ENCOPIA - ENabling COnnected PrIvacy Assurance
Core Concept and Innovation
Today’s IoT devices collect huge amounts of data and share them with cloud services. In turn, Big Data analytics are used to analyze this data to provide new services such as predictive maintenance, more efficient routing and targeted advertisement. As the world becomes pervasively sentient with sensors placed in all kinds of daily devices, opting out is no longer possible. Devices like autonomous cars, smart screens and smart glasses will record personal information of all passersby, resulting in a conflict between individual privacy rights and the interest of making the benefits of big data analytics available to society as a whole.
To ensure both goals are achievable, great care in the design and development of the complete IoT system from the device to the cloud service is necessary. This project aims at automating the verification of privacy goals of IoT services, from sensor devices all the way into the cloud services — during development and after deployment.
Scientific and Technological Goals
We propose to use binary analysis methods to make privacy goals testable in an automated fashion for the complete life cycle of sensitive information. Tools developed in this project will ensure that sensitive data can be tracked through programs and services by analyzing the software used and tracking data flows within them. Automated privacy analysis tools do not exist today. Yet binary analysis has made great strides in the last years. With a combination of binary-level function detection and information flow tracking, data can be traced through applications along its life cycle, tracking its usage and detecting potential privacy breaches when they occur. By combining state-of-the-art binary analysis with dynamic data flow tracking in the cloud through JIT compiler instrumentation, we achieve an end-to-end privacy tracking of sensitive data.
The wide availability and sharing of vast amounts of data is necessary to drive digital innovation and leverage the powerful tools of big data and machine learning for the future knowledge society. The proposed tools will enable developers, third-party providers and users to ensure that data is used as intended and that protective mechanisms such as pseudonymization, encryption or differential privacy are applied. The researched methods can also be applied in certification schemes, which are currently under development under the European Cybersecurity Act.