Towards automated privacy compliance checking of applications in Cloud and Fog environments

Internet application users are increasingly concerned about the way applications handle their personal data. However, manually checking whether applications actually respect the claims made in their privacy policy is both error-prone and time-consuming. This paper claims that the privacy compliance of applications hosted in cloud or fog computing platforms can and should be automatically carried by the platform itself. We discuss the feasibility of unintrusive and application-agnostic monitoring in the platform layer to check the privacy compliance of applications. First, the platform may monitor an application's privacy-oriented behavior through signals such as its network traffic characteristics. Second, these signals can be analyzed and compared with the principles found in the application's privacy policy. We present a procedure based on machinelearning techniques to identify the type of data being shared by applications with external third-parties even if the application uses encrypted communications. Our classifiers identify traffic samples of applications with 86% accuracy.