PrivFramework: A System for Configurable and Automated Privacy Policy Compliance
Usmann Khan, Lun Wang, Jithendaraa Subramanian, Joseph P. Near, Dawn, Song
TL;DR
PrivFramework is a configurable system that enables data owners to define and automatically enforce personalized privacy policies against analysis programs, enhancing data privacy control.
Contribution
It introduces a novel framework allowing user-defined privacy policies and automated compliance checking for analysis programs using static analysis techniques.
Findings
Successfully enforces user privacy policies against Python analysis programs
Automates privacy compliance verification to reduce manual oversight
Empowers data owners with customizable privacy controls
Abstract
Today's massive scale of data collection coupled with recent surges of consumer data leaks has led to increased attention towards data privacy and related risks. Conventional data privacy protection systems focus on reducing custodial risk and lack features empowering data owners. As an end user there are limited options available to specify and enforce one's own privacy preferences over their data. To address these concerns we present PrivFramework, a user-configurable frame-work for automated privacy policy compliance. PrivFramework allows data owners to write powerful privacy policies to protect their data and automatically enforces these policies against analysis programs written in Python. Using static-analysis PrivFramework automatically checks authorized analysis programs for compliance to user-defined policies.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Advanced Malware Detection Techniques · Information and Cyber Security