当前位置:
X-MOL 学术
›
arXiv.cs.SE
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Vetting Security and Privacy of Global COVID-19 Contact Tracing Applications
arXiv - CS - Software Engineering Pub Date : 2020-06-19 , DOI: arxiv-2006.10933 Ruoxi Sun, Wei Wang, Minhui Xue, Gareth Tyson, Seyit Camtepe, Damith Ranasinghe
arXiv - CS - Software Engineering Pub Date : 2020-06-19 , DOI: arxiv-2006.10933 Ruoxi Sun, Wei Wang, Minhui Xue, Gareth Tyson, Seyit Camtepe, Damith Ranasinghe
The rapid spread of COVID-19 has made traditional manual contact tracing to
identify potential persons in close physical proximity to an known infected
person challenging. Hence, a number of public health authorities have
experimented with automated contact tracing apps. While the global deployment
of contact tracing apps aims to protect the health of citizens, these apps have
raised security and privacy concerns. In this paper, we assess the security and
privacy of 34 exemplar contact tracing apps using three methodologies: (i)
evaluate the design paradigms and the privacy protections provided; (ii) static
analysis to discover potential vulnerabilities and data flows to identify
potential leaks of private data; and (iii) evaluate the robustness of privacy
protection approaches. Based on the results, we propose a venue-access-based
contact tracing solution, VenueTrace, which preserves user privacy while
enabling proximity contact tracing. We hope that our systematic assessment
results and concrete recommendations can contribute to the development and
deployment of applications against COVID-19 and help governments and
application development industry build secure and privacy-preserving contract
tracing applications.
中文翻译:
审查全球 COVID-19 联系人追踪应用程序的安全性和隐私
COVID-19 的快速传播使得传统的手动接触者追踪来识别与已知感染者有密切身体接触的潜在人员具有挑战性。因此,许多公共卫生当局已经试验了自动接触者追踪应用程序。虽然接触者追踪应用程序的全球部署旨在保护公民的健康,但这些应用程序引发了安全和隐私问题。在本文中,我们使用三种方法评估了 34 个示例联系人跟踪应用程序的安全性和隐私:(i)评估设计范式和提供的隐私保护;(ii) 静态分析以发现潜在漏洞和数据流,以识别私人数据的潜在泄漏;(iii) 评估隐私保护方法的稳健性。根据结果,我们提出了一种基于场所访问的联系人跟踪解决方案 VenueTrace,它可以在启用近距离接触跟踪的同时保护用户隐私。我们希望我们系统的评估结果和具体的建议能够为针对 COVID-19 的应用程序的开发和部署做出贡献,并帮助政府和应用程序开发行业构建安全和隐私保护的合同追踪应用程序。
更新日期:2020-07-23
中文翻译:
审查全球 COVID-19 联系人追踪应用程序的安全性和隐私
COVID-19 的快速传播使得传统的手动接触者追踪来识别与已知感染者有密切身体接触的潜在人员具有挑战性。因此,许多公共卫生当局已经试验了自动接触者追踪应用程序。虽然接触者追踪应用程序的全球部署旨在保护公民的健康,但这些应用程序引发了安全和隐私问题。在本文中,我们使用三种方法评估了 34 个示例联系人跟踪应用程序的安全性和隐私:(i)评估设计范式和提供的隐私保护;(ii) 静态分析以发现潜在漏洞和数据流,以识别私人数据的潜在泄漏;(iii) 评估隐私保护方法的稳健性。根据结果,我们提出了一种基于场所访问的联系人跟踪解决方案 VenueTrace,它可以在启用近距离接触跟踪的同时保护用户隐私。我们希望我们系统的评估结果和具体的建议能够为针对 COVID-19 的应用程序的开发和部署做出贡献,并帮助政府和应用程序开发行业构建安全和隐私保护的合同追踪应用程序。