Ph. D. Defense

Practical Fine-grained Access Control for Mobile Camera

Speaker:Animesh Srivastava
animeshs at
Date: Wednesday, October 25, 2017
Time: 11:30am - 1:30pm
Location: North 311, Duke


Cameras are pervasive and multiplying. A device’s camera allows users to capture and share important moments, and programmatic camera access provides apps with a rich interface for digitizing information about the physical world. At the same time, cameras create new privacy challenges for mobile operating systems. Apps can often access both essential (e.g., a QR code) and inessential (e.g., text) data within the same camera view. This co-mingling of essential and inessential data could leak information to apps that a user prefers to keep secret. Unfortunately, users have no insights into how the images captured by the apps are being used. Given the sensitivity of the data captured by the camera apps, it is important that the mobile operating system provides mechanisms to prevent apps from inadvertent visual leaks.

Existing mobile platforms provide only coarse-grained access controls for the camera (i.e., an app can access all of a camera's view or none of it), whereas, a finer-grained access control is needed to protect against visual leaks. Designing fine-grained access control for cameras in the mobile operating system is not a trivial task and opportunities need to be identified to handle different apps designed for different use cases.

In this dissertation, we first highlight the visual privacy risks to the users of camera apps and the bystanders. Then, we show that the recent proposed solutions are either inadequate for mitigating these risks or not suitable for real-time apps. The key insight of this dissertation is that if we can infer the least amount of visual information a camera app needs to function then we can design practical fine-grained access control for the camera app. To demonstrate the efficacy of our ideas, we design and implement two frameworks, CamForensics and PrivateEye.

CamForensics is designed to detect if an app performs image manipulation which is not expected by the user of the app. Specifically, CamForensics monitors if a known image processing is applied to the incoming camera data. CamForensics performs dynamic binary instrumentation to track the sequence of functions from an image processing library applied on a camera data. Later it matches the obtained function call sequences with prerecorded signatures of all the known image processing. This information can be reported to the user and she can make an informed decision about the usage of the app.

PrivateEye is a privacy-marker system that helps users mark visually non-sensitive two-dimensional regions in a camera's view and deliver only content within the marked regions to the apps. PrivateEye is designed as an efficient computer vision pipeline which is integrated with the trusted camera service to handle the camera data. We extend PrivateEye and design ePrivateEye where we offload the computation-intensive task to a local server and achieve high scalability and real-time performance.

This dissertation shows that it is possible to design efficient and scalable visual privacy mechanisms to provide better control over the information captured by the apps.

Advisor(s): Landon Cox
Committee: Alvin Lebeck, Bruce Maggs, Benjamin Lee