Abstract
This paper focuses on tracking information flow in the presence of delayed output. We motivate the need to address delayed output in the domains of IoT apps and email marketing. We discuss the threat of privacy leaks via delayed output in code published by malicious app makers on popular IoT app platforms. We discuss the threat of privacy leaks via delayed output in non-malicious code on popular platforms for email-driven marketing. We present security characterizations of projected noninterference and projected weak secrecy to capture information flows in the presence of delayed output in malicious and non-malicious code, respectively. We develop two security type systems: for information flow control in potentially malicious code and for taint tracking in non-malicious code, engaging read and write security types to soundly enforce projected noninterference and projected weak secrecy.
Cite
CITATION STYLE
Bastys, I., Piessens, F., & Sabelfeld, A. (2018). Tracking Information Flow via Delayed Output: Addressing Privacy in IoT and Emailing Apps. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11252 LNCS, pp. 19–37). Springer Verlag. https://doi.org/10.1007/978-3-030-03638-6_2
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
