CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Hails: Protecting Data Privacy in Untrusted Web Applications

Daniel B. Giffin ; Amit Levy ; Deian Stefan ; David Terei ; David Mazières ; John Mitchell ; Alejandro Russo (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers))
Symposium on Operating Systems Design and Implementation (2012)
[Konferensbidrag, refereegranskat]

Modern extensible web platforms like Facebook and Yammer depend on third-party software to offer a rich experience to their users. Unfortunately, users running a third-party “app” have little control over what it does with their private data. Today’s platforms offer only ad-hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled approach to code confinement could allow the integration of untrusted code while enforcing flexible, end-to-end policies on data access. This paper presents a new web framework, Hails, that adds mandatory access control and a declarative policy language to the familiar MVC architecture. We demonstrate the flexibility of Hails through GitStar.com, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.



Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2012-09-24. Senast ändrad 2013-10-10.
CPL Pubid: 163797