Computer scientists at the Cheriton School of Computer Science have developed a new system that helps Internet users ensure their online data is secure. Called Mitigator, the software-based system includes a plugin that users can install in their browser, which will give them a secure signal when they visit a website verified to process its data in compliance with the site’s privacy policy.
“Privacy policies are really hard to read and understand, and now with COVID-19 so many people are doing so much more online that privacy policies are more important than ever,” said Miti Mazmudar, a PhD candidate in the Cryptography, Security, and Privacy (CrySP) research group.
Although research has been conducted into alternative representations of privacy policies, the systems that have been developed do not determine whether website providers adhere to the data handling practices outlined in their privacy policies.
“What we try to do is have a compliance system that takes a simplified model of the privacy policy and checks the code on the website’s end to see if it does what the privacy policy claims to do,” Miti Mazmudar continued. “If a website requires you to enter your email address, Mitigator will notify you if the privacy policy stated that this wouldn’t be needed or if the privacy policy did not mention the requirement at all.”
Mitigator can work on any computer, but the companies that own the website servers must have machines with a trusted execution environment — a secure area of modern server-class processors that guarantees the protection of code and data loaded in it with respect to confidentiality and integrity. The Mitigator implementation is prototyped using the Intel Software Guard Extensions (SGX) trusted hardware platform.
Mitigator’s main contribution is in designing an architecture that uses an underlying trusted hardware platform to run a program — called the decryptor — that hands users’ data only to a target program that has been determined to be compliant with a privacy policy model. As both of these programs are run on a trusted hardware platform, users can verify that the decryptor is indeed the correct, unmodified program.
“The big difference between Mitigator and prior systems that had similar goals is that Mitigator’s primary focus is on the signal it gives to the user,” said Ian Goldberg, a Professor at the Cheriton School of Computer Science and the Canada Research Chair in Privacy Enhancing Technologies.
“The important thing is not just that the company knows their software is running correctly; we want the user to get this assurance that the company’s software is running correctly and is processing their data properly and not just leaving it lying around on disk to be stolen. Users of Mitigator will know whether their data is being properly protected, managed, and processed while the companies will benefit in that their customers are happier and more confident that nothing untoward is being done with their data.”
Block
diagram
of
the
Mitigator
system.
Mitigator
has
three
stages.
The
first
stage
runs
as
a
website’s
source
code
is
being
developed.
During
this
stage
the
verifier
enclave
checks
the
source
code
and
privacy
policy
for
compliance.
If
the
code
complies
with
the
privacy
policy,
it
outputs
a
signed
target
enclave.
If
the
code
does
not
comply
with
the
privacy
policy,
developers
are
expected
to
modify
their
source
code
and
privacy
policy
and
rerun
the
system
until
it
passes
as
compliant.
The
second
stage
occurs
once
the
target
enclave
is
ready
to
be
deployed.
Here,
the
decryptor
enclave
conducts
local
attestation
with
both
enclaves.
The
third
stage
refers
to
runtime
interactions
between
the
website
user,
target,
and
decryptor
enclaves.
In
this
stage,
the
website
user
passes
encrypted
form
field
data
to
the
target
enclave,
which
in
turn
securely
hands
it
over
to
the
decryptor
enclave.
A paper detailing this study, titled “Mitigator: Privacy policy compliance using trusted hardware,” was written by Miti Mazmudar and Ian Goldberg. Their paper was accepted for presentation at PETS 2020, the 20th Privacy Enhancing Technologies Symposium, which will be held virtually from July 14 to 18, 2020. The paper will be published in the open-access journal Proceedings on Privacy Enhancing Technologies (PoPETs).