@inproceedings{1d3c3552bd9e4c3088dcb8a1f6308017,
title = "HAILS: Protecting data privacy in untrusted web applications",
abstract = "Modern extensible web platforms like Facebook and Yammer depend on third-party software to offer a rich experience to their users. Unfortunately, users running a third-party “app” have little control over what it does with their private data. Today's platforms offer only ad-hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled approach to code confinement could allow the integration of untrusted code while enforcing flexible, end-to-end policies on data access. This paper presents a new web framework, Hails, that adds mandatory access control and a declarative policy language to the familiar MVC architecture. We demonstrate the flexibility of Hails through GitStar.com, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.",
author = "Giffin, {Daniel B.} and Amit Levy and Deian Stefan and David Terei and David Mazi{\`e}res and Mitchell, {John C.} and Alejandro Russo",
year = "2012",
month = jan,
day = "1",
language = "English (US)",
series = "Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012",
publisher = "USENIX Association",
pages = "47--60",
booktitle = "Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012",
note = "10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012 ; Conference date: 08-10-2012 Through 10-10-2012",
}