乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,7,28]],"date-time":"2024-07-28T17:53:15Z","timestamp":1722189195585},"reference-count":34,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"3","license":[{"start":{"date-parts":[[2020,7,1]],"date-time":"2020-07-01T00:00:00Z","timestamp":1593561600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,7,1]]},"abstract":"Abstract<\/jats:title>\n Through recent years, much research has been conducted into processing privacy policies and presenting them in ways that are easy for users to understand. However, understanding privacy policies has little utility if the website\u2019s data processing code does not match the privacy policy. Although systems have been proposed to achieve compliance of internal software to access control policies, they assume a large trusted computing base and are not designed to provide a proof of compliance to an end user. We design Mitigator, a system to enforce compliance of a website\u2019s source code with a privacy policy model that addresses these two drawbacks of previous work. We use trusted hardware platforms to provide a guarantee to an end user that their data is only handled by code that is compliant with the privacy policy. Such an end user only needs to trust a small module in the hardware of the remote back-end machine and related libraries but not the entire OS. We also provide a proof-of-concept implementation of Mitigator and evaluate it for its latency. We conclude that it incurs only a small overhead with respect to an unmodified system that does not provide a guarantee of privacy policy compliance to the end user.<\/jats:p>","DOI":"10.2478\/popets-2020-0049","type":"journal-article","created":{"date-parts":[[2020,8,28]],"date-time":"2020-08-28T14:44:06Z","timestamp":1598625846000},"page":"204-221","source":"Crossref","is-referenced-by-count":4,"title":["Mitigator: Privacy policy compliance using trusted hardware"],"prefix":"10.56553","volume":"2020","author":[{"given":"Miti","family":"Mazmudar","sequence":"first","affiliation":[{"name":"University of Waterloo"}]},{"given":"Ian","family":"Goldberg","sequence":"additional","affiliation":[{"name":"University of Waterloo"}]}],"member":"35752","published-online":{"date-parts":[[2020,8,17]]},"reference":[{"key":"2022042323340976126_j_popets-2020-0049_ref_001_w2aab3b7c16b1b6b1ab1ab1Aa","unstructured":"[1] Advanced Micro Devices. Secure Encrypted Virtualization API Version 0.17. Technical preview, Advanced Micro Devices, 2018. URL https:\/\/www.amd.com\/system\/files\/TechDocs\/55766_SEV-KM_API_Specification.pdf."},{"key":"2022042323340976126_j_popets-2020-0049_ref_002_w2aab3b7c16b1b6b1ab1ab2Aa","unstructured":"[2] Benjamin Andow, Samin Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie. PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play. In 28th USENIX Security Symposium, pages 585\u2013602, Santa Clara, CA, August 2019. USENIX Association. URL https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/andow."},{"key":"2022042323340976126_j_popets-2020-0049_ref_003_w2aab3b7c16b1b6b1ab1ab3Aa","unstructured":"[3] Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O\u2019Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, R\u00fcdiger Kapitza, Peter Pietzuch, and Christof Fetzer. SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16), pages 689\u2013703, Savannah, GA, 2016. USENIX Association. URL https:\/\/www.usenix.org\/conference\/osdi16\/technical-sessions\/presentation\/arnautov."},{"key":"2022042323340976126_j_popets-2020-0049_ref_004_w2aab3b7c16b1b6b1ab1ab4Aa","unstructured":"[4] Pierre-Louis Aublin, Florian Kelbert, Dan O\u2019Keeffe, Divya Muthukumaran, Christian Priebe, Joshua Lind, Robert Krahn, Christof Fetzer, David Eyers, and Peter Pietzuch. TaLoS: Secure and Transparent TLS Termination inside SGX Enclaves. Technical report, Imperial College London, 2017. URL https:\/\/www.doc.ic.ac.uk\/research\/technicalreports\/2017\/DTRS17-5.pdf."},{"key":"2022042323340976126_j_popets-2020-0049_ref_005_w2aab3b7c16b1b6b1ab1ab5Aa","doi-asserted-by":"crossref","unstructured":"[5] Michael Backes, Konrad Rieck, Malte Skoruppa, Ben Stock, and Fabian Yamaguchi. Efficient and Flexible Discovery of PHP Application Vulnerabilities. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pages 334\u2013349, 2017. 10.1109\/EuroSP.2017.14.10.1109\/EuroSP.2017.14","DOI":"10.1109\/EuroSP.2017.14"},{"key":"2022042323340976126_j_popets-2020-0049_ref_006_w2aab3b7c16b1b6b1ab1ab6Aa","doi-asserted-by":"crossref","unstructured":"[6] Eleanor Birrell, Anders Gjerdrum, Robbert van Renesse, H\u00e5vard Johansen, Dag Johansen, and Fred B. Schneider. SGX Enforcement of Use-Based Privacy. In Proceedings of the 2018 Workshop on Privacy in the Electronic Society, WPES\u201918, pages 155\u2013167, New York, NY, USA, 2018. ACM. 10.1145\/3267323.3268954. URL https:\/\/dl.acm.org\/citation.cfm?id=3268954.10.1145\/3267323.3268954","DOI":"10.1145\/3267323.3268954"},{"key":"2022042323340976126_j_popets-2020-0049_ref_007_w2aab3b7c16b1b6b1ab1ab7Aa","doi-asserted-by":"crossref","unstructured":"[7] Travis D. Breaux and Florian Schaub. Scaling requirements extraction to the crowd: Experiments with privacy policies. In 2014 IEEE 22nd International Requirements Engineering Conference (RE), pages 163\u2013172, 2014. 10.1109\/RE.2014.6912258.10.1109\/RE.2014.6912258","DOI":"10.1109\/RE.2014.6912258"},{"key":"2022042323340976126_j_popets-2020-0049_ref_008_w2aab3b7c16b1b6b1ab1ab8Aa","unstructured":"[8] Jo Van Bulck, Nico Weichbrodt, R\u00fcdiger Kapitza, Frank Piessens, and Raoul Strackx. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In 26th USENIX Security Symposium (USENIX Security 17), pages 1041\u20131056, Vancouver, BC, 2017. USENIX Association. URL https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technicalsessions\/presentation\/van-bulck."},{"key":"2022042323340976126_j_popets-2020-0049_ref_009_w2aab3b7c16b1b6b1ab1ab9Aa","unstructured":"[9] Chia che Tsai, Donald E. Porter, and Mona Vij. Graphene- SGX: A Practical Library OS for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference (USENIX ATC 17), pages 645\u2013658, Santa Clara, CA, 2017. USENIX Association. URL https:\/\/www.usenix.org\/conference\/atc17\/technical-sessions\/presentation\/tsai."},{"key":"2022042323340976126_j_popets-2020-0049_ref_010_w2aab3b7c16b1b6b1ab1ac10Aa","unstructured":"[10] Victor Costan, Ilia Lebedev, and Srinivas Devadas. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In 25th USENIX Security Symposium (USENIX Security 16), pages 857\u2013874, Austin, TX, 2016. USENIX Association. URL https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/costan."},{"key":"2022042323340976126_j_popets-2020-0049_ref_011_w2aab3b7c16b1b6b1ab1ac11Aa","unstructured":"[11] Lorrie Cranor, Marc Langheinrich, Massimo Marchiori, Martin Presler-Marshall, and Joseph Reagle. The Platform for Privacy Preferences 1.0 (P3P 1.0) Specification. https:\/\/www.w3.org\/TR\/P3P\/, 2002."},{"key":"2022042323340976126_j_popets-2020-0049_ref_012_w2aab3b7c16b1b6b1ab1ac12Aa","unstructured":"[12] Lorrie Faith Cranor. Necessary but not sufficient: Standardized mechanisms for privacy notice and choice. Journal on Telecommunications and High Technology Law, 10:273\u2013308, 2012. http:\/\/jthtl.org\/content\/articles\/V10I2\/JTHTLv10i2_Cranor.PDF."},{"key":"2022042323340976126_j_popets-2020-0049_ref_013_w2aab3b7c16b1b6b1ab1ac13Aa","unstructured":"[13] Eslam Elnikety, Aastha Mehta, Anjo Vahldiek-Oberwagner, Deepak Garg, and Peter Druschel. Thoth: Comprehensive Policy Compliance in Data Retrieval Systems. In 25th USENIX Security Symposium (USENIX Security 16), pages 637\u2013654, Austin, TX, 2016. USENIX Association. URL https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/elnikety."},{"key":"2022042323340976126_j_popets-2020-0049_ref_014_w2aab3b7c16b1b6b1ab1ac14Aa","doi-asserted-by":"crossref","unstructured":"[14] Michael Freyberger, Warren He, Devdatta Akhawe, Michelle L Mazurek, and Prateek Mittal. Cracking ShadowCrypt: Exploring the Limitations of Secure I\/O Systems in Internet Browsers. Proceedings on Privacy Enhancing Technologies, 2018(2):47\u201363, 2018. http:\/\/dx.doi.org\/10.1515\/popets-2018-0012.10.1515\/popets-2018-0012","DOI":"10.1515\/popets-2018-0012"},{"key":"2022042323340976126_j_popets-2020-0049_ref_015_w2aab3b7c16b1b6b1ab1ac15Aa","unstructured":"[15] Daniel B. Giffin, Amit Levy, Deian Stefan, David Terei, David Mazi\u00e8res, John C. Mitchell, and Alejandro Russo. Hails: Protecting Data Privacy in Untrusted Web Applications. In Presented as part of the 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12), pages 47\u201360, Hollywood, CA, 2012. USENIX. URL https:\/\/www.usenix.org\/conference\/osdi12\/technicalsessions\/presentation\/giffin."},{"key":"2022042323340976126_j_popets-2020-0049_ref_016_w2aab3b7c16b1b6b1ab1ac16Aa","unstructured":"[16] Hamza Harkous, Kassem Fawaz, R\u00e9mi Lebret, Florian Schaub, Kang G. Shin, and Karl Aberer. Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning. In 27th USENIX Security Symposium (USENIX Security 18), pages 531\u2013548, Baltimore, MD, 2018. USENIX Association. URL https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/harkous."},{"key":"2022042323340976126_j_popets-2020-0049_ref_017_w2aab3b7c16b1b6b1ab1ac17Aa","unstructured":"[17] Intel Corporation. Intel\u00ae Software Guard Extensions (Intel\u00ae SGX) Developer Guide. https:\/\/download.01.org\/intelsgx\/linux-2.5\/docs\/Intel_SGX_Developer_Guide.pdf, 2019."},{"key":"2022042323340976126_j_popets-2020-0049_ref_018_w2aab3b7c16b1b6b1ab1ac18Aa","doi-asserted-by":"crossref","unstructured":"[18] Nenad Jovanovic, Christopher Kruegel, and Engin Kirda. Pixy: a static analysis tool for detecting Web application vulnerabilities. In 2006 IEEE Symposium on Security and Privacy (S P\u201906), 2006. 10.1109\/SP.2006.29.10.1109\/SP.2006.29","DOI":"10.1109\/SP.2006.29"},{"key":"2022042323340976126_j_popets-2020-0049_ref_019_w2aab3b7c16b1b6b1ab1ac19Aa","unstructured":"[19] Jayanthkumar Kannan, Petros Maniatis, and Byung-Gon Chun. Secure Data Preservers For Web Services. In 2nd USENIX Conference on Web Application Development, WebApps\u2019 11, pages 3\u20133, Berkeley, CA, USA, 2011. USENIX Association. URL http:\/\/dl.acm.org\/citation.cfm?id=2002168.2002171."},{"key":"2022042323340976126_j_popets-2020-0049_ref_020_w2aab3b7c16b1b6b1ab1ac20Aa","doi-asserted-by":"crossref","unstructured":"[20] Klaudia Krawiecka, Arseny Kurnikov, Andrew Paverd, Mohammad Mannan, and N. Asokan. SafeKeeper: Protecting Web Passwords Using Trusted Execution Environments. In Proceedings of the 2018 World Wide Web Conference, WWW \u201918, pages 349\u2013358, Republic and Canton of Geneva, Switzerland, 2018. International World Wide Web Conferences Steering Committee. 10.1145\/3178876.3186101.10.1145\/3178876.3186101","DOI":"10.1145\/3178876.3186101"},{"key":"2022042323340976126_j_popets-2020-0049_ref_021_w2aab3b7c16b1b6b1ab1ac21Aa","unstructured":"[21] Dayeol Lee, David Kohlbrenner, Shweta Shinde, Kriste Asanovic, Dawn Song, Ilia Lebedev, Srini Devdas, Sagar Karandikar, and Albert Ou. Keystone - Open-source Secure Hardware Enclave. https:\/\/keystone-enclave.org\/, 2019."},{"key":"2022042323340976126_j_popets-2020-0049_ref_022_w2aab3b7c16b1b6b1ab1ac22Aa","unstructured":"[22] Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In 26th USENIX Security Symposium (USENIX Security 17), pages 557\u2013574, Vancouver, BC, 2017. USENIX Association. URL https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/lee-sangho."},{"key":"2022042323340976126_j_popets-2020-0049_ref_023_w2aab3b7c16b1b6b1ab1ac23Aa","unstructured":"[23] Petros Maniatis, Devdatta Akhawe, Kevin R Fall, Elaine Shi, and Dawn Song. Do You Know Where Your Data Are? Secure Data Capsules for Deployable Data Protection. In 13th Workshop on Hot Topics in Operating Systems, volume 7, pages 193\u2013205. USENIX Association, 2011. URL https:\/\/www.usenix.org\/legacy\/event\/hotos\/tech\/final_files\/ManiatisAkhawe.pdf."},{"key":"2022042323340976126_j_popets-2020-0049_ref_024_w2aab3b7c16b1b6b1ab1ac24Aa","doi-asserted-by":"crossref","unstructured":"[24] Sajin Sasy, Sergey Gorbunov, and Christopher W. Fletcher. ZeroTrace : Oblivious Memory Primitives from Intel SGX. In Proceedings of the 25th Annual Network and Distributed Systems Security Symposium, NDSS\u201918, 2018. URL http:\/\/wp.internetsociety.org\/ndss\/wp-content\/uploads\/sites\/25\/2018\/02\/ndss2018_02B-4_Sasy_paper.pdf.10.14722\/ndss.2018.23239","DOI":"10.14722\/ndss.2018.23239"},{"key":"2022042323340976126_j_popets-2020-0049_ref_025_w2aab3b7c16b1b6b1ab1ac25Aa","unstructured":"[25] Shayak Sen, Saikat Guha, Anupam Datta, Sriram K. Rajamani, Janice Tsai, and Jeannette M. Wing. Bootstrapping Privacy Compliance in Big Data Systems. In Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP \u201914, pages 327\u2013342, Washington, DC, USA, 2014. IEEE Computer Society. 10.1109\/SP.2014.28."},{"key":"2022042323340976126_j_popets-2020-0049_ref_026_w2aab3b7c16b1b6b1ab1ac26Aa","doi-asserted-by":"crossref","unstructured":"[26] Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena. Panoply: Low-TCB Linux Applications With SGX Enclaves. In Proceedings of the 24th Annual Network and Distributed Systems Security Symposium, NDSS\u201917, 2017. http:\/\/dx.doi.org\/10.14722\/ndss.2017.23500. URL https:\/\/www.ndss-symposium.org\/ndss2017\/ndss-2017-programme\/panoply-low-tcb-linux-applications-sgx-enclaves\/.10.14722\/ndss.2017.23500","DOI":"10.14722\/ndss.2017.23500"},{"key":"2022042323340976126_j_popets-2020-0049_ref_027_w2aab3b7c16b1b6b1ab1ac27Aa","doi-asserted-by":"crossref","unstructured":"[27] Rocky Slavin, Xiaoyin Wang, Mitra Bokaei Hosseini, James Hester, Ram Krishnan, Jaspreet Bhatia, Travis D Breaux, and Jianwei Niu. Toward a framework for detecting privacy policy violations in android application code. In Proceedings of the 38th International Conference on Software Engineering, pages 25\u201336. ACM, 2016. 10.1145\/2884781.2884855.10.1145\/2884781.2884855","DOI":"10.1145\/2884781.2884855"},{"key":"2022042323340976126_j_popets-2020-0049_ref_028_w2aab3b7c16b1b6b1ab1ac28Aa","unstructured":"[28] Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In Proceedings of the 27th USENIX Security Symposium, pages 991\u20131008. USENIX Association, 2018. URL https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/bulck."},{"key":"2022042323340976126_j_popets-2020-0049_ref_029_w2aab3b7c16b1b6b1ab1ac29Aa","unstructured":"[29] Frank Wang, Ronny Ko, and James Mickens. Riverbed: Enforcing user-defined privacy constraints in distributed web services. In 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19), pages 615\u2013630, Boston, MA, 2019. USENIX Association. ISBN 978-1-931971-49-2. URL https:\/\/www.usenix.org\/conference\/nsdi19\/presentation\/wang-frank."},{"key":"2022042323340976126_j_popets-2020-0049_ref_030_w2aab3b7c16b1b6b1ab1ac30Aa","unstructured":"[30] Zack Whittaker. Equifax breach was \u2018entirely preventable\u2019 had it used basic security measures, says House report. https:\/\/techcrunch.com\/2018\/12\/10\/equifax-breachpreventable-house-oversight-report\/, 2019."},{"key":"2022042323340976126_j_popets-2020-0049_ref_031_w2aab3b7c16b1b6b1ab1ac31Aa","doi-asserted-by":"crossref","unstructured":"[31] Shomir Wilson, Florian Schaub, Aswarth Abhilash Dara, Frederick Liu, Sushain Cherivirala, Pedro Giovanni Leon, Mads Schaarup Andersen, Sebastian Zimmeck, Kanthashree Mysore Sathyendra, N. Cameron Russell, Thomas B. Norton, Eduard Hovy, Joel Reidenberg, and Norman Sadeh. The creation and analysis of a website privacy policy corpus. In Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics, ACL 2016, Berlin, Germany, 2016. ACL. dx.doi.org\/10.18653\/v1\/P16-1126. URL https:\/\/www.aclweb.org\/anthology\/P16-1126.10.18653\/v1\/P16-1126","DOI":"10.18653\/v1\/P16-1126"},{"key":"2022042323340976126_j_popets-2020-0049_ref_032_w2aab3b7c16b1b6b1ab1ac32Aa","unstructured":"[32] Sebastian Zimmeck and Steven M. Bellovin. Privee: An Architecture for Automatically Analyzing Web Privacy Policies. In 23rd USENIX Security Symposium (USENIX Security 2014), pages 1\u201316, San Diego, CA, 2014. USENIX Association. URL https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/zimmeck."},{"key":"2022042323340976126_j_popets-2020-0049_ref_033_w2aab3b7c16b1b6b1ab1ac33Aa","doi-asserted-by":"crossref","unstructured":"[33] Sebastian Zimmeck, Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shormir Wilson, Norman Sadeh, Steven M. Bellovin, and Joel Reidenberg. Automated Analysis of Privacy Requirements for Mobile Apps. In 24th Network & Distributed System Security Symposium (NDSS 2017), NDSS 2017, San Diego, CA, 2017. Internet Society. URL https:\/\/www.ndss-symposium.org\/ndss2017\/ndss-2017-programme\/automated-analysis-privacy-requirementsmobile-apps\/.10.14722\/ndss.2017.23034","DOI":"10.14722\/ndss.2017.23034"},{"key":"2022042323340976126_j_popets-2020-0049_ref_034_w2aab3b7c16b1b6b1ab1ac34Aa","doi-asserted-by":"crossref","unstructured":"[34] Sebastian Zimmeck, Peter Story, Rafael Goldstein, David Baraka, Shaoyan Li, Yuanyuan Feng, and Norman Sadeh. Compliance Traceability: Privacy Policies as Software Development Artifacts. Open Day for Privacy, Usability, and Transparency, July 2019. https:\/\/sebastianzimmeck.de\/zimmeckEtAlTraceability2019Abstract.pdf.10.2478\/popets-2019-0037","DOI":"10.2478\/popets-2019-0037"}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/content.sciendo.com\/view\/journals\/popets\/2020\/3\/article-p204.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.sciendo.com\/pdf\/10.2478\/popets-2020-0049","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T16:31:02Z","timestamp":1658334662000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2020\/popets-2020-0049.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,7,1]]},"references-count":34,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2020,8,17]]},"published-print":{"date-parts":[[2020,7,1]]}},"alternative-id":["10.2478\/popets-2020-0049"],"URL":"https:\/\/doi.org\/10.2478\/popets-2020-0049","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,7,1]]}}}