Vetting Security and Privacy of Global COVID-19 Contact Tracing Applications
作者: Seyit Camtepe , Gareth Tyson , Damith Ranasinghe , Minhui Xue , Wei Wang
DOI:
关键词:
摘要: The rapid spread of COVID-19 has made traditional manual contact tracing to identify potential persons in close physical proximity an known infected person challenging. Hence, a number public health authorities have experimented with automated apps. While the global deployment apps aims protect citizens, these raised security and privacy concerns. In this paper, we assess 34 exemplar using three methodologies: (i) evaluate design paradigms protections provided; (ii) static analysis discover vulnerabilities data flows leaks private data; (iii) robustness protection approaches. Based on results, propose venue-access-based solution, VenueTrace, which preserves user while enabling tracing. We hope that our systematic assessment results concrete recommendations can contribute development applications against help governments application industry build secure privacy-preserving contract applications.
arxiv.org
harvard.edu参考文章(23)
Tzipora Halevi, Di Ma, Nitesh Saxena, Tuo Xiang, Secure Proximity Detection for NFC Devices Based on Ambient Sensor Data Computer Security – ESORICS 2012. pp. 379- 396 ,(2012) , 10.1007/978-3-642-33167-1_22
Iasonas Polakis, George Argyros, Theofilos Petsios, Suphannee Sivakorn, Angelos D Keromytis, None, Where's Wally?: Precise User Discovery Attacks in Location Proximity Services computer and communications security. pp. 817- 828 ,(2015) , 10.1145/2810103.2813605
Siegfried Rasthofer, Steven Arzt, Eric Bodden, A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23039
Hang Zhang, Dongdong She, Zhiyun Qian, Android Root and its Providers: A Double-Edged Sword computer and communications security. pp. 1093- 1104 ,(2015) , 10.1145/2810103.2813714
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, Patrick McDaniel, FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps programming language design and implementation. ,vol. 49, pp. 259- 269 ,(2014) , 10.1145/2594291.2594299
Minhui Xue, Yong Liu, Keith W. Ross, Haifeng Qian, Thwarting location privacy protection in location-based social discovery services Security and Communication Networks. ,vol. 9, pp. 1496- 1508 ,(2016) , 10.1002/SEC.1438
Yilin Shen, Fengjiao Wang, Hongxia Jin, Defending against user identity linkage attack across multiple online social networks Proceedings of the 23rd International Conference on World Wide Web - WWW '14 Companion. pp. 375- 376 ,(2014) , 10.1145/2567948.2577208
Gang Wang, Bolun Wang, Tianyi Wang, Ana Nika, Haitao Zheng, Ben Y. Zhao, Poster: Defending against Sybil Devices in Crowdsourced Mapping Services international conference on mobile systems, applications, and services. pp. 179- 191 ,(2016) , 10.1145/2906388.2906420
Minhui Xue, Cameron Ballard, Kelvin Liu, Carson Nemelka, Yanqiu Wu, Keith Ross, Haifeng Qian, You Can Yak but You Can't Hide: Localizing Anonymous Social Network Users internet measurement conference. pp. 25- 31 ,(2016) , 10.1145/2987443.2987449
Mark Clow, Visual Studio Code Angular 5 Projects. pp. 57- 68 ,(2018) , 10.1007/978-1-4842-3279-8_5