Sensitive and Personal Data: What Exactly Are You Talking About?

Kober, Maria; Samhi, Jordan; Arzt, Steven; Bissyande, Tegawendé François D Assise; Klein, Jacques

Reference : Sensitive and Personal Data: What Exactly Are You Talking About?


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/54761

Title :	Sensitive and Personal Data: What Exactly Are You Talking About?
Language :	English
Author, co-author :	Kober, Maria []
	Samhi, Jordan [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
	Arzt, Steven []
	Bissyande, Tegawendé François D Assise [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
	Klein, Jacques [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Publication date :	May-2023
Main document title :	10th International Conference on Mobile Software Engineering and Systems 2023
Peer reviewed :	Yes
On invitation :	No
Audience :	International
Event name :	10th International Conference on Mobile Software Engineering and Systems 2023
Event date :	From 15/05/2023 to 16/05/2023
Event place (city) :	Melbourne
Event country :	Australia
Keywords :	[en] Sensitive data ; Android
Abstract :	[en] Mobile devices are pervasively used for a variety of tasks, including the processing of sensitive data in mobile apps. While in most cases access to this data is legitimate, malware often targets sensitive data and even benign apps collect more data than necessary for their task. Therefore, researchers have proposed several frameworks to detect and track the use of sensitive data in apps, so as to disclose and prevent unauthorized access and data leakage. Unfortunately, a review of the literature reveals a lack of consensus on what sensitive data is in the context of technical frameworks like Android. Authors either provide an intuitive definition or an ad-hoc definition, derive their definition from the Android permission model, or rely on previous research papers which do or do not give a definition of sensitive data. In this paper, we provide an overview of existing definitions of sensitive data in literature and legal frameworks. We further provide a sound definition of sensitive data derived from the definition of personal data of several legal frameworks. To help the scientific community further advance in this field, we publicly provide a list of sensitive sources from the Android framework, thus starting a community project leading to a complete list of sensitive API methods across different frameworks and programming languages.
Research centres :	Interdisciplinary Centre for Security, Reliability and Trust (SnT) > TruX - Trustworthy Software Engineering
Funders :	Fonds National de la Recherche - FnR
Target :	Researchers
Permalink :	http://hdl.handle.net/10993/54761
FnR project :	FnR ; FNR14596679 > Jordan Samhi > DIANA > Dissecting Android Applications Using Static Analysis > 01/03/2020 > 31/10/2023 > 2020

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	sensitive_data.pdf		Author preprint	158.07 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices