Abstract

The solution for protecting data privacy proposed in this paper-called Active Bundles-protects sensitive data from their disclosure to unauthorized parties and from unauthorized dissemination (even if started by an authorized party). The Active Bundles solution protects private or sensitive data throughout their entire lifecycle, from creation through dissemination to partial or total destruction (such as evaporation or apoptosis defined in the paper). In addition, it protects identity of entities exchanging private data. The core of the solution are active bundles themselves, which are containers with a payload of sensitive data, metadata, and a virtual machine specific to the active bundle. Metadata control access to private data and dissemination of active bundles. The main virtual machine roles are: validating integrity of its active bundle; and enforcing access control policies and dissemination policies for data of the active bundle. The Active Bundles solution also includes the active bundle exchange protocol for transmitting the bundles between hosts. The protocol uses buddies to provide anonymity to senders and receivers. The performance of the Active Bundles solution for data dissemination is evaluated analytically and by a simulation. The results indicate that: (i) the percentage of sensitive data that reaches unauthorized hosts during dissemination can be high, (ii) the apoptosis mechanism protects sensitive data from dissemination to unauthorized hosts, (Hi) the Active Bundles solution provides a level of anonymity to hosts while it does not decrease significantly the throughput of buddies.