The VACCINE Framework for Building DLP Systems

by   Yan Shvartzshnaider, et al.

Conventional Data Leakage Prevention (DLP) systems suffer from the following major drawback: Privacy policies that define what constitutes data leakage cannot be seamlessly defined and enforced across heterogeneous forms of communication. Administrators have the dual burden of: (1) manually self-interpreting policies from handbooks to specify rules (which is error-prone); (2) extracting relevant information flows from heterogeneous communication protocols and enforcing policies to determine which flows should be admissible. To address these issues, we present the Verifiable and ACtionable Contextual Integrity Norms Engine (VACCINE), a framework for building adaptable and modular DLP systems. VACCINE relies on (1) the theory of contextual integrity to provide an abstraction layer suitable for specifying reusable protocol-agnostic leakage prevention rules and (2) programming language techniques to check these rules against correctness properties and to enforce them faithfully within a DLP system implementation. We applied VACCINE to the Family Educational Rights and Privacy Act and Enron Corporation privacy regulations. We show that by using contextual integrity in conjunction with verification techniques, we can effectively create reusable privacy rules with specific correctness guarantees, and check the integrity of information flows against these rules. Our experiments in emulated enterprise settings indicate that VACCINE improves over current DLP system design approaches and can be deployed in enterprises involving tens of thousands of actors.



There are no comments yet.


page 1

page 2

page 3

page 4


Analyzing Privacy Policies Using Contextual Integrity Annotations

In this paper, we demonstrate the effectiveness of using the theory of c...

Evaluating the Contextual Integrity of Privacy Regulation: Parents' IoT Toy Privacy Norms Versus COPPA

Increased concern about data privacy has prompted new and updated data p...

Privacy with Surgical Robotics: Challenges in Applying Contextual Privacy Theory

The use of connected surgical robotics to automate medical procedures pr...

Zero knowledge proofs for cloud storage integrity checking

With the wide application of cloud storage, cloud security has become a ...

Discovering Smart Home Internet of Things Privacy Norms Using Contextual Integrity

The proliferation of Internet of Things (IoT) devices for consumer "smar...

Beyond The Text: Analysis of Privacy Statements through Syntactic and Semantic Role Labeling

This paper formulates a new task of extracting privacy parameters from a...

Hardening X.509 Certificate Issuance using Distributed Ledger Technology

The security of cryptographic communication protocols that use X.509 cer...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.