{"id":"https://openalex.org/W4388857706","doi":"https://doi.org/10.1145/3576915.3616604","title":"General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications","display_name":"General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications","publication_year":2023,"publication_date":"2023-11-15","ids":{"openalex":"https://openalex.org/W4388857706","doi":"https://doi.org/10.1145/3576915.3616604"},"language":"en","primary_location":{"id":"doi:10.1145/3576915.3616604","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3576915.3616604","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3576915.3616604","source":null,"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3576915.3616604","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016611640","display_name":"David Klein","orcid":"https://orcid.org/0000-0001-8468-8516"},"institutions":[{"id":"https://openalex.org/I94509681","display_name":"Technische Universit\u00e4t Braunschweig","ror":"https://ror.org/010nsgg66","country_code":"DE","type":"education","lineage":["https://openalex.org/I94509681"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"David Klein","raw_affiliation_strings":["Technische Universit\u00e4t Braunschweig, Braunschweig, Germany"],"raw_orcid":"https://orcid.org/0000-0001-8468-8516","affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Braunschweig, Braunschweig, Germany","institution_ids":["https://openalex.org/I94509681"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5093307678","display_name":"Benny Rolle","orcid":"https://orcid.org/0009-0002-8961-6962"},"institutions":[{"id":"https://openalex.org/I4210132444","display_name":"Systems, Applications & Products in Data Processing (Germany)","ror":"https://ror.org/03dsc8d33","country_code":"DE","type":"company","lineage":["https://openalex.org/I4210132444"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Benny Rolle","raw_affiliation_strings":["SAP SE, Walldorf, Germany"],"raw_orcid":"https://orcid.org/0009-0002-8961-6962","affiliations":[{"raw_affiliation_string":"SAP SE, Walldorf, Germany","institution_ids":["https://openalex.org/I4210132444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5036574988","display_name":"Thomas Barber","orcid":"https://orcid.org/0000-0002-1538-5033"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Thomas Barber","raw_affiliation_strings":["SAP Security Research, Karlsruhe, Germany"],"raw_orcid":"https://orcid.org/0000-0002-1538-5033","affiliations":[{"raw_affiliation_string":"SAP Security Research, Karlsruhe, Germany","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055042613","display_name":"Manuel Karl","orcid":null},"institutions":[{"id":"https://openalex.org/I94509681","display_name":"Technische Universit\u00e4t Braunschweig","ror":"https://ror.org/010nsgg66","country_code":"DE","type":"education","lineage":["https://openalex.org/I94509681"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Manuel Karl","raw_affiliation_strings":["Technische Universit\u00e4t Braunschweig, Braunschweig, Germany"],"raw_orcid":"https://orcid.org/0000-0002-7948-0742","affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Braunschweig, Braunschweig, Germany","institution_ids":["https://openalex.org/I94509681"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5002067855","display_name":"Martin Johns","orcid":"https://orcid.org/0000-0003-2574-5060"},"institutions":[{"id":"https://openalex.org/I94509681","display_name":"Technische Universit\u00e4t Braunschweig","ror":"https://ror.org/010nsgg66","country_code":"DE","type":"education","lineage":["https://openalex.org/I94509681"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Martin Johns","raw_affiliation_strings":["Technische Universit\u00e4t Braunschweig, Braunschweig, Germany"],"raw_orcid":"https://orcid.org/0000-0003-2574-5060","affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Braunschweig, Braunschweig, Germany","institution_ids":["https://openalex.org/I94509681"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5016611640"],"corresponding_institution_ids":["https://openalex.org/I94509681"],"apc_list":null,"apc_paid":null,"fwci":0.8439,"has_fulltext":true,"cited_by_count":5,"citation_normalized_percentile":{"value":0.79246998,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"3343","last_page":"3357"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7943648099899292},{"id":"https://openalex.org/keywords/general-data-protection-regulation","display_name":"General Data Protection Regulation","score":0.6494275331497192},{"id":"https://openalex.org/keywords/enforcement","display_name":"Enforcement","score":0.5835732817649841},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5671520233154297},{"id":"https://openalex.org/keywords/data-protection-act-1998","display_name":"Data Protection Act 1998","score":0.5626384019851685},{"id":"https://openalex.org/keywords/metadata","display_name":"Metadata","score":0.5300778150558472},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4150095283985138},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.35385414958000183},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.23400962352752686},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1297394335269928}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7943648099899292},{"id":"https://openalex.org/C3090818","wikidata":"https://www.wikidata.org/wiki/Q1172506","display_name":"General Data Protection Regulation","level":3,"score":0.6494275331497192},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.5835732817649841},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5671520233154297},{"id":"https://openalex.org/C69360830","wikidata":"https://www.wikidata.org/wiki/Q1172237","display_name":"Data Protection Act 1998","level":2,"score":0.5626384019851685},{"id":"https://openalex.org/C93518851","wikidata":"https://www.wikidata.org/wiki/Q180160","display_name":"Metadata","level":2,"score":0.5300778150558472},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4150095283985138},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.35385414958000183},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.23400962352752686},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1297394335269928},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3576915.3616604","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3576915.3616604","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3576915.3616604","source":null,"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3576915.3616604","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3576915.3616604","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3576915.3616604","source":null,"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.4399999976158142,"id":"https://metadata.un.org/sdg/8","display_name":"Decent work and economic growth"}],"awards":[{"id":"https://openalex.org/G1131228077","display_name":null,"funder_award_id":"16KIS1168","funder_id":"https://openalex.org/F4320321114","funder_display_name":"Bundesministerium f\u00fcr Bildung und Forschung"},{"id":"https://openalex.org/G1297741380","display_name":null,"funder_award_id":"EXC 2092 CASA - 390781972","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G18682879","display_name":null,"funder_award_id":"390781972","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G4329949864","display_name":null,"funder_award_id":"IVAN (16KIS1168)","funder_id":"https://openalex.org/F4320321114","funder_display_name":"Bundesministerium f\u00fcr Bildung und Forschung"},{"id":"https://openalex.org/G6014534120","display_name":null,"funder_award_id":"101019206","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G7842005466","display_name":null,"funder_award_id":"Horizon 2020","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G8043875917","display_name":null,"funder_award_id":"TESTABLE (101019206)","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"},{"id":"https://openalex.org/F4320321114","display_name":"Bundesministerium f\u00fcr Bildung und Forschung","ror":"https://ror.org/04pz7b180"},{"id":"https://openalex.org/F4320322958","display_name":"Technische Universit\u00e4t Braunschweig","ror":"https://ror.org/010nsgg66"},{"id":"https://openalex.org/F4320332999","display_name":"Horizon 2020 Framework Programme","ror":"https://ror.org/00k4n6c32"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4388857706.pdf","grobid_xml":"https://content.openalex.org/works/W4388857706.grobid-xml"},"referenced_works_count":25,"referenced_works":["https://openalex.org/W1991074244","https://openalex.org/W2013400780","https://openalex.org/W2129592257","https://openalex.org/W2138788987","https://openalex.org/W2147478478","https://openalex.org/W2350778671","https://openalex.org/W2746632572","https://openalex.org/W2790761820","https://openalex.org/W2907724967","https://openalex.org/W2914733125","https://openalex.org/W2958793707","https://openalex.org/W2970983524","https://openalex.org/W2978817023","https://openalex.org/W2999830435","https://openalex.org/W3015767612","https://openalex.org/W3089408421","https://openalex.org/W3105350924","https://openalex.org/W3125140672","https://openalex.org/W3159924905","https://openalex.org/W4220680677","https://openalex.org/W4220698453","https://openalex.org/W4226187622","https://openalex.org/W4238033972","https://openalex.org/W4288086187","https://openalex.org/W4293783461"],"related_works":["https://openalex.org/W2917102635","https://openalex.org/W3023256691","https://openalex.org/W2789497412","https://openalex.org/W2883729192","https://openalex.org/W2910484607","https://openalex.org/W2794700933","https://openalex.org/W2901967497","https://openalex.org/W3171079982","https://openalex.org/W3048759155","https://openalex.org/W3000605968"],"abstract_inverted_index":{"Recent":[0],"advances":[1],"in":[2,86,165,169],"data":[3,56,83,164,175,188],"protection":[4,57,176,189],"regulations":[5,96],"brings":[6],"privacy":[7,22],"benefits":[8],"for":[9,18,135],"website":[10],"users,":[11],"but":[12],"also":[13],"comes":[14],"at":[15],"a":[16,74,98,129,150],"cost":[17],"operators.":[19],"Retrofitting":[20],"the":[21,28,60,87,181,203],"requirements":[23,58,105,123],"of":[24,62,67,70,89,113,183],"laws":[25],"such":[26],"as":[27,97],"General":[29],"Data":[30],"Protection":[31],"Regulation":[32],"(GDPR)":[33],"onto":[34],"legacy":[35],"software":[36,104],"requires":[37],"significant":[38],"auditing":[39],"and":[40,132],"development":[41],"effort.":[42],"In":[43],"this":[44,49,143],"work":[45],"we":[46,72,101,147,179],"demonstrate":[47,180],"that":[48],"effort":[50],"can":[51,79,124,160],"be":[52,125],"minimized":[53],"by":[54,127,186],"viewing":[55],"through":[59],"lens":[61],"information":[63,137,155],"flow":[64,138,156],"tracking.":[65],"Instead":[66],"manual":[68],"inspections":[69],"applications,":[71,197],"propose":[73],"lightweight":[75],"enforcement":[76,133],"engine":[77],"which":[78,159],"reliably":[80],"prevent":[81],"unlawful":[82],"processing":[84],"even":[85],"presence":[88],"bugs":[90],"or":[91],"misconfigured":[92],"software.":[93],"Taking":[94],"GDPR":[95],"starting":[99],"point,":[100],"define":[102],"twelve":[103],"which,":[106],"if":[107],"implemented":[108],"properly,":[109],"ensure":[110],"adequate":[111],"handling":[112],"personal":[114,163],"data.":[115],"We":[116],"go":[117],"on":[118],"to":[119,171,202],"show":[120],"how":[121],"these":[122],"fulfilled":[126],"proposing":[128],"metadata":[130],"structure":[131],"policies":[134],"dynamic":[136],"tracking":[139,157],"frameworks.":[140],"To":[141],"put":[142],"idea":[144],"into":[145],"practice,":[146],"present":[148],"Fontus,":[149],"Java":[151,167],"Virtual":[152],"Machine":[153],"(JVM)":[154],"framework,":[158],"transparently":[161],"label":[162],"existing":[166],"applications":[168,204],"order":[170],"aid":[172],"compliance":[173],"with":[174,198],"regulations.":[177],"Finally,":[178],"applicability":[182],"our":[184],"approach":[185],"enforcing":[187],"polices":[190],"across":[191],"7":[192],"large,":[193],"open":[194],"source":[195],"web":[196],"no":[199],"changes":[200],"required":[201],"themselves.":[205]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2}],"updated_date":"2026-05-05T08:41:31.759640","created_date":"2025-10-10T00:00:00"}