Information Flow Control for Location-based Services

This paper presents a framework for preserving location privacy without affecting the quality of service. In this framework, the services migrate a piece of code to a trusted server that is assumed to have location information of all the interesting subjects. The code executes on the trusted server, reads location information and sends back results. We present Non-inference, an information-flow control model that guarantees that the code does not leak exact location information. We discuss the design, implementation and evaluation of a static program analysis technique that enforces non-inference for location based services.

[1]  Marco Gruteser,et al.  USENIX Association , 1992 .

[2]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[3]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[4]  Andrew C. Myers,et al.  Enforcing robust declassification , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[5]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[6]  Bernard Carré,et al.  Information-flow and data-flow analysis of while-programs , 1985, TOPL.

[7]  Roberto Giacobazzi,et al.  Abstract non-interference: parameterizing non-interference by abstract interpretation , 2004, POPL.

[8]  Andrew C. Myers,et al.  Untrusted hosts and confidentiality , 2001, SOSP.

[9]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[10]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[11]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[12]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[13]  Chris Hankin,et al.  Approximate non-interference , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[14]  David A. Wagner,et al.  MOPS: an infrastructure for examining security properties of software , 2002, CCS '02.

[15]  Laurie Hendren,et al.  Soot---a java optimization framework , 1999 .

[16]  Gus Hosein,et al.  They Know Where You Are , 2007 .

[17]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[18]  Peng Li,et al.  Downgrading policies and relaxed noninterference , 2005, POPL '05.

[19]  Marco Gruteser,et al.  Framework for security and privacy in automotive telematics , 2002, WMC '02.

[20]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[21]  James A. Landay,et al.  Modeling Privacy Control in Context-Aware Systems , 2002, IEEE Pervasive Comput..

[22]  Andrew C. Myers,et al.  A Model for Delimited Information Release , 2003, ISSS.