Design patterns: elements of reusable object-oriented software
Design patterns: elements of reusable object-oriented software
The Unified Modeling Language user guide
The Unified Modeling Language user guide
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
k-anonymity: a model for protecting privacy
International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems
A Privacy Policy Model for Enterprises
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Translating Privacy Practices into Privacy Promises—How to Promise What You Can Keep
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
A Component-Based Architecture for Secure Data Publication
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Obligation Monitoring in Policy Management
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Efficient comparison of enterprise privacy policies
Proceedings of the 2004 ACM symposium on Applied computing
An analysis of P3P-enabled web sites among top-20 search results
ICEC '06 Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Aspect-oriented software development
Aspect-oriented software development
IT-security and privacy: design and use of privacy-enhancing security mechanisms
IT-security and privacy: design and use of privacy-enhancing security mechanisms
Platform for enterprise privacy practices: privacy-enabled management of customer data
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Defending against injection attacks through context-sensitive string evaluation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
An aspect-oriented implementation of e-consent to foster trust
SAICSIT '06 Proceedings of the 2006 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries
Conceptual modeling of privacy-aware web service protocols
CAiSE'07 Proceedings of the 19th international conference on Advanced information systems engineering
Privacy inspection and monitoring framework for automated business processes
WISE'07 Proceedings of the 8th international conference on Web information systems engineering
Hi-index | 0.00 |
Protection of personal data is essential for customer acceptance. Even though existing privacy policies can describe how data shall be handled, privacy enforcement remains a challenge. Especially for existing applications, it is unclear how one can effectively ensure correct data handling without completely redesigning the applications. In this paper we introduce Privacy Injector, which allows us to add privacy enforcement to existing applications. Conceptually Privacy Injector consists of two complementary parts, namely, a privacy metadata tracking and a privacy policy enforcement part. We show how Privacy Injector protects the complete life cycle of personal data by providing us with a practical implementation of the “sticky policy paradigm.” Throughout the collection, transformation, disclosure and deletion of personal data, Privacy Injector will automatically assign, preserve and update privacy metadata as well as enforce the privacy policy. As our approach is policy-agnostic, we can enforce any policy language that describes which actions may be performed on which data.