Privacy regulation compliance is becoming a burden for most companies due to the high cost and inefficiency of human auditing. We propose a regulation enforcement framework, PrivGuard, to reduce the cost and improve productivity by partly replacing human-auditing with a static analyzer. One open challenge is that the static analysis itself cannot defend against malicious insiders. We plan to integrate dynamic analysis to patch this vulnerability and deploy PrivGuard through collaboration with industry partners.
Findings, Papers, and Presentations
- PRIVGUARD: Privacy Regulation Compliance Made Easier (2022)
- Presented at the 31th Usenix Security Symposium