Controlling the release of private information using static flow analysis
First Claim
1. A method, performed by computing functionality, for controlling dissemination of private information by a program, comprising the following steps as executed on a computing device comprising at least a processing device executing instructions maintained by a memory:
- receiving an analysis-invoking event;
in response to the analysis-invoking event, performing static analysis to determine at least one flow within the program of private information from a source to a sink, the flow being determined to be unsafe based on a policy, wherein the flow determined to be unsafe comprises at least one of a flow of tampered private information from the source to the sink, the tampered private information corresponding to private information that is tampered with within the program prior to being sent to the sink, and a flow of untampered private information from the source to the sink, where a user is not given an opportunity to confirm the flow of the untampered private information; and
providing flow information to the user regarding the flow that has been determined by the static analysis, for use by the user in controlling the dissemination of the private information to the sink.
2 Assignments
0 Petitions
Accused Products
Abstract
A privacy control system is described herein for controlling dissemination of private information by a program. The privacy control system operates by performing static analysis to determine at least one flow within the program of private information, from a source to a sink. The static analysis is particularly configured to identify two types of flow, including: (a) an unvetted flow of untampered private information from the source to the sink; and (b) a flow of tampered private information from the source to the sink, whether vetted or unvetted. The privacy control system then prompts the user to provide a privacy control decision regarding the flow. The privacy control decision governs whether actual data or anonymized data is provided to the sink, or whether the program is terminated. A runtime system then runs the program in accordance with the privacy control decision.
-
Citations
17 Claims
-
1. A method, performed by computing functionality, for controlling dissemination of private information by a program, comprising the following steps as executed on a computing device comprising at least a processing device executing instructions maintained by a memory:
-
receiving an analysis-invoking event; in response to the analysis-invoking event, performing static analysis to determine at least one flow within the program of private information from a source to a sink, the flow being determined to be unsafe based on a policy, wherein the flow determined to be unsafe comprises at least one of a flow of tampered private information from the source to the sink, the tampered private information corresponding to private information that is tampered with within the program prior to being sent to the sink, and a flow of untampered private information from the source to the sink, where a user is not given an opportunity to confirm the flow of the untampered private information; and providing flow information to the user regarding the flow that has been determined by the static analysis, for use by the user in controlling the dissemination of the private information to the sink. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer readable storage device for storing computer readable instructions, the computer readable instructions providing a privacy control system when executed by one or more processing devices, the computer readable instructions comprising:
-
logic configured to receive an analysis-invoking event; and logic configured to perform static analysis, in response to the analysis-invoking event, to determine at least one tampered flow of private information within a program from a source to a sink, or untampered-unvetted flow, the tampered flow corresponding to a flow in which private information is received from the source, tampered by the program, and sent to the sink in tampered form; and the untampered-unvetted flow corresponding to a flow in which the private information is not tampered, but in which the user is not given an opportunity to confirm the flow of the private information. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer system comprising one or more processing devices that execute instructions stored in a memory, for controlling dissemination of private information by a program, and further comprising an executable consent solicitation module, the consent solicitation module comprising:
-
logic configured to display a graphical user interface presentation to a user, the graphical user interface presentation conveying flow information regarding a flow of private information within a program that has been determined by static analysis, the graphical user interface presentation presenting at least one of two types of flow, the two types including; a flow of untampered private information from a source to a sink, where the user is not given an opportunity to confirm the flow of the untampered private information; and a flow of tampered private information from the source to the sink, the tampered private information corresponding to private information that is tampered by the program prior to being sent to the sink. - View Dependent Claims (15, 16, 17)
-
Specification