A Personal Information Leakage Prevention Method on the Internet
暂无分享,去创建一个
In this paper, we propose a method for preventing personal information leakage on the Internet. The leakage of the personal information might cause severe problems such as privacy violation, impersonation, spam mail, and financial fraud. The main ways of the personal information leakage are the leakage of the personal information registered in Web site, the Internet phishing, and the spyware. The basic idea of our method for preventing these types of personal information leakage is "do not send the personal information to a hazardous recipient". Every network packet transferred from a user's PC to a server via the Internet is inspected to check if the packet contains the user's personal information. When a packet containing personal information is detected, a decision about safety of the transfer is made. After decision is made, the packet sent to an unsafe destination is dismissed. The decision is made based on the predefined user control policy. The user policy specifies the safeness of a transfer in considering the information such as type of transferred personal information, the application that sends the packet and the trustworthiness of the recipient. The destination's trustworthiness is managed and provided by a trusted third party. In this paper, we present the explanation of information leakage problem and the description of related work. The presentation of our model for controlling personal information transfer and a description of the system architecture for implementing our model is included. And some security analysis of our method that shows the effectiveness of the proposed method is also presented
[1] Roh Jong-Hyuk,et al. Privacy Authorization for Internet Identity Management System , 2005 .
[2] Lorrie Faith Cranor,et al. The platform for privacy preferences , 1999, CACM.
[3] Marc Langheinrich,et al. The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .
[4] Michael Waidner,et al. Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.