Hails: Protecting data privacy in untrusted web applications
Journal article, 2017

Many modern web-platforms are no longer written by a single entity, such as a company or individual, but consist of a trusted core that can be extended by untrusted third-party authors. Examples of this approach include Facebook, Yammer, and Salesforce. Unfortunately, users running third-party "apps" have little control over what the apps can do with their private data. Today's platforms offer only ad hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled approach to code confinement could allow the integration of untrusted code while enforcing flexible, end-to-end policies on data access. This paper presents a new framework, Hails, for building web platforms, that adds mandatory access control and a declarative policy language to the familiar MVC architecture. We demonstrate the flexibility of Hails by building several platforms, including GitStar, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.





Daniel Giffin

Stanford University

Amit Levy

Stanford University

Deian Stefan

University of California

David Terei

Stanford University

David Mazieres

Stanford University

John Mitchell

Stanford University

Alejandro Russo

Information Security

Journal of Computer Security

0926-227X (ISSN)

Vol. 25 427-461

Subject Categories

Computer and Information Science