Prepose: Privacy, Security, and Reliability for Gesture-Based Programming

With the rise of sensors such as the Microsoft Kinect, Leap Motion, and hand motion sensors in phones (i.e., Samsung Galaxy S6), gesture-based interfaces have become practical. Unfortunately, today, to recognize such gestures, applications must have access to depth and video of the user, exposing se...

Full description

Saved in:
Bibliographic Details
Main Authors: Figueiredo, Lucas Silva, Livshits, Benjamin, Molnar, David, Veanes, Margus
Format: Conference Proceeding
Language:English
Subjects:
augmented reality
domain-specific language
kinect
Privacy
Programming languages
Reliability
Run time (computers)
Runtime
Safety
Security
Sensors
Skeleton
Stores
Tablet computers
Therapy
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 137
container_issue
container_start_page 122
container_title
container_volume
creator Figueiredo, Lucas Silva
Livshits, Benjamin
Molnar, David
Veanes, Margus
description With the rise of sensors such as the Microsoft Kinect, Leap Motion, and hand motion sensors in phones (i.e., Samsung Galaxy S6), gesture-based interfaces have become practical. Unfortunately, today, to recognize such gestures, applications must have access to depth and video of the user, exposing sensitive data about the user and her environment. Besides these privacy concerns, there are also security threats in sensor-based applications, such as multiple applications registering the same gesture, leading to a conflict (akin to Clickjacking on the web). We address these security and privacy threats with Prepose, a novel domain-specific language (DSL) for easily building gesture recognizers, combined with a system architecture that protects privacy, security, and reliability with untrusted applications. We run Prepose code in a trusted core, and only return specific gesture events to applications. Prepose is specifically designed to enable precise and sound static analysis using SMT solvers, allowing the system to check security and reliability properties before running a gesture recognizer. We demonstrate that Prepose is expressive by creating gestures in three representative domains: physical therapy, tai-chi, and ballet. We further show that runtime gesture matching in Prepose is fast, creating no noticeable lag, as measured on traces from Microsoft Kinect runs. To show that gesture checking at the time of submission to a gesture store is fast, we developed a total of four Z3-based static analyses to test for basic gesture safety and internal validity, to make sure the so-called protected gestures are not overridden, and to check inter-gesture conflicts. Our static analysis scales well in practice: safety checking is under 0.5 seconds per gesture, average validity checking time is only 188ms, lastly, for 97% of the cases, the conflict detection time is below 5 seconds, with only one query taking longer than 15 seconds.
doi_str_mv 10.1109/SP.2016.16
format conference_proceeding
fullrecord <record><control><sourceid>proquest_CHZPO</sourceid><recordid>TN_cdi_proquest_miscellaneous_1835565114</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>7546499</ieee_id><sourcerecordid>1835565114</sourcerecordid><originalsourceid>FETCH-LOGICAL-i244t-84f33e40dc729a78737a64e651f05b0b870aa4cd7bf39e85007857179bd4d81f3</originalsourceid><addsrcrecordid>eNotjs1Lw0AUxFdBsK1evHrJ0YOp7-1HdtebFq2FgsXqOWySl7KSNHG3EfrfG6inGYbfDMPYDcIcEezDdjPngNkcszM2RQUWwHCJ52zChVYpctCXbBrjNwAHYeWErTaB-i7SY7IJ_teVx_tkS-UQ_GF0bl8lH9R4V_hmDJK6C8mS4mEIlD67SNVY6nbBta3f767YRe2aSNf_OmNfry-fi7d0_b5cLZ7WqedSHlIjayFIQlVqbp02WmiXScoU1qAKKIwG52RZ6aIWlowC0EZp1LaoZGWwFjN2d9rtQ_czjG_y1seSmsbtqRtijkYoNc6hHNHbE-qJKO-Db1045lrJTFor_gDKaFdb</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype><pqid>1835565114</pqid></control><display><type>conference_proceeding</type><title>Prepose: Privacy, Security, and Reliability for Gesture-Based Programming</title><source>IEEE Xplore All Conference Series</source><creator>Figueiredo, Lucas Silva ; Livshits, Benjamin ; Molnar, David ; Veanes, Margus</creator><creatorcontrib>Figueiredo, Lucas Silva ; Livshits, Benjamin ; Molnar, David ; Veanes, Margus</creatorcontrib><description>With the rise of sensors such as the Microsoft Kinect, Leap Motion, and hand motion sensors in phones (i.e., Samsung Galaxy S6), gesture-based interfaces have become practical. Unfortunately, today, to recognize such gestures, applications must have access to depth and video of the user, exposing sensitive data about the user and her environment. Besides these privacy concerns, there are also security threats in sensor-based applications, such as multiple applications registering the same gesture, leading to a conflict (akin to Clickjacking on the web). We address these security and privacy threats with Prepose, a novel domain-specific language (DSL) for easily building gesture recognizers, combined with a system architecture that protects privacy, security, and reliability with untrusted applications. We run Prepose code in a trusted core, and only return specific gesture events to applications. Prepose is specifically designed to enable precise and sound static analysis using SMT solvers, allowing the system to check security and reliability properties before running a gesture recognizer. We demonstrate that Prepose is expressive by creating gestures in three representative domains: physical therapy, tai-chi, and ballet. We further show that runtime gesture matching in Prepose is fast, creating no noticeable lag, as measured on traces from Microsoft Kinect runs. To show that gesture checking at the time of submission to a gesture store is fast, we developed a total of four Z3-based static analyses to test for basic gesture safety and internal validity, to make sure the so-called protected gestures are not overridden, and to check inter-gesture conflicts. Our static analysis scales well in practice: safety checking is under 0.5 seconds per gesture, average validity checking time is only 188ms, lastly, for 97% of the cases, the conflict detection time is below 5 seconds, with only one query taking longer than 15 seconds.</description><identifier>EISSN: 2375-1207</identifier><identifier>EISBN: 1509008241</identifier><identifier>EISBN: 9781509008247</identifier><identifier>DOI: 10.1109/SP.2016.16</identifier><identifier>CODEN: IEEPAD</identifier><language>eng</language><publisher>IEEE</publisher><subject>augmented reality ; domain-specific language ; kinect ; Privacy ; Programming languages ; Reliability ; Run time (computers) ; Runtime ; Safety ; Security ; Sensors ; Skeleton ; Stores ; Tablet computers ; Therapy</subject><ispartof>2016 IEEE Symposium on Security and Privacy (SP), 2016, p.122-137</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/7546499$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,314,780,784,789,790,23930,23931,25140,27924,27925,54555,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/7546499$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Figueiredo, Lucas Silva</creatorcontrib><creatorcontrib>Livshits, Benjamin</creatorcontrib><creatorcontrib>Molnar, David</creatorcontrib><creatorcontrib>Veanes, Margus</creatorcontrib><title>Prepose: Privacy, Security, and Reliability for Gesture-Based Programming</title><title>2016 IEEE Symposium on Security and Privacy (SP)</title><addtitle>SP</addtitle><description>With the rise of sensors such as the Microsoft Kinect, Leap Motion, and hand motion sensors in phones (i.e., Samsung Galaxy S6), gesture-based interfaces have become practical. Unfortunately, today, to recognize such gestures, applications must have access to depth and video of the user, exposing sensitive data about the user and her environment. Besides these privacy concerns, there are also security threats in sensor-based applications, such as multiple applications registering the same gesture, leading to a conflict (akin to Clickjacking on the web). We address these security and privacy threats with Prepose, a novel domain-specific language (DSL) for easily building gesture recognizers, combined with a system architecture that protects privacy, security, and reliability with untrusted applications. We run Prepose code in a trusted core, and only return specific gesture events to applications. Prepose is specifically designed to enable precise and sound static analysis using SMT solvers, allowing the system to check security and reliability properties before running a gesture recognizer. We demonstrate that Prepose is expressive by creating gestures in three representative domains: physical therapy, tai-chi, and ballet. We further show that runtime gesture matching in Prepose is fast, creating no noticeable lag, as measured on traces from Microsoft Kinect runs. To show that gesture checking at the time of submission to a gesture store is fast, we developed a total of four Z3-based static analyses to test for basic gesture safety and internal validity, to make sure the so-called protected gestures are not overridden, and to check inter-gesture conflicts. Our static analysis scales well in practice: safety checking is under 0.5 seconds per gesture, average validity checking time is only 188ms, lastly, for 97% of the cases, the conflict detection time is below 5 seconds, with only one query taking longer than 15 seconds.</description><subject>augmented reality</subject><subject>domain-specific language</subject><subject>kinect</subject><subject>Privacy</subject><subject>Programming languages</subject><subject>Reliability</subject><subject>Run time (computers)</subject><subject>Runtime</subject><subject>Safety</subject><subject>Security</subject><subject>Sensors</subject><subject>Skeleton</subject><subject>Stores</subject><subject>Tablet computers</subject><subject>Therapy</subject><issn>2375-1207</issn><isbn>1509008241</isbn><isbn>9781509008247</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2016</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotjs1Lw0AUxFdBsK1evHrJ0YOp7-1HdtebFq2FgsXqOWySl7KSNHG3EfrfG6inGYbfDMPYDcIcEezDdjPngNkcszM2RQUWwHCJ52zChVYpctCXbBrjNwAHYeWErTaB-i7SY7IJ_teVx_tkS-UQ_GF0bl8lH9R4V_hmDJK6C8mS4mEIlD67SNVY6nbBta3f767YRe2aSNf_OmNfry-fi7d0_b5cLZ7WqedSHlIjayFIQlVqbp02WmiXScoU1qAKKIwG52RZ6aIWlowC0EZp1LaoZGWwFjN2d9rtQ_czjG_y1seSmsbtqRtijkYoNc6hHNHbE-qJKO-Db1045lrJTFor_gDKaFdb</recordid><startdate>20160501</startdate><enddate>20160501</enddate><creator>Figueiredo, Lucas Silva</creator><creator>Livshits, Benjamin</creator><creator>Molnar, David</creator><creator>Veanes, Margus</creator><general>IEEE</general><scope>6IE</scope><scope>6IH</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIO</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20160501</creationdate><title>Prepose: Privacy, Security, and Reliability for Gesture-Based Programming</title><author>Figueiredo, Lucas Silva ; Livshits, Benjamin ; Molnar, David ; Veanes, Margus</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i244t-84f33e40dc729a78737a64e651f05b0b870aa4cd7bf39e85007857179bd4d81f3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2016</creationdate><topic>augmented reality</topic><topic>domain-specific language</topic><topic>kinect</topic><topic>Privacy</topic><topic>Programming languages</topic><topic>Reliability</topic><topic>Run time (computers)</topic><topic>Runtime</topic><topic>Safety</topic><topic>Security</topic><topic>Sensors</topic><topic>Skeleton</topic><topic>Stores</topic><topic>Tablet computers</topic><topic>Therapy</topic><toplevel>online_resources</toplevel><creatorcontrib>Figueiredo, Lucas Silva</creatorcontrib><creatorcontrib>Livshits, Benjamin</creatorcontrib><creatorcontrib>Molnar, David</creatorcontrib><creatorcontrib>Veanes, Margus</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan (POP) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Xplore</collection><collection>IEEE Proceedings Order Plans (POP) 1998-present</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Figueiredo, Lucas Silva</au><au>Livshits, Benjamin</au><au>Molnar, David</au><au>Veanes, Margus</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Prepose: Privacy, Security, and Reliability for Gesture-Based Programming</atitle><btitle>2016 IEEE Symposium on Security and Privacy (SP)</btitle><stitle>SP</stitle><date>2016-05-01</date><risdate>2016</risdate><spage>122</spage><epage>137</epage><pages>122-137</pages><eissn>2375-1207</eissn><eisbn>1509008241</eisbn><eisbn>9781509008247</eisbn><coden>IEEPAD</coden><abstract>With the rise of sensors such as the Microsoft Kinect, Leap Motion, and hand motion sensors in phones (i.e., Samsung Galaxy S6), gesture-based interfaces have become practical. Unfortunately, today, to recognize such gestures, applications must have access to depth and video of the user, exposing sensitive data about the user and her environment. Besides these privacy concerns, there are also security threats in sensor-based applications, such as multiple applications registering the same gesture, leading to a conflict (akin to Clickjacking on the web). We address these security and privacy threats with Prepose, a novel domain-specific language (DSL) for easily building gesture recognizers, combined with a system architecture that protects privacy, security, and reliability with untrusted applications. We run Prepose code in a trusted core, and only return specific gesture events to applications. Prepose is specifically designed to enable precise and sound static analysis using SMT solvers, allowing the system to check security and reliability properties before running a gesture recognizer. We demonstrate that Prepose is expressive by creating gestures in three representative domains: physical therapy, tai-chi, and ballet. We further show that runtime gesture matching in Prepose is fast, creating no noticeable lag, as measured on traces from Microsoft Kinect runs. To show that gesture checking at the time of submission to a gesture store is fast, we developed a total of four Z3-based static analyses to test for basic gesture safety and internal validity, to make sure the so-called protected gestures are not overridden, and to check inter-gesture conflicts. Our static analysis scales well in practice: safety checking is under 0.5 seconds per gesture, average validity checking time is only 188ms, lastly, for 97% of the cases, the conflict detection time is below 5 seconds, with only one query taking longer than 15 seconds.</abstract><pub>IEEE</pub><doi>10.1109/SP.2016.16</doi><tpages>16</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier EISSN: 2375-1207
ispartof 2016 IEEE Symposium on Security and Privacy (SP), 2016, p.122-137
issn 2375-1207
language eng
recordid cdi_proquest_miscellaneous_1835565114
source IEEE Xplore All Conference Series
subjects augmented reality
domain-specific language
kinect
Privacy
Programming languages
Reliability
Run time (computers)
Runtime
Safety
Security
Sensors
Skeleton
Stores
Tablet computers
Therapy
title Prepose: Privacy, Security, and Reliability for Gesture-Based Programming
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-27T06%3A44%3A08IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Prepose:%20Privacy,%20Security,%20and%20Reliability%20for%20Gesture-Based%20Programming&rft.btitle=2016%20IEEE%20Symposium%20on%20Security%20and%20Privacy%20(SP)&rft.au=Figueiredo,%20Lucas%20Silva&rft.date=2016-05-01&rft.spage=122&rft.epage=137&rft.pages=122-137&rft.eissn=2375-1207&rft.coden=IEEPAD&rft_id=info:doi/10.1109/SP.2016.16&rft.eisbn=1509008241&rft.eisbn_list=9781509008247&rft_dat=%3Cproquest_CHZPO%3E1835565114%3C/proquest_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i244t-84f33e40dc729a78737a64e651f05b0b870aa4cd7bf39e85007857179bd4d81f3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1835565114&rft_id=info:pmid/&rft_ieee_id=7546499&rfr_iscdi=true