Visible to the public Viola: Trustworthy Sensor Notifications for Enhanced Privacy on Mobile Systems

TitleViola: Trustworthy Sensor Notifications for Enhanced Privacy on Mobile Systems
Publication TypeConference Paper
Year of Publication2016
AuthorsMirzamohammadi, Saeed, Amiri Sani, Ardalan
Conference NameProceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4269-8
Keywordscomposability, indicators, invariants, mobile systems, notifications, pubcrawl, Sensors, trustworthiness, trustworthy, verification, virtualization
Abstract

Modern mobile systems such as smartphones, tablets, and wearables contain a plethora of sensors such as camera, microphone, GPS, and accelerometer. Moreover, being mobile, these systems are with the user all the time, e.g., in user's purse or pocket. Therefore, mobile sensors can capture extremely sensitive and private information about the user including daily conversations, photos, videos, and visited locations. Such a powerful sensing capability raises important privacy concerns. To address these concerns, we believe that mobile systems must be equipped with trustworthy sensor notifications, which use indicators such as LED to inform the user unconditionally when the sensors are on. We present Viola, our design and implementation of trustworthy sensor notifications, in which we leverage two novel solutions. First, we deploy a runtime monitor in low-level system software, e.g., in the operating system kernel or in the hypervisor. The monitor intercepts writes to the registers of sensors and indicators, evaluates them against checks on sensor notification invariants, and rejects those that fail the checks. Second, we use formal verification methods to prove the functional correctness of the compilation of our invariant checks from a high-level language. We demonstrate the effectiveness of Viola on different mobile systems, such as Nexus 5, Galaxy Nexus, and ODROID XU4, and for various sensors and indicators, such as camera, microphone, LED, and vibrator. We demonstrate that Viola incurs almost no overhead to the sensor's performance and incurs only small power consumption overhead.

URLhttp://doi.acm.org/10.1145/2906388.2906391
DOI10.1145/2906388.2906391
Citation Keymirzamohammadi_viola:_2016