HAILS: Protecting data privacy in untrusted web applications

Daniel B. Giffin; Amit Levy; Deian Stefan; David Terei; David Mazières; John C. Mitchell; Alejandro Russo

HAILS: Protecting data privacy in untrusted web applications

Daniel B. Giffin, Amit Levy, Deian Stefan, David Terei, David Mazières, John C. Mitchell, Alejandro Russo

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

94 Scopus citations

Abstract

Modern extensible web platforms like Facebook and Yammer depend on third-party software to offer a rich experience to their users. Unfortunately, users running a third-party “app” have little control over what it does with their private data. Today's platforms offer only ad-hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled approach to code confinement could allow the integration of untrusted code while enforcing flexible, end-to-end policies on data access. This paper presents a new web framework, Hails, that adds mandatory access control and a declarative policy language to the familiar MVC architecture. We demonstrate the flexibility of Hails through GitStar.com, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.

Original language	English (US)
Title of host publication	Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012
Publisher	USENIX Association
Pages	47-60
Number of pages	14
ISBN (Electronic)	9781931971966
State	Published - 2012
Event	10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012 - Hollywood, United States Duration: Oct 8 2012 → Oct 10 2012

Publication series

Name	Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012

Conference

Conference	10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012
Country/Territory	United States
City	Hollywood
Period	10/8/12 → 10/10/12

All Science Journal Classification (ASJC) codes

Information Systems
Computer Networks and Communications
Hardware and Architecture

Cite this

Giffin, D. B., Levy, A., Stefan, D., Terei, D., Mazières, D., Mitchell, J. C., & Russo, A. (2012). HAILS: Protecting data privacy in untrusted web applications. In Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012 (pp. 47-60). (Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012). USENIX Association.

@inproceedings{44118300629d4cb2999d08782a084df2,

title = "HAILS: Protecting data privacy in untrusted web applications",

abstract = "Modern extensible web platforms like Facebook and Yammer depend on third-party software to offer a rich experience to their users. Unfortunately, users running a third-party “app” have little control over what it does with their private data. Today's platforms offer only ad-hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled approach to code confinement could allow the integration of untrusted code while enforcing flexible, end-to-end policies on data access. This paper presents a new web framework, Hails, that adds mandatory access control and a declarative policy language to the familiar MVC architecture. We demonstrate the flexibility of Hails through GitStar.com, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.",

author = "Giffin, {Daniel B.} and Amit Levy and Deian Stefan and David Terei and David Mazi{\`e}res and Mitchell, {John C.} and Alejandro Russo",

note = "Funding Information: We thank Amy Shen, Eric Stratmann, Ashwin Siripurapu, and Enzo Haussecker for sharing their Hails development experience with us. We thank Diego Ongaro, Mike Piatek, Justine Sherry, Joe Zimmerman, our shepard Jon Howell and the anonymous reviewers for their helpful comments on earlier drafts of this paper. This work was funded by DARPA CRASH under contract #N66001-10-2-4088, by multiple gifts from Google, and by the Swedish research agency VR and STINT. Deian Stefan is supported by the DoD through the NDSEG Fellowship Program.; 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012 ; Conference date: 08-10-2012 Through 10-10-2012",

year = "2012",

language = "English (US)",

series = "Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012",

publisher = "USENIX Association",

pages = "47--60",

booktitle = "Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012",

}

Giffin, DB, Levy, A, Stefan, D, Terei, D, Mazières, D, Mitchell, JC & Russo, A 2012, HAILS: Protecting data privacy in untrusted web applications. in Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012. Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012, USENIX Association, pp. 47-60, 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012, Hollywood, United States, 10/8/12.

HAILS: Protecting data privacy in untrusted web applications. / Giffin, Daniel B.; Levy, Amit; Stefan, Deian et al.
Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012. USENIX Association, 2012. p. 47-60 (Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - HAILS

T2 - 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012

AU - Giffin, Daniel B.

AU - Levy, Amit

AU - Stefan, Deian

AU - Terei, David

AU - Mazières, David

AU - Mitchell, John C.

AU - Russo, Alejandro

N1 - Funding Information: We thank Amy Shen, Eric Stratmann, Ashwin Siripurapu, and Enzo Haussecker for sharing their Hails development experience with us. We thank Diego Ongaro, Mike Piatek, Justine Sherry, Joe Zimmerman, our shepard Jon Howell and the anonymous reviewers for their helpful comments on earlier drafts of this paper. This work was funded by DARPA CRASH under contract #N66001-10-2-4088, by multiple gifts from Google, and by the Swedish research agency VR and STINT. Deian Stefan is supported by the DoD through the NDSEG Fellowship Program.

PY - 2012

Y1 - 2012

N2 - Modern extensible web platforms like Facebook and Yammer depend on third-party software to offer a rich experience to their users. Unfortunately, users running a third-party “app” have little control over what it does with their private data. Today's platforms offer only ad-hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled approach to code confinement could allow the integration of untrusted code while enforcing flexible, end-to-end policies on data access. This paper presents a new web framework, Hails, that adds mandatory access control and a declarative policy language to the familiar MVC architecture. We demonstrate the flexibility of Hails through GitStar.com, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.

AB - Modern extensible web platforms like Facebook and Yammer depend on third-party software to offer a rich experience to their users. Unfortunately, users running a third-party “app” have little control over what it does with their private data. Today's platforms offer only ad-hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled approach to code confinement could allow the integration of untrusted code while enforcing flexible, end-to-end policies on data access. This paper presents a new web framework, Hails, that adds mandatory access control and a declarative policy language to the familiar MVC architecture. We demonstrate the flexibility of Hails through GitStar.com, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.

UR - http://www.scopus.com/inward/record.url?scp=85041431588&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85041431588&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85041431588

T3 - Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012

SP - 47

EP - 60

BT - Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012

PB - USENIX Association

Y2 - 8 October 2012 through 10 October 2012

ER -

Giffin DB, Levy A, Stefan D, Terei D, Mazières D, Mitchell JC et al. HAILS: Protecting data privacy in untrusted web applications. In Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012. USENIX Association. 2012. p. 47-60. (Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012).

HAILS: Protecting data privacy in untrusted web applications

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Other files and links

Fingerprint

Cite this