Privacy-aware: Tracking and protecting sensitive information using automatic type inference

It is very hard to ensure that software is free of sensitive information leaks because current common software takes very little measures to control sensitive data propagation or limit data lifetime. We present Privacy-Aware, a sensitive data tracker and eraser based on type qualifier inference. We have adapted a simplified type qualifier inference to the LLVM framework, a low-level virtual machine infrastructure for a batch of languages. With type qualifier inference, Privacy-Aware can automatically reason about where the sensitive data has been propagated to and erase them before deallocation. We optimize Privacy-Aware with alias analysis and points-to analysis so that Privacy-Aware can be used as an effective annotation system for programmer to reduce the data lifetime in software development with minimal annotation effort. We have implemented Privacy-Aware by LLVM-based instrumentation. The preliminary evaluation suggests that Privacy-Aware can effectively clear sensitive data while only incurring a small amount of overhead, on average below 10%, in our benchmark. Our research provides evidence that requiring minimal programmer intervention, Privacy-Aware is an effective, efficient and autonomous strategy in privacy protection.