There is an increasing prevalence of Web software that collects end-user information and transmits it to a remote server destination. This information collecting software paradigm spans many scenarios – from fully legitimate software updates, to identifying user surfing habits (i.e. adware), to collecting personal user-information (i.e. spyware). The design science research within this paper describes an information security management framework that extends existing code-signing conventions via an extended X.509.3 digital certificate specifying: (1) whether the signed software transmits any information from the end-user machine to any remote destination, and if so (2) a concise summary of the type of this information and the remote destination address(es). This extended code-signing is then supported by the end-user’s operating system authentication of each outgoing Web transmission from each specific host-based software application. The framework facilitates improved end-user management and regulatory governance of all Web communication streams emanating from the user host computer.
Clutterbuck, Peter; Rowlands, Terry; and Stubbs, Murray, "A Security Framework for Managing the Host-based Collection of End- User Information" (2010). ACIS 2010 Proceedings. 48.