AUTHOR=Adams Carlisle , Dai Yu , DesOrmeaux Catherine , McAvoy Sean , Nguyen NamChi , Trindade Francisco 

TITLE=Strengthening Enforcement in a Comprehensive Architecture for Privacy Enforcement at Internet Websites

JOURNAL=Frontiers in Computer Science

VOLUME=2

YEAR=2020

URL=https://www.frontiersin.org/journals/computer-science/articles/10.3389/fcomp.2020.00002

DOI=10.3389/fcomp.2020.00002

ISSN=2624-9898

ABSTRACT=<p>This paper extends previous work to strengthen the <italic>enforcement</italic> portion of a comprehensive architecture for enforcing privacy when a user needs to submit personal data to an Internet website in order to obtain goods or services. Our extension proposes to use a website's P3P privacy policy (derived in an automated way from its internal XACML access control policy) as a public key to encrypt the user's data using IBE (identity-based encryption) technology. The website will only acquire the corresponding private key to decrypt this data if a trusted 3rd-party auditor (acting as an IBE private key generator) has verified that the P3P policy is an accurate statement of the site's internal privacy practices. We discuss all the components of this model and describe our proof-of-concept implementation which demonstrates that such an architecture is feasible in real-world scenarios.</p>