HAILS: Protecting data privacy in untrusted web applications

Daniel B. Giffin, Amit Levy, Deian Stefan, David Terei, David Mazières, John C. Mitchell, Alejandro Russo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Modern extensible web platforms like Facebook and Yammer depend on third-party software to offer a rich experience to their users. Unfortunately, users running a third-party “app” have little control over what it does with their private data. Today's platforms offer only ad-hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled approach to code confinement could allow the integration of untrusted code while enforcing flexible, end-to-end policies on data access. This paper presents a new web framework, Hails, that adds mandatory access control and a declarative policy language to the familiar MVC architecture. We demonstrate the flexibility of Hails through GitStar.com, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.

Original languageEnglish (US)
Title of host publicationProceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012
PublisherUSENIX Association
Pages47-60
Number of pages14
ISBN (Electronic)9781931971966
StatePublished - Jan 1 2012
Event10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012 - Hollywood, United States
Duration: Oct 8 2012Oct 10 2012

Publication series

NameProceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012

Conference

Conference10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012
Country/TerritoryUnited States
CityHollywood
Period10/8/1210/10/12

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems

Fingerprint

Dive into the research topics of 'HAILS: Protecting data privacy in untrusted web applications'. Together they form a unique fingerprint.

Cite this