Datacentric Semantics for Verification of Privacy Policy Compliance by Mobile Applications
نویسندگان
چکیده
We introduce an enhanced information-flow analysis for tracking the amount of confidential data that is possibly released to third parties by a mobile application. The main novelty of our solution is that it can explicitly keep track of the footprint of data sources in the expressions formed and manipulated by the program, as well as of transformations over them, yielding a lazy approach with finer granularity, which may reduce false positives with respect to state-of-the-art information-flow analyses.
منابع مشابه
Privacy Analysis of Android Apps: Implicit Flows and Quantitative Analysis
A static analysis is presented, based on the theory of abstract interpretation, for verifying privacy policy compliance by mobile applications. This includes instances where, for example, the application releases the user’s location or device ID without authorization. It properly extends previous work on datacentric semantics for verification of privacy policy compliance by mobile applications ...
متن کاملReconciling Privacy Policies and Regulations: Ontological Semantics Perspective
How well the privacy policy follows a regulation is one of the current concerns of the user. Such a task can be accomplished by directly querying the policy statement with the regulation text. Automation of the process requires an expressive meaning-based framework for Natural Language Processing (NLP). This paper discusses the Ontological Semantics approach to the issue of verifying compliance...
متن کاملPrivacy Enforcement and Accountability with Semantics (peas2007) Iswc 2007 Sponsor Workshop Motivation and Goal beyond Secrecy: New Privacy Protection Strategies for the World Wide Web Semantic-driven Enforcement of Rights Delegation Policies via the Combination of Rules and Ontologies
We show that the semantic formal model for Open Digital Right Language (ODRL)-based rights delegation policies can be enforced and expressed as a combination of ontologies and rules, e.g., Semantic Web Rule Language (SWRL). Based on ODRL’s expressions and data dictionary, a rights delegation ontology is proposed in this study. Furthermore, we express the rights delegation policy as a set of ont...
متن کاملSemantic-Driven Enforcement of Rights Delegation Policies via the Combination of Rules and Ontologies
We show that the semantic formal model for Open Digital Right Language (ODRL)-based rights delegation policies can be enforced and expressed as a combination of ontologies and rules, e.g., Semantic Web Rule Language (SWRL). Based on ODRL’s expressions and data dictionary, a rights delegation ontology is proposed in this study. Furthermore, we express the rights delegation policy as a set of ont...
متن کاملPrivacy Enforcement and Accountability with Semantics ( PEAS 2007 ) Workshop 11
We show that the semantic formal model for Open Digital Right Language (ODRL)-based rights delegation policies can be enforced and expressed as a combination of ontologies and rules, e.g., Semantic Web Rule Language (SWRL). Based on ODRL’s expressions and data dictionary, a rights delegation ontology is proposed in this study. Furthermore, we express the rights delegation policy as a set of ont...
متن کامل