Final Report Abstract

The dramatic rise of the Internet to the single most important medium on a global scale has been accompanied by dramatic changes in how it is used. When the CRC 1223 started, we observed that, on the one hand, billions of users rely on the Internet for their daily information, communication, business, education, and entertainment. On the other hand, despite the wide circulation of online data, despite how easy it was to access it and yet how difficult it was to permanently erase it, the online privacy of end users was a largely unsolved problem. In a wide array of disciplines, ranging from image analysis to network security, the CRC 1223 established missing scientific foundations for the understanding of privacy and for the establishment of privacy-preserving measures. In terms of understanding privacy, we investigated the consequences of disseminating image data, location data, hashtags, micro-posts, and other highly unstructured information that is dominating the online communication in our time. Our results explore the impact of how these media is used and propose countermeasures that are deployable in the here and now. But we also explored the foundations of a new, privacy-aware Internet, where users and companies can assess and minimize the privacy risk involved in information storage and retrieval, for highly heterogeneous data and across different networks. We developed new technologies that can help users quantify their privacy, explain how their profile affects the stream of information they receive, and make informed choices concerning their privacy in a convenient, automated fashion. Other results target developers in avoiding privacy-critical bugs in their software by means of faster and more accurate software testing and information-flow analysis. In terms of controlling privacy, we investigated state of the art proposals for anonymity in the web of today and devised novel techniques to preserve user anonymity. New, groundbreaking proposals in cryptography and protocol security are providing the foundation for privacy-preserving cloud computations. Advances in program analysis and cryptography-aware information-flow security call form the basis for new analysis techniques that rethink what information-flow control means in the mobile setting. New, refined notions of privacy add necessary flexibility to established privacy notions and a new query language for the medical domain enables privacy-preserving sharing in databases that hold enormous amounts of sensitive information.

Publications

• “Person Recognition in Personal Photo Collections”. In: Proceedings of the 14th IEEE International Conference on Computer Vision, ICCV 2015. IEEE, 2015, pp. 3862–3870
  Seong Joon Oh et al.
  (See online at https://doi.org/10.1109/TPAMI.2018.2877588)
• “Computational Soundness for Dalvik Bytecode”. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS 2016. 2016, pp. 717–730
  Michael Backes, Robert Künnemann, and Esfandiar Mohammadi
  (See online at https://doi.org/10.1145/2976749.2978418)
• “R-Susceptibility: An IR-Centric Approach to Assessing Privacy Risks for Users in Online Communities”. In: Proceedings of the 39th International ACM SIGIR Conference on Research and Development in Information Retrieval, SIGIR 2016, pp. 365–374
  Asia J. Biega et al.
  (See online at https://doi.org/10.1145/2911451.2911533)
• “Your Choice MATor(s): Large-scale Quantitative Anonymity Assessment of Tor Path Selection Algorithms Against Structural Attacks”. In: PoPETs 2016.2 (2016), pp. 40–60
  Michael Backes, Sebastian Meiser, and Marcin Slowik
  (See online at https://doi.org/10.1515/popets-2016-0004)
• “A Domain Based Approach to Social Relation Recognition”. In: Proceedings of the 30th IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2017. IEEE Computer Society, 2017, pp. 435–444
  Qianru Sun, Bernt Schiele, and Mario Fritz
  (See online at https://doi.org/10.1109/CVPR.2017.54)
• “Adversarial Image Perturbation for Privacy Protection – A Game Theory Perspective”. In: Proceedings of the IEEE International Conference on Computer Vision, ICCV 2017. IEEE Computer Society, 2017, pp. 1491–1500
  Seong Joon Oh, Mario Fritz, and Bernt Schiele
  (See online at https://doi.org/10.1109/ICCV.2017.165)
• “Concurrency and Privacy with Payment-Channel Networks”. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, CCS 2017. Association for Computing Machinery, 2017, pp. 455–471
  Giulio Malavolta et al.
  (See online at https://doi.org/10.1145/3133956.3134096)
• “Detecting Information Flow by Mutating Input Data”. In: Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017. IEEE Press, 2017, pp. 263–273
  Björn Mathis et al.
  (See online at https://doi.org/10.1109/ASE.2017.8115639)
• “Predicting the Category and Attributes of Visual Search Targets Using Deep Gaze Pooling”. In: Proceedings of the 16th IEEE International Conference on Computer Vision Workshops, MBCC ICCV 2017. IEEE, 2017, pp. 2740–274
  Hosnieh Sattar, Andreas Bulling, and Mario Fritz
  (See online at https://doi.org/10.1109/ICCVW.2017.322)
• “Search-driven String Constraint Solving for Vulnerability Detection”. In: Proceedings of the 39th International Conference on Software Engineering, ICSE 2017. ACM, 2017, pp. 198–208
  Julian Thomé et al.
  (See online at https://doi.org/10.1109/ICSE.2017.26)
• “SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks”. In: Proceedings of the 24th Annual Network and Distributed System Security Symposium, NDSS 2017. Internet Society, 2017
  Giulio Malavolta et al.
  (See online at https://doi.org/10.14722/ndss.2017.23448)
• “Speaking the Same Language: Matching Machine to Human Captions by Adversarial Training”. In: Proceedings of the IEEE International Conference on Computer Vision, ICCV 2017. IEEE Computer Society, 2017, pp. 4155–4164
  Rakshith Shetty et al.
  (See online at https://doi.org/10.1109/ICCV.2017.398)
• “STD2P: RGBD Semantic Segmentation Using Spatio-Temporal Data-Driven Pooling”. In: Proceedings of the 30th IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2017. IEEE Computer Society, 2017, pp. 7158–7167
  Yang He et al.
  (See online at https://doi.org/10.1109/CVPR.2017.757)
• “Towards a Visual Privacy Advisor: Understanding and Predicting Privacy Risks in Images”. In: Proceedings of the IEEE International Conference on Computer Vision, ICCV 2017. IEEE Computer Society, 2017, pp. 3706–3715
  Tribhuvanesh Orekondy, Bernt Schiele, and Mario Fritz
  (See online at https://doi.org/10.1109/ICCV.2017.398)
• “Walk2friends: Inferring Social Links from Mobility Profiles”. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, CCS 2017. Association for Computing Machinery, 2017, pp. 1943–1957
  Michael Backes et al.
  (See online at https://doi.org/10.1145/3133956.3133972)
• “What Is Around The Camera?” In: Proceedings of the 30th IEEE International Conference on Computer Vision, ICCV 2017. IEEE, 2017, pp. 5180–5188
  Stamatios Georgoulis et al.
  (See online at https://doi.org/10.1109/ICCV.2017.553)
• “Accelerating Analytical Processing in MVCC using Fine-Granular High-Frequency Virtual Snapshotting”. In: Proceedings of the 2018 International Conference on Management of Data, SIGMOD Conference 2018, pp. 245–258
  Ankur Sharma, Felix Martin Schuhknecht, and Jens Dittrich
  (See online at https://doi.org/10.1145/3183713.3196904)
• “DroidMate-2: A Platform for Android Test Generation”. In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ASE 2018. Association for Computing Machinery, 2018, pp. 916–919
  Nataniel P. Borges Jr., Jenny Hotzkow, and Andreas Zeller
  (See online at https://doi.org/10.1145/3238147.3240479)
• “Leveraging the crowd to detect and reduce the spread of fake news and misinformation”. In: Proceedings of the Eleventh ACM International Conference on Web Search and Data Mining, WSDM 2018, pp. 324–332
  Jooyeon Kim et al.
  (See online at https://doi.org/10.1145/3159652.3159734)
• “RVHyper: A Runtime Verification Tool for Temporal Hyperproperties”. In: Proceedings of the 24th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2018. Vol. 10806. Lecture Notes in Computer Science. Springer, 2018, pp. 194–200
  Bernd Finkbeiner et al.
  (See online at https://doi.org/10.1007/978-3-319-89963-3_11)
• “Tagvisor: A Privacy Advisor for Sharing Hashtags”. In: Proceedings of the 2018 World Wide Web Conference, WWW 2018. International World Wide Web Conferences Steering Committee, 2018, pp. 287–296
  Yang Zhang et al.
  (See online at https://doi.org/10.1145/3178876.3186095)
• “Types for Information Flow Control: Labeling Granularity and Semantic Models”. In: Proceedings of the 31st IEEE Computer Security Foundations Symposium, CSF 2018. IEEE Computer Society, 2018, pp. 233–246
  Vineet Rajani and Deepak Garg
  (See online at https://doi.org/10.1109/CSF.2018.00024)
• “UniTraX: Protecting Data Privacy with Discoverable Biases”. In: Proceedings of the 7th International Conference on Principles of Security and Trust, POST 2018
  Reinhard Munz et al.
  (See online at https://doi.org/10.1007/978-3-319-89722-6_12)
• “Algorithms for Monitoring Hyperproperties”. In: Proceedings of the 19th International Conference on Runtime Verification, RV 2019. Vol. 11757. Lecture Notes in Computer Science. Springer, 2019, pp. 70–90
  Christopher Hahn
  (See online at https://doi.org/10.1007/978-3-030-32079-9_5)
• “Applications for In-Situ Feedback on Social Network Notifications”. In: Proceedings of the IFIP TC 13 International Conference, INTERACT 2019. Springer, 2019, pp. 626–629
  Frederic Raber and Antonio Krüger
  (See online at https://doi.org/10.1007/978-3-030-29390-1_50)
• “Blurring the Lines between Blockchains and Database Systems: the Case of Hyperledger Fabric”. In: Proceedings of the 2019 International Conference on Management of Data, SIGMOD Conference 2019, pp. 105–122
  Ankur Sharma et al.
  (See online at https://doi.org/10.1145/3299869.3319883)
• “ConfLLVM: A Compiler for Enforcing Data Confidentiality in Low- Level Code”. In: Proceedings of the Fourteenth EuroSys Conference, EuroSys 2019. ACM, 2019, 4:1–4:15
  Ajay Brahmakshatriya et al.
  (See online at https://doi.org/10.1145/3302424.3303952)
• “Constraint-Based Monitoring of Hyperproperties”. In: Proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2019. Vol. 11428. Lecture Notes in Computer Science. Springer, 2019, pp. 115–131
  Christopher Hahn, Marvin Stenger, and Leander Tentrup
  (See online at https://doi.org/10.1007/978-3-030-17465-1_7)
• “FAIRY: A Framework for Understanding Relationships Between Users’ Actions and their Social Feeds”. In: Proceedings of the Twelfth ACM International Conference on Web Search and Data Mining, WSDM 2019, pp. 240–248
  Azin Ghazimatin, Rishiraj Saha Roy, and Gerhard Weikum
  (See online at https://doi.org/10.1145/3289600.3290990)
• “FriendGroupVR: Design Concepts Using Virtual Reality to Organize Social Network Friends”. In: Proceedings of the IFIP TC 13 International Conference, INTERACT 2019. Springer, 2019, pp. 719–739
  Frederic Raber, Christopher Schommer, and Antonio Krüger
  (See online at https://doi.org/10.1007/978-3-030-29387-1_42)
• “From fine- to coarse-grained dynamic information flow control and back”. In: Proceedings of the annual Symposium on Principles of Programming Languages, POPL 2019
  Marco Vassena et al.
  (See online at https://doi.org/10.1145/3290389)
• “Homomorphic Time-Lock Puzzles and Applications”. In: Proceedings of the 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2019. Vol. 11692. Lecture Notes in Computer Science. Springer, 2019, pp. 620–649
  Giulio Malavolta and Sri Aravinda Krishnan Thyagarajan
  (See online at https://doi.org/10.1007/978-3-030-26948-7_22)
• “How to Wrap it up - A Formally Verified Proposal for the use of Authenticated Wrapping in PKCS#11”. In: Proceedings of the 32nd IEEE Computer Security Foundations Symposium, CSF 2019. 2019, pp. 62–77
  Alexander Dax et al.
  (See online at https://doi.org/10.1109/CSF.2019.00012)
• “Incremental Proofs of Sequential Work”. In: Proceedings of the 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2019. Springer, 2019, pp. 292–323
  Nico Döttling, Russell W. F. Lai, and Giulio Malavolta
  (See online at https://doi.org/10.1007/978-3-030-17656-3_11)
• “Knockoff Nets: Stealing Functionality of Black-Box Models”. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2019. IEEE Computer Society, 2019
  Tribhuvanesh Orekondy, Bernt Schiele, and Mario Fritz
  (See online at https://doi.org/10.1109/CVPR.2019.00509)
• “OmniWedges: Improved Radar-Based Audience Selection for Social Networks”. In: Proceedings of the IFIP TC 13 International Conference, INTERACT 2019. Vol. 10516. Lecture Notes in Computer Science. Springer, 2019, pp. 654–658
  Frederic Raber and Antonio Krüger
  (See online at https://doi.org/10.1007/978-3-030-29390-1_56)
• “Privacy-Preserving Similar Patient Queries for Combined Biomedical Data”. In: PoPETs 2019.1 (2019), pp. 47–67
  Ahmed Salem et al.
  (See online at https://doi.org/10.2478/popets-2019-0004)
• “Trapdoor hash functions and their applications”. In: Proceedings of the 39th Annual International Cryptology Conference, CRYPTO 2019. Springer. 2019, pp. 3–32
  Nico Döttling et al.
  (See online at https://doi.org/10.1007/978-3-030-26954-8_1)
• “The high-level benefits of low-level sandboxing”. In: Proceedings of the 47th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2020
  Michael Sammler et al.
  (See online at https://doi.org/10.1145/3371100)