Hails: Protecting data privacy in untrusted web applications

Daniel Giffin, Amit Levy, Deian Stefan, David Terei, David Mazières, John Mitchell, Alejandro Russo

Research output: Contribution to journalArticlepeer-review

6 Scopus citations


Many modern web-platforms are no longer written by a single entity, such as a company or individual, but consist of a trusted core that can be extended by untrusted third-party authors. Examples of this approach include Facebook, Yammer, and Salesforce. Unfortunately, users running third-party "apps" have little control over what the apps can do with their private data. Today's platforms offer only ad hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled approach to code confinement could allow the integration of untrusted code while enforcing flexible, end-to-end policies on data access. This paper presents a new framework, Hails, for building web platforms, that adds mandatory access control and a declarative policy language to the familiar MVC architecture. We demonstrate the flexibility of Hails by building several platforms, including GitStar, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.

Original languageEnglish (US)
Pages (from-to)427-461
Number of pages35
JournalJournal of Computer Security
Issue number4-5
StatePublished - 2017
Externally publishedYes

All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture
  • Computer Networks and Communications


  • COWL
  • Haskell
  • LIO
  • MAC
  • MPVC
  • confinement
  • eb security
  • functional programming
  • information flow control


Dive into the research topics of 'Hails: Protecting data privacy in untrusted web applications'. Together they form a unique fingerprint.

Cite this