Mitigator: Privacy policy compliance using trusted hardware-Reference-Cited by-同舟云学术

Mitigator: Privacy policy compliance using trusted hardware

Published:2020-07-01 Issue:3 Volume:2020 Page:204-221
ISSN:2299-0984
Container-title:Proceedings on Privacy Enhancing Technologies
language:en
Short-container-title:

Author:

Mazmudar Miti¹,Goldberg Ian¹

Affiliation:

1. University of Waterloo

Abstract

Abstract Through recent years, much research has been conducted into processing privacy policies and presenting them in ways that are easy for users to understand. However, understanding privacy policies has little utility if the website’s data processing code does not match the privacy policy. Although systems have been proposed to achieve compliance of internal software to access control policies, they assume a large trusted computing base and are not designed to provide a proof of compliance to an end user. We design Mitigator, a system to enforce compliance of a website’s source code with a privacy policy model that addresses these two drawbacks of previous work. We use trusted hardware platforms to provide a guarantee to an end user that their data is only handled by code that is compliant with the privacy policy. Such an end user only needs to trust a small module in the hardware of the remote back-end machine and related libraries but not the entire OS. We also provide a proof-of-concept implementation of Mitigator and evaluate it for its latency. We conclude that it incurs only a small overhead with respect to an unmodified system that does not provide a guarantee of privacy policy compliance to the end user.

Publisher

Walter de Gruyter GmbH

Subject

General Medicine

Link

https://www.sciendo.com/pdf/10.2478/popets-2020-0049

Reference34 articles.

1. [1] Advanced Micro Devices. Secure Encrypted Virtualization API Version 0.17. Technical preview, Advanced Micro Devices, 2018. URL https://www.amd.com/system/files/TechDocs/55766_SEV-KM_API_Specification.pdf.

2. [2] Benjamin Andow, Samin Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie. PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play. In 28th USENIX Security Symposium, pages 585–602, Santa Clara, CA, August 2019. USENIX Association. URL https://www.usenix.org/conference/usenixsecurity19/presentation/andow.

3. [3] Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16), pages 689–703, Savannah, GA, 2016. USENIX Association. URL https://www.usenix.org/conference/osdi16/technical-sessions/presentation/arnautov.

4. [4] Pierre-Louis Aublin, Florian Kelbert, Dan O’Keeffe, Divya Muthukumaran, Christian Priebe, Joshua Lind, Robert Krahn, Christof Fetzer, David Eyers, and Peter Pietzuch. TaLoS: Secure and Transparent TLS Termination inside SGX Enclaves. Technical report, Imperial College London, 2017. URL https://www.doc.ic.ac.uk/research/technicalreports/2017/DTRS17-5.pdf.

5. [5] Michael Backes, Konrad Rieck, Malte Skoruppa, Ben Stock, and Fabian Yamaguchi. Efficient and Flexible Discovery of PHP Application Vulnerabilities. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pages 334–349, 2017. 10.1109/EuroSP.2017.14.

Cited by 5 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Intel Software Guard Extensions Applications: A Survey;ACM Computing Surveys;2023-07-17

2. Privacy Policies across the Ages: Content of Privacy Policies 1996–2021;ACM Transactions on Privacy and Security;2023-05-13

3. Vizard;Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security;2022-11-07

4. Privacy and Trust in eHealth: A Fuzzy Linguistic Solution for Calculating the Merit of Service;Journal of Personalized Medicine;2022-04-19

5. Privacy Preference Signals: Past, Present and Future;Proceedings on Privacy Enhancing Technologies;2021-07-23