Customized program protection for a user customized data protection framework

Some of Internet services require users to provide their sensitive information such as their name, address, credit card number, and an ID-password pair. In these services, the manner in which the provided information is used is solely determined by the service providers. As a result, even when the manner in which information is used by a service provider appears vulnerable, users have no choice but to allow such usage. Therefore, we have proposed a user customized data protection framework that enables users to select the manner in which their sensitive information is protected. In our framework, a user selects a policy that defines the manner in which his/her information is to be protected and its manner defined by the policy is incorporated into a program. By allowing a service provider to the information provided by a user through the program, the user can protect his/her sensitive information in a manner selected by him/her. This framework works well when existing a manner (protection policy) which is tolerant to the alteration of the program, otherwise, a program alteration might be a concern. Therefore, in this paper, we attempts to protect a customized program by using program obfuscation and sanitizable signature techniques.