Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Buchtitelbild

2019 | OriginalPaper | Buchkapitel

Fine-Grained Privacy Control for Fitness and Health Applications Using the Privacy Management Platform

verfasst von : Christoph Stach

Erschienen in: Information Systems Security and Privacy

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Due to the Internet of Things, novel types of sensors are integrated into everyday objects. A domain that benefits most is the fitness and health domain. With the advent of the so-called Smartbands—i. e., bracelets or watches with built-in sensors such as heart rate sensors, location sensors, or even glucose meters—novel fitness and health application are made possible. That way a quantified self can be created. Despite all the advantages that such applications entail, new privacy concerns arise.
These applications collect and process sensitive health data. Users are concerned by reports about privacy violations. These violations are enabled by inherent security vulnerabilities and deficiencies in the privacy systems of mobile platforms. As none of the existing privacy approaches is designed for the novel challenges arising from Smartband applications, we discuss, how the Privacy Policy Model (PPM), a fine-grained and modular expandable permission model, can be applied to this application area. This model is implemented in the Privacy Management Platform (PMP). Thus the outcomes of this work can be leveraged directly. Evaluation results underline the benefits of our work for Smartband applications.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Nächstes Kapitel Touch and Move: Incoming Call User Authentication
Fußnoten
2
The data type Location is not supported by AIDL. Additional type definitions are required to compile this interface definition.
 
Literatur
1.
Albaghli, R., Anderson, K.M.: A vision for heart rate health through wearables. In: Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct, UbiComp 2016, pp. 1101–1105 (2016)
2.
Alpers, S., Pieper, M., Wagner, M.: Herausforderungen bei der Entwicklung von Anwendungen zum Selbstdatenschutz. In: Informatik 2017: Digitale Kulturen, Tagungsband der 47. Jahrestagung der Gesellschaft für Informatik e.V. (GI), 25.9-29.9.2017, Chemnitz. LNI, vol. 275, pp. 1061–1072 (2017). (in German)
3.
4.
Banuri, H., et al.: An Android runtime security policy enforcement framework. Pers. Ubiquit. Comput. 16(6), 631–641 (2012)CrossRef
5.
Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 73–84 (2010)
6.
Barrera, D., Van Oorschot, P.: Secure software installation on Smartphones. IEEE Secur. Priv. 9(3), 42–48 (2011)CrossRef
7.
Beresford, A.R., Rice, A., Skehin, N., Sohan, R.: MockDroid: trading privacy for application functionality on Smartphones. In: Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, HotMobile 2011, pp. 49–54 (2011)
8.
9.
Böhme, R., Grossklags, J.: The security cost of cheap user interaction. In: Proceedings of the 2011 New Security Paradigms Workshop, NSPW 2011, pp. 67–82 (2011)
10.
Chan, M., Estève, D., Fourniols, J.Y., Escriba, C., Campo, E.: Smart wearable systems: current status and future challenges. Artif. Intell. Med. 56(3), 137–156 (2012)CrossRef
11.
12.
Conti, M., Zachia-Zlatea, I., Crispo, B.: Mind how you answer me!: transparently authenticating the user of a Smartphone when answering or placing a call. In: Proceedings of the 6\(^{\rm th}\) ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 249–259 (2011)
13.
Davis, B., Chen, H.: RetroSkeleton: retrofitting Android apps. In: Proceeding of the 11th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys 2013, pp. 181–192 (2013)
14.
Davis, B., Sanders, B., Khodaverdian, A., Chen, H.: I-ARM-Droid: a rewriting framework for in-app reference monitors for Android applications. In: Proceedings of the 2012 IEEE Conference on Mobile Security Technologies, MoST 2012, pp. 28:1–28:9 (2012)
15.
Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on Smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI 2010, pp. 393–407 (2010)
16.
Felt, A.P., Egelman, S., Finifter, M., Akhawe, D., Wagner, D.: How to ask for permission. In: Proceedings of the 7th USENIX Conference on Hot Topics in Security, HotSec 2012, pp. 1–6 (2012)
17.
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS 2012, pp. 3:1–3:14 (2012)
18.
19.
20.
Giebler, C., Stach, C.: Datenschutzmechanismen für Gesundheitsspiele am Beispiel von Secure Candy Castle. In: Tagungsband der 15. GI-Fachtagung Datenbanksysteme für Business, Technologie und Web, BTW 2017, pp. 311–320 (2017). (in German)
21.
22.
Grace, M., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock Android Smartphones. In: Proceedings of the 2012 Network and Distributed System Security Symposium, NDSS 2012, pp. 7/5:1–7/5:15 (2012)
23.
24.
Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting Android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 639–652 (2011)
25.
Hsu, H.H., Peng, W.J., Shih, T.K., Pai, T.W., Man, K.L.: Smartphone indoor localization with accelerometer and gyroscope. In: Proceedings of the 2014 17th International Conference on Network-Based Information Systems, NBiS 2014, pp. 465–469 (2014)
26.
Jeon, J., et al.: Dr. Android and Mr. Hide: fine-grained permissions in Android applications. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2012, pp. 3–14 (2012)
27.
Jiang, W., Yin, Z.: Human activity recognition using wearable sensors by deep convolutional neural networks. In: Proceedings of the 23rd ACM International Conference on Multimedia, MM 2015, pp. 1307–1310 (2015)
28.
29.
Khatoon, A., Corcoran, P.: Android permission system and user privacy – a review of concept and approaches. In: Proceedings of the 2017 IEEE 7th International Conference on Consumer Electronics - Berlin, ICCE-Berlin 2017, pp. 153–158 (2017)
30.
Khorakhun, C., Bhatti, S.N.: mHealth through quantified-self: a user study. In: Proceedings of the 2015 17th International Conference on E-health Networking, Application & Services, HealthCom 2015, pp. 329–335 (2015)
31.
Kitagawa, M., et al.: Market share: final PCs, ultramobiles and mobile phones, all countries, 1Q18 update. Gartner, Inc., Technical report (2018)
32.
Knighten, J., McMillan, S., Chambers, T., Payton, J.: Recognizing social gestures with a wrist-worn Smartband. In: Proceedings of the 2015 IEEE International Conference on Pervasive Computing and Communication Workshops, WristSense 2015, pp. 544–549 (2015)
33.
Knöll, M.: “On the top of high towers ...” discussing locations in a mobile health game for diabetics. In: Proceedings of the 2010 IADIS International Conference Game and Entertainment Technologies, MCCSIS 2010, pp. 61–68 (2010)
34.
Knöll, M., Moar, M.: On the importance of locations in therapeutic serious games: review on current health games and how they make use of the urban landscape. In: Proceedings of the 2011 5th International Conference on Pervasive Computing Technologies for Healthcare and Workshops, PervasiveHealth 2011, pp. 538–545 (2011)
35.
Lee, M., Lee, K., Shim, J., Cho, S.j., Choi, J.: Security threat on wearable services: empirical study using a commercial Smartband. In: Proceedings of the IEEE International Conference on Consumer Electronics-Asia, ICCE-Asia 2016, pp. 1–5 (2016)
36.
Leontiadis, I., Efstratiou, C., Picone, M., Mascolo, C.: Don’t kill my ads!: balancing privacy in an ad-supported mobile application market. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, HotMobile 2012, pp. 2:1–2:6 (2012)
37.
Martin, D., Vicente, O., Vicente, S., Ballesteros, J., Maynar, M.: I will prescribe you an app. In: Proceedings of the 2014 Summer Simulation Multiconference, SummerSim 2014, pp. 58:1–58:8 (2014)
38.
39.
Mazzoleni, P., Crispo, B., Sivasubramanian, S., Bertino, E.: XACML policy integration algorithms. ACM Trans. Inform. Syst. Secur. 11(1), 4:1–4:29 (2008)CrossRef
40.
Mohamed, I., Patel, D.: Android vs iOS security: a comparative study. In: Proceedings of the 2015 12th International Conference on Information Technology - New Generations, ITNG 2015, pp. 725–730 (2015)
41.
Nauman, M., Khan, S., Zhang, X.: Apex: extending Android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 328–332 (2010)
42.
43.
Pombo, N., Garcia, N.M.: ubiSleep: an ubiquitous sensor system for sleep monitoring. In: Proceedings of the 2016 IEEE 12th International Conference on Wireless and Mobile Computing, Networking and Communications, WiMob 2016, pp. 1–4 (2016)
44.
Reeder, B., David, A.: Health at hand: a systematic review of smart watch uses for health and wellness. J. Biomed. Inform. 63, 269–276 (2016)CrossRef
45.
Ringer, T., Grossman, D., Roesner, F.: AUDACIOUS: user-driven access control with unmodified operating systems. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 204–216 (2016)
46.
Russello, G., Crispo, B., Fernandes, E., Zhauniarovich, Y.: YAASE: yet another Android security extension. In: Proceedings of the 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing, PASSAT 2011, pp. 1033–1040 (2011)
47.
Saracino, A., Martinelli, F., Alboreto, G., Dini, G.: Data-Sluice: fine-grained traffic control for Android application. In: Proceedings of the 2016 IEEE Symposium on Computers and Communication, ISCC 2016, pp. 702–709 (2016)
48.
Sbîrlea, D., Burke, M.G., Guarnieri, S., Pistoia, M., Sarkar, V.: Automatic detection of inter-application permission leaks in Android applications. IBM J. Res. Dev. 57(6), 10:1–10:12 (2013)CrossRef
49.
Shahmohammadi, F., Hosseini, A., King, C.E., Sarrafzadeh, M.: Smartwatch based activity recognition using active learning. In: Proceedings of the Second IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies, CHASE 2017, pp. 321–329 (2017)
50.
Siewiorek, D.: Generation Smartphone. IEEE Spectr. 49(9), 54–58 (2012)CrossRef
51.
Stach, C.: How to assure privacy on Android phones and devices? In: Proceedings of the 2013 IEEE 14\(^{\rm th}\) International Conference on Mobile Data Management, MDM 2013, pp. 350–352 (2013)
52.
Stach, C.: Wie funktioniert Datenschutz auf Mobilplattformen? In: Informatik 2013: Informatik angepasst an Mensch, Organisation und Umwelt, Tagungsband der 43. Jahrestagung der Gesellschaft für Informatik e.V. (GI), 16.9-20.9.2013, Koblenz. LNI, vol. 220, pp. 2072–2086 (2013). (in German)
53.
Stach, C.: How to deal with third party apps in a privacy system – the PMP Gatekeeper. In: Proceedings of the 2015 IEEE 16th International Conference on Mobile Data Management, MDM 2015, pp. 167–172 (2015)
54.
Stach, C.: Secure Candy Castle – a prototype for privacy-aware mHealth apps. In: Proceedings of the 2016 IEEE 17th International Conference on Mobile Data Management, MDM 2016, pp. 361–364 (2016)
55.
Stach, C.: Big brother is smart watching you: privacy concerns about health and fitness applications. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy, ICISSP 2018, pp. 13–23 (2018)
56.
Stach, C., et al.: PATRON – Datenschutz in Datenstromverarbeitungssystemen. In: Informatik 2017: Digitale Kulturen, Tagungsband der 47. Jahrestagung der Gesellschaft für Informatik e.V. (GI), 25.9-29.9.2017, Chemnitz. LNI, vol. 275, pp. 1085–1096 (2017). (in German)
57.
Stach, C., Dürr, F., Mindermann, K., Palanisamy, S.M., Wagner, S.: How a pattern-based privacy system contributes to improve context recognition. In: Proceedings of the 2018 IEEE International Conference on Pervasive Computing and Communications Workshops, CoMoRea 2018, pp. 238–243 (2018)
58.
Stach, C., Mitschang, B.: Privacy management for mobile platforms - a review of concepts and approaches. In: Proceedings of the 2013 IEEE 14th International Conference on Mobile Data Management, MDM 2013, pp. 305–313 (2013)
59.
Stach, C., Mitschang, B.: Design and implementation of the Privacy Management Platform. In: Proceedings of the 2014 IEEE 15th International Conference on Mobile Data Management, MDM 2014, pp. 69–72 (2014)
60.
Stach, C., Mitschang, B.: ACCESSORS: a data-centric permission model for the Internet of Things. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy, ICISSP 2018, pp. 30–40 (2018)
61.
Stach, C., Schlindwein, L.F.M.: Candy Castle – a prototype for pervasive health games. In: Proceedings of the 2012 IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom 2012, pp. 501–503 (2012)
62.
Stach, C., Steimle, F., Mitschang, B.: The Privacy Management Platform: an enabler for device interoperability and information security in mHealth applications. In: Proceedings of the 11th International Conference on Health Informatics, HEALTHINF 2018, pp. 27–38 (2018)
63.
64.
Steimle, F., Wieland, M., Mitschang, B., Wagner, S., Leymann, F.: Extended provisioning, security and analysis techniques for the ECHO health data management system. Computing 99(2), 183–201 (2017)MathSciNetCrossRef
65.
Wakabayashi, D.: Freed from the iPhone, the Apple watch finds a medical purpose. The New York Times 12(27), B1 (2017)
66.
Weiser, M.: The computer for the 21st century. Sci. Am. 265(3), 94–105 (1991)CrossRef
67.
Wijaya, R., Setijadi, A., Mengko, T.L., Mengko, R.K.L.: Heart rate data collecting using smart watch. In: Proceedings of the 2014 IEEE 4th International Conference on System Engineering and Technology, ICSET 2014, pp. 1–3 (2014)
68.
Xie, H., Gu, T., Tao, X., Lu, J.: A reliability-augmented particle filter for magnetic fingerprinting based indoor localization on Smartphone. IEEE Trans. Mob. Comput. 15(8), 1877–1892 (2016)CrossRef
69.
Xu, R., Saïdi, H., Anderson, R.: Aurasium: practical policy enforcement for Android applications. In: Proceedings of the 21st USENIX Security Symposium, pp. 539–552 (2012)
70.
Ye, H., Gu, T., Tao, X., Lu, J.: Scalable floor localization using barometer on Smartphone. Wirel. Commun. Mob. Comput. 16(16), 2557–2571 (2016)CrossRef
71.
Zhang, D., Wang, R., Lin, Z., Guo, D., Cao, X.: IacDroid: preventing inter-app communication capability leaks in Android. In: Proceedings of the 2016 IEEE Symposium on Computers and Communication, ISCC 2016, pp. 443–449 (2016)
Metadaten
Titel
Fine-Grained Privacy Control for Fitness and Health Applications Using the Privacy Management Platform
verfasst von
Christoph Stach
Copyright-Jahr
2019
Buch
Information Systems Security and Privacy

Print ISBN: 978-3-030-25108-6

Electronic ISBN: 978-3-030-25109-3

Copyright-Jahr: 2019

DOI
https://doi.org/10.1007/978-3-030-25109-3_1