{"title":"智能家居应用程序自动生成隐私策略","authors":"Youqun Li, Yichi Zhang, Haojin Zhu, Suguo Du","doi":"10.1109/INFOCOMWKSHPS51825.2021.9484530","DOIUrl":null,"url":null,"abstract":"Modern Smart Home platforms offer various applications, which should follow the platform privacy policies so that end users and regulators are informed of Sensitive Personal Information (SPI) related operations. However, the generalized privacy policies by Smart Home platforms fail to explain specific SPI related operations for individual applications. Meanwhile, according to previous works, potential SPI leaks may occur due to insufficient surveillance. In this paper, we propose the first system to automatically generate fine-grained privacy policies for individual applications through static code analysis and natural language techniques. First, from the code we extract the control flow graph and the SPI data flows. Then, we use a Naive Bayes model to transfer the data flows into verb-object phrases. Finally, we populate a pre-prepared privacy policy template with the previously generated phrases. We evaluate our system on Samsung SmartThings platform. The experimental results show that: 1) Our system can accurately extract SPI related operations from Smart Home applications; 2) The privacy policies created by our system are fine-grained and easily understandable; 3) We demonstrate the efficacy of the proposed system on a real world data-set of almost 250 apps.","PeriodicalId":109588,"journal":{"name":"IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Toward Automatically Generating Privacy Policy for Smart Home Apps\",\"authors\":\"Youqun Li, Yichi Zhang, Haojin Zhu, Suguo Du\",\"doi\":\"10.1109/INFOCOMWKSHPS51825.2021.9484530\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Modern Smart Home platforms offer various applications, which should follow the platform privacy policies so that end users and regulators are informed of Sensitive Personal Information (SPI) related operations. However, the generalized privacy policies by Smart Home platforms fail to explain specific SPI related operations for individual applications. Meanwhile, according to previous works, potential SPI leaks may occur due to insufficient surveillance. In this paper, we propose the first system to automatically generate fine-grained privacy policies for individual applications through static code analysis and natural language techniques. First, from the code we extract the control flow graph and the SPI data flows. Then, we use a Naive Bayes model to transfer the data flows into verb-object phrases. Finally, we populate a pre-prepared privacy policy template with the previously generated phrases. We evaluate our system on Samsung SmartThings platform. The experimental results show that: 1) Our system can accurately extract SPI related operations from Smart Home applications; 2) The privacy policies created by our system are fine-grained and easily understandable; 3) We demonstrate the efficacy of the proposed system on a real world data-set of almost 250 apps.\",\"PeriodicalId\":109588,\"journal\":{\"name\":\"IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)\",\"volume\":\"9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-05-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INFOCOMWKSHPS51825.2021.9484530\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INFOCOMWKSHPS51825.2021.9484530","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Toward Automatically Generating Privacy Policy for Smart Home Apps
Modern Smart Home platforms offer various applications, which should follow the platform privacy policies so that end users and regulators are informed of Sensitive Personal Information (SPI) related operations. However, the generalized privacy policies by Smart Home platforms fail to explain specific SPI related operations for individual applications. Meanwhile, according to previous works, potential SPI leaks may occur due to insufficient surveillance. In this paper, we propose the first system to automatically generate fine-grained privacy policies for individual applications through static code analysis and natural language techniques. First, from the code we extract the control flow graph and the SPI data flows. Then, we use a Naive Bayes model to transfer the data flows into verb-object phrases. Finally, we populate a pre-prepared privacy policy template with the previously generated phrases. We evaluate our system on Samsung SmartThings platform. The experimental results show that: 1) Our system can accurately extract SPI related operations from Smart Home applications; 2) The privacy policies created by our system are fine-grained and easily understandable; 3) We demonstrate the efficacy of the proposed system on a real world data-set of almost 250 apps.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
