Abstract: . . .  must decide if they trust that the al- leged policy is being enforced before submitting personal information, or exit the site. In general, evidence shows that privacy enforcement in web applications suffers from great problems that are not being addressed today. This paper is tasked with provid- ing security officers with a usable tool for enforcing privacy policies. Organization: The next section describes related work. In Section 3 we describe the architecture for our solution, and we lay the model that describes what are the privacy policies that the solution enforces, and how are these defined by the security officer. In Subsection 3.4 we analyze experiences with a . . .
. . .  metaphors? Why Specifying Security Is So Hard, 2004. DIMACS Workshop on Usable Privacy and Secur. Software. [15] OWASP Organization. The ten most critical web -application security vulnerabities. OWASP technical report. URL: http://www.owasp.org , 2003. [16] A. Rezgui, M. Ouzzani, A. Bouguettaya, and B. Medjahed. Preserving privacy in web services. In The 4th Int. ACM Workshop on Web Inf. and Data Manag. , Virginia, USA, 2002. [17] R. S. Sandhu. Good-enough security: Toward a pragmatic business-driven discipline. IEEE Internet Computing , 7(1), 2003. [18] J. Scambray and M. Shema. Web Applications (Hacking Ex- posed) . McGraw-Hill Osborne Media, . . .
. . .  Media, 2002. [19] Teros. Web -application security and performance, January 2005. URL: http://www.teros.com . [20] K.-P. Yee. User interaction design for secure systems. In ICICS ’02: Proc. of the 4th Int. Conf. on Inf. and Commun. Secur. , pages 278–290. Springer-Verlag, 2002. [21] T. Zeller Jr. Black market in credit cards thrives on web , 2005. New York Times (late edition). June 21, 2005. Acknowledgments The authors want to express their gratitude to D. Tis- cornia for improving the system and implementing the benchmark model, and J.P. Martinez Kuhn for auditing Page 6 the prototype implementation and analyzing security im-  . . .
. . .  Rezgui, M. Ouzzani, A. Bouguettaya, and B. Medjahed. Preserving privacy in web services. In The 4th Int. ACM Workshop on Web Inf. and Data Manag. , Virginia, USA, 2002. [17] R. S. Sandhu. Good-enough security: Toward a pragmatic business-driven discipline. IEEE Internet Computing , 7(1), 2003. [18] J. Scambray and M. Shema. Web Applications (Hacking Ex- posed) . McGraw-Hill Osborne Media, 2002. [19] Teros. Web -application security and performance, January 2005. URL: http://www.teros.com . [20] K.-P. Yee. User interaction design for secure systems. In ICICS ’02: Proc. of the 4th Int. Conf. on Inf. and Commun. Secur. , pages 278–290. Springer-Verlag, 2002.  . . .
--3000,4,375,3301,29299