Abstract

There is an increasing prevalence of Web software that collects end-user information and transmits it to a remote server destination. This information collecting software paradigm spans many scenarios – from fully legitimate software updates, to identifying user surfing habits (i.e. adware), to collecting personal user-information (i.e. spyware). The design science research within this paper describes an information security management framework that extends existing code-signing conventions via an extended X.509.3 digital certificate specifying: (1) whether the signed software transmits any information from the end-user machine to any remote destination, and if so (2) a concise summary of the type of this information and the remote destination address(es). This extended code-signing is then supported by the end-user’s operating system authentication of each outgoing Web transmission from each specific host-based software application. The framework facilitates improved end-user management and regulatory governance of all Web communication streams emanating from the user host computer.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.