Title :
Information Flow Control for Static Enforcement of User-Defined Privacy Policies
Author :
Preibusch, Sören
Author_Institution :
Comput. Lab., Univ. of Cambridge, Cambridge, UK
Abstract :
Information flow control (IFC) allows software programmers and auditors to detect and prevent the sharing of information between different parts of a program which, as a matter of policy, should be kept logically separate. However, the lack of widespread use of IFC suggests technology and usability barriers to adoption. The programming language JIF provides IFC on top of Java. To assess pragmatic issues and systematic limitations of using JIF for commercial privacy-preserving Web applications, we deliver the first Web-based case-study with customer-negotiated restrictions on data recipients and usage. On a practical level, from our experience of programming in JIF, we assess its suitability for preventing accidental misuse of personal information and deduce recommendations for future implementations. On a theoretical level, we explore the compatibility between static analysis and privacy policies configured at runtime.
Keywords :
Java; Web services; data flow analysis; data privacy; peer-to-peer computing; personal information systems; IFC; Java; accidental misuse; commercial privacy-preserving Web applications; customer-negotiated restrictions; data recipients; information flow control; information sharing; personal information misuse; pragmatic issues; programming language JIF; software auditors; software programmers; static enforcement; user-defined privacy policies; Java; Libraries; Privacy; Programming; Runtime; Security; JIF; case-study; electronic commerce; information flow control; privacy negotiations; privacy policy enforcement; user-defined policies;
Conference_Titel :
Policies for Distributed Systems and Networks (POLICY), 2011 IEEE International Symposium on
Conference_Location :
Pisa
Print_ISBN :
978-1-4244-9879-6
Electronic_ISBN :
978-0-7695-4330-7
DOI :
10.1109/POLICY.2011.23
