Periodic Reporting for period 1 - SPUCS (Software architectures for Secure, Private, User-Controlled Smart devices)
Periodo di rendicontazione: 2024-02-01 al 2026-01-31
This project developed new tools to give European citizens greater transparency and control over their smartphones and other smart devices.
European citizens rely on billions of smart electronic devices in their daily lives, from smartphones to smart watches, for communication, work, health, and access to public services. These devices are composed of hardware and software components supplied by a small number of foreign (non-EU) vendors who compete for control over the devices and their ecosystems. This concentration of control leads to a number of problems, including vendor lock-in, unauthorized access to user data, and even mass surveillance. As digital services become increasingly central to civic participation and economic activity in Europe, users have decreasing control over their devices and the software they use, creating security and privacy risks that affect virtually all EU citizens. This situation stands in tension with the EU's strategic objective of digital sovereignty and with the fundamental rights to privacy and data protection.
It is therefore imperative that we devise technical solutions that will allow end-users to gain greater transparency and control over their devices. Such solutions are a prerequisite for building trustworthy digital infrastructure in Europe and for ensuring that citizens can participate in the digital economy on their own terms.
The overall goal of the project is to contribute novel architectures, concepts and methods that are practical and easy to adopt, and that will enable users to have more control over their devices and to enjoy greater privacy protection.
European citizens rely on billions of smart electronic devices in their daily lives, from smartphones to smart watches, for communication, work, health, and access to public services. These devices are composed of hardware and software components supplied by a small number of foreign (non-EU) vendors who compete for control over the devices and their ecosystems. This concentration of control leads to a number of problems, including vendor lock-in, unauthorized access to user data, and even mass surveillance. As digital services become increasingly central to civic participation and economic activity in Europe, users have decreasing control over their devices and the software they use, creating security and privacy risks that affect virtually all EU citizens. This situation stands in tension with the EU's strategic objective of digital sovereignty and with the fundamental rights to privacy and data protection.
It is therefore imperative that we devise technical solutions that will allow end-users to gain greater transparency and control over their devices. Such solutions are a prerequisite for building trustworthy digital infrastructure in Europe and for ensuring that citizens can participate in the digital economy on their own terms.
The overall goal of the project is to contribute novel architectures, concepts and methods that are practical and easy to adopt, and that will enable users to have more control over their devices and to enjoy greater privacy protection.
To achieve the overall goal of the project, we performed research on two complementary axes:
(a) Behavior analysis of smart devices: We introduced a novel architecture and method for capturing and reconstructing high-level behaviors (e.g. track location, take photograph) of application and system components based on information tracked by the sperating system kernel of Android-based smart devices. As the method works at the kernel level, it is transparent to the application and non-kernel system components of modern mobile devices, while being easily deployable to a wide range of existing hardware. The method can be used to gain visibility into and control over operations on smart devices. We applied this method to analyze privacy characteristics of popular messaging applications.
(b) Addressing security and privacy risks from emerging technologies: First, to support the transition to privacy-preserving solutions for identity systems on mobile devices, we introduced a benchmarking framework to measure the performance and communication overhead of state-of-the-art privacy primitives on resource-constrained smart devices. Second, to ensure the protection of users amid the accelerating proliferation of AI in multiple stages of software development, we performed an empirical study to showcase the limitations of AI-based code review, its susceptibility to supply-chain attacks, and associated countermeasures.
Overall, the project produced three scientific publications with two more expected as dissemination activities continue beyond the end of the project.
(a) Behavior analysis of smart devices: We introduced a novel architecture and method for capturing and reconstructing high-level behaviors (e.g. track location, take photograph) of application and system components based on information tracked by the sperating system kernel of Android-based smart devices. As the method works at the kernel level, it is transparent to the application and non-kernel system components of modern mobile devices, while being easily deployable to a wide range of existing hardware. The method can be used to gain visibility into and control over operations on smart devices. We applied this method to analyze privacy characteristics of popular messaging applications.
(b) Addressing security and privacy risks from emerging technologies: First, to support the transition to privacy-preserving solutions for identity systems on mobile devices, we introduced a benchmarking framework to measure the performance and communication overhead of state-of-the-art privacy primitives on resource-constrained smart devices. Second, to ensure the protection of users amid the accelerating proliferation of AI in multiple stages of software development, we performed an empirical study to showcase the limitations of AI-based code review, its susceptibility to supply-chain attacks, and associated countermeasures.
Overall, the project produced three scientific publications with two more expected as dissemination activities continue beyond the end of the project.
Together, the work performed led to a number of research results which strengthen user control and improve the security and privacy of users and their self-determination. An overview of the key results follows:
1. We introduced the first kernel-only method for reconstructing application behaviors on Android-based smart devices. The method, called SliceDroid, is based on collecting kernel traces using modern features offered by the Linux kernel underlying the Android OS, and then employing event slicing to piece together relevant information. The method can be used to offer transparency to end-users on their personal devices. Preliminary results on employing even more advanced kernel features (eBPF) suggest further potential for the method.
2. Using SliceDroid, we performed a hybrid (static/dynamic) analysis of the behavior of popular instant messaging applications for the Android OS, focusing on their security and privacy characteristics. With this study, we showed the practical utility of our method. These results can inform regulators and consumer protection bodies assessing the privacy practices of widely-used communication platforms.
3. We designed and implemented a benchmarking framework to assess the adoption potential of privacy-preserving unlinkable credentials for the EU Digital Identity Wallet, especially for mobile devices. We found that even resource-constrained devices, such as smart watches can be used for identity verification, given an efficient implementation of the underlying zero-knowledge proof scheme. Our framework can be used to guide policy discussions and inform the technical specifications for the EU Digital Identity Wallet.
4.Together with collaborators from the University of Athens, we were the first to study the susceptibility of the emerging practice of AI-powered code-review to supply-chain attacks via exploiting the inherent confirmation bias in state-of-the-art LLM-powered AI systems. We found that these systems are susceptible to adversarial inputs in pull request metadata and proposed measures to mitigate this threat. Most importantly, these systems are not mature enough yet and human review of all code changes should be a mandatory requirement, especially for security-relevant software. Further research is needed to develop robust defenses against adversarial inputs in AI-assisted development tools, and we recommend that standardization bodies consider guidelines for the use of AI in security-critical software review processes.
1. We introduced the first kernel-only method for reconstructing application behaviors on Android-based smart devices. The method, called SliceDroid, is based on collecting kernel traces using modern features offered by the Linux kernel underlying the Android OS, and then employing event slicing to piece together relevant information. The method can be used to offer transparency to end-users on their personal devices. Preliminary results on employing even more advanced kernel features (eBPF) suggest further potential for the method.
2. Using SliceDroid, we performed a hybrid (static/dynamic) analysis of the behavior of popular instant messaging applications for the Android OS, focusing on their security and privacy characteristics. With this study, we showed the practical utility of our method. These results can inform regulators and consumer protection bodies assessing the privacy practices of widely-used communication platforms.
3. We designed and implemented a benchmarking framework to assess the adoption potential of privacy-preserving unlinkable credentials for the EU Digital Identity Wallet, especially for mobile devices. We found that even resource-constrained devices, such as smart watches can be used for identity verification, given an efficient implementation of the underlying zero-knowledge proof scheme. Our framework can be used to guide policy discussions and inform the technical specifications for the EU Digital Identity Wallet.
4.Together with collaborators from the University of Athens, we were the first to study the susceptibility of the emerging practice of AI-powered code-review to supply-chain attacks via exploiting the inherent confirmation bias in state-of-the-art LLM-powered AI systems. We found that these systems are susceptible to adversarial inputs in pull request metadata and proposed measures to mitigate this threat. Most importantly, these systems are not mature enough yet and human review of all code changes should be a mandatory requirement, especially for security-relevant software. Further research is needed to develop robust defenses against adversarial inputs in AI-assisted development tools, and we recommend that standardization bodies consider guidelines for the use of AI in security-critical software review processes.