Abstract
Many modern web-platforms are no longer written by a single entity, such as a company or individual, but consist of a trusted core that can be extended by untrusted third-party authors. Examples of this approach include Facebook, Yammer, and Salesforce. Unfortunately, users running third-party "apps" have little control over what the apps can do with their private data. Today's platforms offer only ad hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled approach to code confinement could allow the integration of untrusted code while enforcing flexible, end-to-end policies on data access. This paper presents a new framework, Hails, for building web platforms, that adds mandatory access control and a declarative policy language to the familiar MVC architecture. We demonstrate the flexibility of Hails by building several platforms, including GitStar, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.
Original language | English (US) |
---|---|
Pages (from-to) | 427-461 |
Number of pages | 35 |
Journal | Journal of Computer Security |
Volume | 25 |
Issue number | 4-5 |
DOIs | |
State | Published - 2017 |
Externally published | Yes |
All Science Journal Classification (ASJC) codes
- Software
- Safety, Risk, Reliability and Quality
- Hardware and Architecture
- Computer Networks and Communications
Keywords
- COWL
- Haskell
- LIO
- MAC
- MPVC
- confinement
- eb security
- functional programming
- information flow control