Applying Semantic Analysis for the Alignment of Natural Language Privacy Policies with Application Code

Date

2017

Authors

Slavin, Rocky

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Privacy is increasingly becoming a major concern as the convenience of technology grows. In an effort to disclose privacy-related practices and follow federal guidelines for software applications, many publishers provide natural language privacy policies disclosing what private information may be used, collected, or shared by the application. However, these policies are a completely separate body from the code and are written in natural language, thus being susceptible to, sometimes unintentional, misalignments. Such misalignments not only affect end-user privacy, but can result in costly fines and audits for developers.

To mitigate this problem and improve developer and end-user confidence, I introduce a scalable framework for aligning natural language privacy policies with application code. The approach utilizes a phrase to API mapping which effectively bridges the semantic gap between code and policy. In turn, the mapping provides the basis to facilitate static and dynamic code analysis for the detection of privacy misalignments. Included in the approach are natural language processing techniques to determine relevant policy phrases and identify intent with regard to collection (i.e. contextual polarity). Practical efficacy is demonstrated through an instantiation of this framework upon the Android OS environment and the successful detection of misalignments among top applications. Furthermore, I introduce the POLIDROID tool suite which includes practical alignment tools for source and byte code. These tools provide developers, end users, and auditors with the means to apply this framework to real-world situations. Finally, I present an empirical evaluation of the framework and the tools based on the framework which exhibits positive results with regard to precision, performance, and usability.

Description

This item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.

Keywords

privacy, semantic analysis

Citation

Department

Computer Science