Controlling the release of private information using static flow analysis

US 9,104,528 B2
Filed: 12/08/2011
Issued: 08/11/2015
Est. Priority Date: 12/08/2011
Status: Active Grant

First Claim

Patent Images

1. A method, performed by computing functionality, for controlling dissemination of private information by a program, comprising the following steps as executed on a computing device comprising at least a processing device executing instructions maintained by a memory:

receiving an analysis-invoking event;

in response to the analysis-invoking event, performing static analysis to determine at least one flow within the program of private information from a source to a sink, the flow being determined to be unsafe based on a policy, wherein the flow determined to be unsafe comprises at least one of a flow of tampered private information from the source to the sink, the tampered private information corresponding to private information that is tampered with within the program prior to being sent to the sink, and a flow of untampered private information from the source to the sink, where a user is not given an opportunity to confirm the flow of the untampered private information; and

providing flow information to the user regarding the flow that has been determined by the static analysis, for use by the user in controlling the dissemination of the private information to the sink.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A privacy control system is described herein for controlling dissemination of private information by a program. The privacy control system operates by performing static analysis to determine at least one flow within the program of private information, from a source to a sink. The static analysis is particularly configured to identify two types of flow, including: (a) an unvetted flow of untampered private information from the source to the sink; and (b) a flow of tampered private information from the source to the sink, whether vetted or unvetted. The privacy control system then prompts the user to provide a privacy control decision regarding the flow. The privacy control decision governs whether actual data or anonymized data is provided to the sink, or whether the program is terminated. A runtime system then runs the program in accordance with the privacy control decision.

Citations

17 Claims

1. A method, performed by computing functionality, for controlling dissemination of private information by a program, comprising the following steps as executed on a computing device comprising at least a processing device executing instructions maintained by a memory:
- receiving an analysis-invoking event;
  
  in response to the analysis-invoking event, performing static analysis to determine at least one flow within the program of private information from a source to a sink, the flow being determined to be unsafe based on a policy, wherein the flow determined to be unsafe comprises at least one of a flow of tampered private information from the source to the sink, the tampered private information corresponding to private information that is tampered with within the program prior to being sent to the sink, and a flow of untampered private information from the source to the sink, where a user is not given an opportunity to confirm the flow of the untampered private information; and
  
  providing flow information to the user regarding the flow that has been determined by the static analysis, for use by the user in controlling the dissemination of the private information to the sink.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the static analysis comprises using a fixed-point algorithm to iteratively determine all flows of private information from a set of possible sources to a set of possible sinks.
  - 3. The method of claim 1, further comprising:
    - receiving a presentation-invoking event;
      
      in response to the presentation-invoking event, presenting the flow information regarding the flow that has been determined to be unsafe by the static analysis;
      
      prompting the user to provide a privacy control decision regarding the flow; and
      
      running the program in accordance with the privacy control decision.
  - 4. The method of claim 3, wherein said presenting comprises displaying a graphical user interface presentation that depicts the flow information, where, in that graphical user interface presentation, the sink and source are assigned respective graphical symbols.
  - 5. The method of claim 3, wherein the privacy control decision governs whether actual data or anonymized data is provided to the sink.
  - 6. The method of claim 3, wherein the privacy control decision governs whether the program is terminated.
  - 7. The method of claim 3, further comprising applying a default privacy control decision to the flow, and wherein said prompting asks the user to maintain or modify the default privacy control decision.

8. A computer readable storage device for storing computer readable instructions, the computer readable instructions providing a privacy control system when executed by one or more processing devices, the computer readable instructions comprising:
- logic configured to receive an analysis-invoking event; and
  
  logic configured to perform static analysis, in response to the analysis-invoking event, to determine at least one tampered flow of private information within a program from a source to a sink, or untampered-unvetted flow,the tampered flow corresponding to a flow in which private information is received from the source, tampered by the program, and sent to the sink in tampered form; and
  
  the untampered-unvetted flow corresponding to a flow in which the private information is not tampered, but in which the user is not given an opportunity to confirm the flow of the private information.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer readable storage medium of claim 8, wherein the private information is tampered in a manner that is not readily detectable by a user.
  - 10. The computer readable storage medium of claim 8, further comprising:
    - logic configured to receive a presentation-invoking event; and
      
      logic configured to present flow information regarding the tampered flow and the untampered-unvetted flow that have been determined by the static analysis.
  - 11. The computer readable storage medium of claim 10, further comprising:
    - logic configured to prompt the user to provide a privacy control decision regarding each flow of private information; and
      
      logic configured to receive each privacy control decision from the user,wherein each privacy control decision governs a manner of running the program with respect to each flow of private information.
  - 12. The computer readable storage medium of claim 11, wherein each privacy control decision governs whether actual data or anonymized data is provided to a sink associated with a flow.
  - 13. The computer readable storage medium of claim 11, wherein each privacy control decision governs whether the program is terminated.

14. A computer system comprising one or more processing devices that execute instructions stored in a memory, for controlling dissemination of private information by a program, and further comprising an executable consent solicitation module, the consent solicitation module comprising:
- logic configured to display a graphical user interface presentation to a user, the graphical user interface presentation conveying flow information regarding a flow of private information within a program that has been determined by static analysis,the graphical user interface presentation presenting at least one of two types of flow, the two types including;
  
  a flow of untampered private information from a source to a sink, where the user is not given an opportunity to confirm the flow of the untampered private information; and
  
  a flow of tampered private information from the source to the sink, the tampered private information corresponding to private information that is tampered by the program prior to being sent to the sink.
- View Dependent Claims (15, 16, 17)
- - 15. The computer system of claim 14, further comprising:
    - logic configured to prompt the user, via the graphical user interface presentation, to specify a privacy control decision as to whether actual data or anonymized data is provided by the flow to the sink, or whether the program is to be terminated; and
      
      logic configured to receive the privacy control decision from the user.
  - 16. The computer system of claim 15, further comprising logic configured to apply a default privacy control decision to the flow, and wherein said logic configured to prompt is configured to prompt the user to maintain or modify the default privacy control decision.
  - 17. The computer system of claim 15, further comprising logic configured to invite a user to choose actual data for all identified flows or to choose anonymized data for all identified flows.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Xiao, Xusheng, Tillmann, Nikolai, Fahndrich, Manuel A., de Halleux, Jonathan Paul, Moskal, Michal J.
Primary Examiner(s)
RAHIM, MONJUR

Application Number

US13/314,212
Publication Number

US 20130152154A1
Time in Patent Office

1,342 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

G06F 17/00   Digital computing or data p...

G06F 21/00   Security arrangements for p...

G06F 21/57   Certifying or maintaining t...

G06F 21/6245   Protecting personal data, e...

G06F 2221/033   Test or assess software

H04W 12/02   Protecting privacy or anony...

H04W 12/63   Location-dependent; Proximi...

Controlling the release of private information using static flow analysis

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling the release of private information using static flow analysis

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links