Technical Report No. 159 - Abstract

Heiko Mantel, Axel Schairer, Matthias Kabatnik, Michael Kreutzer, Alf Zugenmaier
Using Information Flow Control to Evaluate Access Protection of Location Information in Mobile Communication Networks
This report is not available in electronic form!

The increasing functionality provided by mobile devices entails that a considerable amount of sensitive data is stored on them. The possibility to reprogram these devices leads to new security threats like, e.g.~Trojan horses or computer viruses, which make the problem of how to guarantee security of this data more important and also more difficult. Protecting privacy of location information in mobile phones is the task on which we focus in this article. It is well known that access control and communication filters provide adequate mechanisms to ensure privacy technically. However, for formalizing security objectives in our setting, i.e.~protecting privacy of location information, we argue that information flow control is a more adequate approach. To this end, we use an example to illustrate how security properties which are motivated by standard access control techniques may fail to detect certain insecurities and demonstrate that this problem can be avoided when information flow control is applied.