA PROJEKTLAUFZEIT 01.0 3 . 2 0 1 5 - 2 8 . 0 2 . 2 0 1 9 FÖRDERKENNZEICHEN 01 | S 1 5 0 1 6 A ‐ F Westfälische Wilhelms-Universität Münster, Institut für Informations-, Telekommunikations- und Medienrecht (ITM), Zivilrechtliche Abteilung Karlsruher Institut für Technologie, Institut für Technikfolgenabschätzung und Systemanalyse (ITAS) Leibniz Universität Hannover Institut für Rechtsinformatik (IRI) Technische Universität Dortmund, Wirtschafts- und Sozialwissenschaftliche Fakultät (WiSo) Techniksoziologie Ludwig-Maximilians-Universität München, Forschungsstelle für Information, Organisation und Management (IOM) Wissenschaftszentrum Berlin für Sozialforschung www.abida.de ABIDA - Assessing Big Data Über das Gutachten Das Gutachten wurde im Rahmen des ABIDA-Projekts mit Mitteln des Bundesministeriums für Bildung und Forschung erstellt. Der Inhalt des Gutachtens gibt ausschließlich die Auffassungen der Autoren wieder. Diese decken sich nicht automatisch mit denen des Ministeriums und/oder der einzelnen Projektpartner. ABIDA lotet
    [Show full text]
  • Protótipo Para Extração De Metadados De Vídeo
    Estágio Mestrado em Engenharia Informática – Computação Móvel Protótipo para Extração de Metadados de Vídeo Daniel dos Santos Vieira Leiria, agosto de 2017 Estágio Mestrado em Engenharia Informática – Computação Móvel Protótipo para Extração de Metadados de Vídeo Daniel dos Santos Vieira Estágio de Mestrado realizada sob a orientação de Vítor Manuel de Oliveira Pegado de Noronha e Távora, Professor da Escola Superior de Tecnologia e Gestão do Instituto Politécnico de Leiria. Leiria, agosto de 2017. Esta página foi intencionalmente deixada em branco ii Dedicatória Aos meus pais. iii Esta página foi intencionalmente deixada em branco iv Agradecimentos Com o término do presente Relatório de Estágio curricular não posso deixar de agradecer a algumas pessoas que, direta ou indiretamente, me ajudaram nesta caminhada tão importante da minha vida pessoal, académica e profissional. Em primeiro lugar, agradeço a orientação que o Professor Vitor Távora disponibilizou durante a elaboração do presente Relatório. Obrigada pelo profissionalismo que demonstrou ter. Foi um privilégio ser seu orientando. Agradeço ao corpo docente e não docente da Escola Superior de Tecnologia e Gestão de Leiria por terem feito com que me sentisse em "casa" na "vossa casa". Um muito obrigado aos amigos que fiz e trouxe comigo. Agradeço à Ana, ao Nélson e ao Diogo por suportarem o meu mau feitio. Por fim, mas não menos importante, agradeço à minha família pois sem ela dificilmente conseguiria chegar até aqui. Por estarem sempre lá para me amparar, para me criticar, e para me felicitar, fazendo-me sentir uma pessoa melhor. Agradeço à minha mãe por ter um gostinho especial de me colocar sempre à prova, e ao meu pai por esperar mais aquele bocadinho no carro enquanto eu terminava qualquer coisa na sala de estudo.
    [Show full text]
  • Conversational Artificial Intelligence: Bringing the Library to Your Living Room
    Conversational Artificial Intelligence: Bringing the Library to Your Living Room This project was made possible in part by a 2019 award from the Catalyst Fund at LYRASIS. Conversational Artificial Intelligence: Bringing the Library to Your Living Room by King County Library System is licensed under a Creative Commons Attribution- NonCommercial-ShareAlike 4.0 International License. Based on a work at www.kcls.org/voice. TABLE OF CONTENTS 1. PROJECT GOAL ............................................................................................................................................. 2 2. PROJECT PROCESS ....................................................................................................................................... 2 A. What We Did .................................................................................................................................................................. 2 Policy Review ............................................................................................................................................................................. 2 Contract Review ....................................................................................................................................................................... 2 KCLS Community Input and Feedback ........................................................................................................................... 2 Library Interviews ..................................................................................................................................................................
    [Show full text]
  • This Draft of the 2021 CCCC Virtual Annual Convention Program Will Be Updated As Needed Prior to the Convention
    This draft of the 2021 CCCC Virtual Annual Convention program will be updated as needed prior to the Convention. On-Demand Sessions Access O-132 Undergraduate Researcher Poster Session On-Demand Session The annual undergraduate researcher poster session is organized by a multi-institutional team of faculty and students to encourage undergraduate participation at CCCC, to attract the field's future professionals, to extend the organization’s diversity, and to examine, support, and represent the growing presence of undergraduate research in rhetoric, composition, and communication. Chair: Jessie Moore, Elon University O-20 Poster Session On-Demand Session Language and Literacy Collaboratory Connections: A Study of Multilingual and ESL Students’ Interactions with Writing Centers This is a presentation from an undergraduate peer tutor to discuss the findings of a 2020 IRB-approved research study on the relationship between multilingual and ESL students and their writing center at an SLAC. The purpose of the study is to make the writing center a commonplace by practicing inclusivity. Speaker: Victoria Manzi, Centenary University, “Collaboratory Connections: A Study of Multilingual and ESL Students’ Interactions with Writing Centers” Information Literacy and Technology Engaging Academic Librarians to Collaboratively Build a Composition and Information Literacy OER Textbook This poster provides viewers with actionable suggestions for how to work with librarians to find, use, or build composition open-educational resources (OER) textbooks that incorporate information literacy based on the authors’ experiences in adapting multiple existing OER texts into a new OER textbook. Chair and Speaker: Kathy Anders, Texas A&M University Speakers: Sarah LeMire, Texas A&M University Terri Pantuso, Texas A&M University First-Year Writing Experiential Learning as Antiracist Pedagogy in Composition Courses This poster will use both autoethnography and student writing to outline the impact of service-learning as antiracist praxis in the composition classroom.
    [Show full text]
  • On Transparency and Accountability of Smart Assistants in Smart Cities
    applied sciences Article On Transparency and Accountability of Smart Assistants in Smart Cities Haroon Elahi, Guojun Wang * , Tao Peng and Jianer Chen School of Computer Science, Guangzhou University, Guangzhou 510006, China; [email protected] (H.E.); [email protected] (T.P.); [email protected] (J.C.) * Correspondence: [email protected] Received: 1 November 2019; Accepted: 4 December 2019; Published: 6 December 2019 Abstract: Smart Assistants have rapidly emerged in smartphones, vehicles, and many smart home devices. Establishing comfortable personal spaces in smart cities requires that these smart assistants are transparent in design and implementation—a fundamental trait required for their validation and accountability. In this article, we take the case of Google Assistant (GA), a state-of-the-art smart assistant, and perform its diagnostic analysis from the transparency and accountability perspectives. We compare our discoveries from the analysis of GA with those of four leading smart assistants. We use two online user studies (N = 100 and N = 210) conducted with students from four universities in three countries (China, Italy, and Pakistan) to learn whether risk communication in GA is transparent to its potential users and how it affects them. Our research discovered that GA has unusual permission requirements and sensitive Application Programming Interface (API) usage, and its privacy requirements are not transparent to smartphone users. The findings suggest that this lack of transparency makes the risk assessment and accountability of GA difficult posing risks to establishing private and secure personal spaces in a smart city. Following the separation of concerns principle, we suggest that autonomous bodies should develop standards for the design and development of smart city products and services.
    [Show full text]
  • Telephone Directory
    United States Department of State Telephone Directory This customized report includes the following section(s): Organizational Directory 9/30/2021 Provided by Global Information Services, A/GIS Cover UNCLASSIFIED Organizational Directory United States Department of State 2201 C Street NW, Washington, DC 20520 Office of the Secretary (S) Operations Center (S/ES-O) Director Belinda K Jackson Farrier 7419A 202-647-2523 Secretary Deputy Director for the Watch Jeremy Beer 7419A 202-647-2522 Secretary of State of the United States Antony J 202-647-4000 Acting Deputy Director for Crisis Management and 202-647-7640 Blinken HST 7226 Strategy Jim Jay 7428 Chief of Staff Suzy George HST 7234A 202-647-4000 (24 Hour Per Day) Senior Watch Officer 7427 202-647-1512 Executive Assistant Timmy Davis HST 7226 202-647-4000 Military Representative Lt Col Hank Chilcoat 7427 202-647-6097 Deputy Chief of Staff for Policy Thomas Sullivan 202-647-4000 (24 Hours Per Day) Editor 7427 202-647-1512 HST 7226A (24 Hours Per Day) The Watch 7427 202-647-1512 Deputy Chief of Staff for Operations Jessica Wright 202-647-4000 CMS Crisis Management and Strategy 7428 202-647-7640 HST 7226 Emergency and Evacuations Planning CMS Staff 202-647-7640 Office Manager to the Secretary Debra Filipp HST 202-647-4000 7428 7226 Emergency Relocation CMS Staff 7428 202-647-7640 Office Manager to the Secretary Andrea Miller HST 202-647-4000 7226 Task Force 5 Task Force 5 7522 202-485-1888 Office Manager to the Chief of Staff Moises 202-647-4000 Task Force 6 Task Force 6 1410 202-647-4888 Benhabib HST 7234A Director of Scheduling for the Secretary of State 202-647-4000 Office of the Executive Director (S/ES-EX) Sarah McCool HST 7234 Executive Director, Deputy Executive Secretary 202-647-6167 Trip Director for the Secretary of State Evan Glover 202-647-4000 Dwayne Cline 7507 HST 7234 Deputy Executive Director Michelle Ward 7507 202-647-6167 Special Assistant to the Secretary Kate Hoops HST 202-647-4000 7226 Budget Officer Reginald J.
    [Show full text]
  • The Brave New World of Digital Personal Assistants: Benefits and Challenges from an Economic Perspective
    A Service of Leibniz-Informationszentrum econstor Wirtschaft Leibniz Information Centre Make Your Publications Visible. zbw for Economics Budzinski, Oliver; Noskova, Victoriia; Zhang, Xijie Working Paper The brave new world of digital personal assistants: Benefits and challenges from an economic perspective Ilmenau Economics Discussion Papers, No. 118 Provided in Cooperation with: Ilmenau University of Technology, Institute of Economics Suggested Citation: Budzinski, Oliver; Noskova, Victoriia; Zhang, Xijie (2018) : The brave new world of digital personal assistants: Benefits and challenges from an economic perspective, Ilmenau Economics Discussion Papers, No. 118, Technische Universität Ilmenau, Institut für Volkswirtschaftslehre, Ilmenau This Version is available at: http://hdl.handle.net/10419/191021 Standard-Nutzungsbedingungen: Terms of use: Die Dokumente auf EconStor dürfen zu eigenen wissenschaftlichen Documents in EconStor may be saved and copied for your Zwecken und zum Privatgebrauch gespeichert und kopiert werden. personal and scholarly purposes. Sie dürfen die Dokumente nicht für öffentliche oder kommerzielle You are not to copy documents for public or commercial Zwecke vervielfältigen, öffentlich ausstellen, öffentlich zugänglich purposes, to exhibit the documents publicly, to make them machen, vertreiben oder anderweitig nutzen. publicly available on the internet, or to distribute or otherwise use the documents in public. Sofern die Verfasser die Dokumente unter Open-Content-Lizenzen (insbesondere CC-Lizenzen) zur Verfügung gestellt haben sollten, If the documents have been made available under an Open gelten abweichend von diesen Nutzungsbedingungen die in der dort Content Licence (especially Creative Commons Licences), you genannten Lizenz gewährten Nutzungsrechte. may exercise further usage rights as specified in the indicated licence. www.econstor.eu Ilmenau University of Technology Institute of Economics ________________________________________________________ Ilmenau Economics Discussion Papers, Vol.
    [Show full text]
  • Download Firmware for Android Tv Box
    Download firmware for android tv box Continue JARVIS is a very familiar personal assistant, designed by Tony Stark in the Iron Man films to manage almost everything in Tony's life. In real life you can also have your virtual assistant in the form of a mobile app. Personal Assistant apps can answer your questions, organize calls, events, and schedule meetings. They've been around for a long time, with Apple's Siri being the first to become available in the consumer market. Now we have a plethora of reliable and consistent assistant apps such as Google Assistant, Microsoft Cortana, Amazon Alexa and more. Almost all android devices come with Google Assistant. But the following Jarvis apps will provide a different feature and a more personalized experience. Why are personal assistant apps so popular these days? Personal assistant apps have existed for a while, but it was Marvel's Ironman first to spark their popularity with its personalized AI assistant called Jarvis. Jarvis helped Tony Stark during his ventures, and provided valuable insights into his insight. What is a personal assistant app? This is an application with a built-in artificial intelligence assistant that will help you get through your daily tasks much easier than you would without it. How does the personal assistant app work? As mentioned above, these applications use artificial intelligence (AI) and machine learning (ML) algorithms to learn from your experience and curate it in a way that is more help to yourself. While AI cannot be achieved in a common goal, today's helpers help assist and organize users gathered in one place.
    [Show full text]
  • The Economist Commodity-Price Index
    Welcome shiyi18 Search The Economist My account Manage my newsletters Log out Sunday September 5th 2010 Site feedback Home Print edition September 4th 2010 This week's print edition The web's new walls Previous print editions Subscribe Daily news analysis How the threats to the Aug 28th 2010 Subscribe to the print edition Opinion internet's openness can be Aug 21st 2010 All opinion Or buy a Web subscription for averted: leader Aug 14th 2010 full access online Leaders Aug 7th 2010 Letters to the Editor Jul 31st 2010 RSS feeds Columns KAL's cartoons More print editions and Receive this page by RSS feed Correspondent's diary covers » Economist debates The world this week World All world Politics this week Politics this week Business this week International KAL's cartoon United States Technology Quarterly The Americas Asia Leaders Monitor Africa Memory upgrade Middle East The internet Europe The web's new walls Monitor Britain An online medic Pakistan's cricket scandal Special reports Crossing the boundary Monitor Business and finance Powering up All business and finance South Africa's politics Business this week Zuma's two bad calls Monitor Economics focus A suit that can sing and hear Global economic policy Business education Monetary illusions Monitor Which MBA? Gently does it Management Japan Economics A-Z Self-destruction Monitor Ruses to cut printing costs Economics All Economics Letters Monitor Markets and Data Correct me if I'm wrong... Daily chart On industrial policy, Lexington, Australian elections, Weekly indicators Club Med,
    [Show full text]
  • Entrust: Regulating Sensor Access by Cooperating Programs Via Delegation Graphs
    EnTrust: Regulating Sensor Access by Cooperating Programs via Delegation Graphs Giuseppe Petracca Yuqiong Sun Ahmad-Atamli Reineh Penn State University, US Symantec Research Labs, US Alan Turing Institute, London, UK [email protected] [email protected] [email protected] Jens Grossklags Patrick McDaniel Trent Jaeger Technical University of Munich, DE Penn State University, US Penn State University, US [email protected] [email protected] [email protected] Abstract For instance, modern operating systems now ship with Modern operating systems support a cooperating pro- voice-controlled personal assistants that may enlist apps gram abstraction that, instead of placing all function- and other system services to fulfill user requests, reach- ality into a single program, allows diverse programs to ing for a new horizon in human-computer interaction. cooperate to complete tasks requested by users. How- Unfortunately, system services are valuable targets ever, untrusted programs may exploit such interactions for adversaries because they often have more permis- to spy on users through device sensors by causing priv- sions than normal apps. In particular, system services ileged system services to misuse their permissions, or are automatically granted access to device sensors, such to forward user requests to malicious programs inadver- as the camera, microphone, and GPS. In one recent case tently. Researchers have previously explored methods reported by Gizmodo [1], a ride-sharing app took ad- to restrict access to device sensors
    [Show full text]