Viola: Trustworthy Sensor Notifications for Enhanced Privacy on Mobile Systems

Abstract

Modern mobile systems such as smartphones, tablets, and wearables contain a plethora of sensors such as camera, microphone, GPS, and accelerometer. These sensors can capture extremely sensitive and private information about the user including daily conversations, photos, videos, and visited locations, raising important privacy concerns. To address these concerns, we present Viola , our design and implementation of trustworthy sensor notifications , which use indicators such as LED to inform the user unconditionally when the sensors are on. We deploy Viola’s runtime monitor in low-level system software, e.g., in the operating system kernel or in the hypervisor . Moreover, we use formal verification methods to prove the functional correctness of the compilation of our invariant checks from a high-level language. We demonstrate that Viola incurs almost no overhead to the sensor’s performance and incurs only small power consumption overhead. Compared to our previous paper on Viola [1] , we present three important enhancements. First, we design, implement, and evaluate two-way sensor notifications , which guarantee that a sensor notification can be triggered if and only if the corresponding sensor is used. Second, we identify and add protection against concurrency attacks in Viola. Third, we implement Viola for an additional sensor and indicator combination.