Hails: Protecting Data Privacy in Untrusted Web Applications
Paper i proceeding, 2012

Modern extensible web platforms like Facebook and Yammer depend on third-party software to offer a rich experience to their users. Unfortunately, users running a third-party “app” have little control over what it does with their private data. Today’s platforms offer only ad-hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled approach to code confinement could allow the integration of untrusted code while enforcing flexible, end-to-end policies on data access. This paper presents a new web framework, Hails, that adds mandatory access control and a declarative policy language to the familiar MVC architecture. We demonstrate the flexibility of Hails through GitStar.com, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.

Författare

Daniel B. Giffin

Amit Levy

Deian Stefan

David Terei

David Mazières

John Mitchell

Alejandro Russo

Chalmers, Data- och informationsteknik, Programvaruteknik

Symposium on Operating Systems Design and Implementation

Styrkeområden

Informations- och kommunikationsteknik

Ämneskategorier

Språkteknologi (språkvetenskaplig databehandling)

Data- och informationsvetenskap

Systemvetenskap