The Privacy Backplane Project
exploring a legal-technical framework for individualized privacy policies in IoT environments
About#
Ubiquitous sensing in human spaces is rapidly becoming a fact of life. Large collections of IoT devices feed a vast sensing infrastructure that records and analyzes personal and private information. Maintaining privacy in the future without hamstringing the utility of IoT-derived data is a key practical and research challenge. In contrast to one-size-fits-all legal privacy frameworks like GDPR and CCPA, we envision a new legal-technical framework called the Privacy Backplane that enables individuals to specify and control the policies governing how information gathered about them is accessed, used, and stored. The legal framework mandates that IoT environments negotiate clear policies with individuals about how data collected by IoT devices about them can be used, and then enforces those policies. The technical framework implements such negotiation and enforcement, and certifies that the policies are followed. In effect, this can be viewed as the inverse of classic DRM: individuals are the content producers, and have knowledge of and control over the policies applied to their information.
Publications#
Z. Lin, Z. Yu, Z. Guo, S. Campanoni, P. Dinda, X. Xing, CAMP: Compiler and Allocator-based Heap Memory Protection, Proceedings of the 33rd USENIX Security Symposium (USENIX Security 2024), August, 2024, to appear. [paper]
T. Filipiuk, N. Wanninger, N. Dhiantravan, C. Surmeier, A. Bernat, P. Dinda, CARAT KOP: Towards Protecting the Core HPC Kernel from Linux Kernel Modules, Proceedings of the 13th International Workshop on Runtime and Operating Systems for Supercomputers (ROSS 2023), November, 2023. [paper]
J. Lange, P. Dinda, R. Dick, F. Doku, E. Fabian, N. Gordon, P.i Liu, M. Polinski, M. Suresh, C. Surmeier, N. Wanninger, A Case for a User-centered Distributed Privacy Backplane for the Internet of Things, Northwestern University Technical Report NU-CS-2023-09. [paper, poster]
Pratik Musale, Adam Lee, Trust TEE?: Exploring the Impact of Trusted Execution Environments on Smart Home Privacy Norms, Proceedings of the 23rd Privacy Enhancing Technologies Symposium, July, 2023. [paper]
P. Liu, H. Chen, Z. Mo, P. Dinda, Benchmarking the Overhead of Running Neural Networks in OP-TEE, Northwestern University Technical Report NU-CS-2023-05. [paper]
Team#
Faculty#
- Jack Lange (University of Pittsburgh)
- Peter Dinda (Northwestern University)
- Robert Dick (University of Michigan)
Graduate Students#
- Nick Gordon (Ph.D. Student, University of Pittsburgh)
- Michael Polinski (Ph.D. Student, Northwestern University)
- Madhav Suresh (Ph.D. Student, Northwestern University)
- Nick Wanninger (Ph.D. Student, Northwestern University)
Undergraduates#
- Friedrich Doku (University of Pittsburgh)
- Elena Fabian (Northwestern University)
- Peizhi Liu (Northwestern University)
- Carson Surmeier (Northwestern University)
- Kris Yun (Northwestern University)
Sponsors#
- National Science Foundation via awards CNS-2211507, CNS-2211508, and CNS-2211509.