![[Max-Planck-Gesellshaft]](http://plv.mpi-sws.org/logo_mpi.gif){kind=logo}
![[MPI-SWS]](http://plv.mpi-sws.org/mpisws-logo.png){kind=logo}
With digital distribution platforms (for instance, Google Play
and Apple iTunes), users can
choose 3th party applications among thousand options. However, many of these applications
send/receive data to/from their remote service. The user might not have control over the
data that is shared with the service provider. In some cases, the user does not even know
about that.
As example, consider the Twitter mobile application. During the installation, it requires
the permission to access both Internet and the user's contact list. However, it was noticed
that the application secretly uploaded data from the contact list to the Twitter servers
(see this for more information). After such episode became public,
they changed the application to notify the user about the data sharing.
This project aims to provide solutions to prevent information leakage from 3th party
applications by controlling the flow of information.
We propose an architectural solution based on a two-stage execution environment. In this
solution, the application has two sequential states: unsealed (the initial state) and
sealed (the final state). Once the application has changed to the sealed state, it can
terminate but not go back to the unsealed state. The main idea is that the application
has access to sensitive information (or generate sensitive information) only in the
sealed mode, and it can communicate with 3th parties only in the unsealed mode.
All the data access is mediated by a trusted component like the kernel. In addition:
Raul Herbster, Scott DellaTorre, Peter Druschel, Bobby Bhattacharjee,
Paper ACM MobiSys'16, June 2016.