A Hypervisor-Based Privacy Agent for Mobile and IoT Systems

We present a design for a mobile and IoT data privacy agent that lives in software on end devices. Our privacy agent learns and enforces a user's privacy policy across all devices that he manages. Implemented as a hypervisor onboard the end device, our privacy agent sits between the device's hardware and its application software. It can inspect, modify, block, and inject I/O traffic between the device's main CPU and its peripherals. The key advantage of our architecture is that, unlike network middleboxes, the hypervisor can track all I/O transactions in unencrypted form. This makes our privacy agent potentially much more effective than those that only monitor network traffic because it can track and modify plaintext data. Our privacy agent also gives users the ability to impose a uniform privacy policy across all devices that they manage, which minimizes the burden and possibility of error that arise when setting privacy policy on individual devices. Since the notion of per-user (as opposed to per-app) privacy policy is relatively new, there has not been much opportunity for researchers to think about how to define and implement policy on that scale. We propose a method for learning a user's privacy policy one time and automatically implementing it in a context-aware fashion on multiple devices.