Original Publication Date: 2005-Mar-08
Included in the Prior Art Database: 2005-Mar-08
A method for running an automatic privacy audit to ensure that a Web based application does not expose private attributes to unauthorized users.
Disclosed is a mechanism to perform a privacy audit on a Web based application that holds information about people and has multiple user roles. Not all user roles are authorized to view all the attributes for privacy reasons. This tool audits that property to make sure the application keeps it.
Use the following algorithm:
1. Create (manually) at least one dummy entry in each database table. For example, if an HR application you might create the following user:
2. For every role, get the username and password for a user in that role and a list of attributes that should not be available to that role.
This stage is also manual. For example, for the role manager, the user/password pair might be joe_ceo/big_boss. The use joe_ceo is not allowed to access the SSN (999-99-9999) in the dummy user example.
3. For every role, run the program to audit privacy automatically. The program performs the following steps:
3.1. Logs in as the user in that role.
3.2. Keep a list of pages visited, start it as empty.
3.3. Keep a list of pages to visit, start it with the front page of the application.
3.4. Retrieve the first page in the list of pages to visit. That's the current page.
3.5. If the current page contains any of the forbidden attributes, then the audit failed. The user is able to access an attribute [s]he shouldn't be able to. Optionally, this algorithm...