@inproceedings{44118300629d4cb2999d08782a084df2,
title = "HAILS: Protecting data privacy in untrusted web applications",
abstract = "Modern extensible web platforms like Facebook and Yammer depend on third-party software to offer a rich experience to their users. Unfortunately, users running a third-party “app” have little control over what it does with their private data. Today's platforms offer only ad-hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled approach to code confinement could allow the integration of untrusted code while enforcing flexible, end-to-end policies on data access. This paper presents a new web framework, Hails, that adds mandatory access control and a declarative policy language to the familiar MVC architecture. We demonstrate the flexibility of Hails through GitStar.com, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.",
author = "Giffin, {Daniel B.} and Amit Levy and Deian Stefan and David Terei and David Mazi{\`e}res and Mitchell, {John C.} and Alejandro Russo",
note = "Funding Information: We thank Amy Shen, Eric Stratmann, Ashwin Siripurapu, and Enzo Haussecker for sharing their Hails development experience with us. We thank Diego Ongaro, Mike Piatek, Justine Sherry, Joe Zimmerman, our shepard Jon Howell and the anonymous reviewers for their helpful comments on earlier drafts of this paper. This work was funded by DARPA CRASH under contract #N66001-10-2-4088, by multiple gifts from Google, and by the Swedish research agency VR and STINT. Deian Stefan is supported by the DoD through the NDSEG Fellowship Program.; 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012 ; Conference date: 08-10-2012 Through 10-10-2012",
year = "2012",
language = "English (US)",
series = "Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012",
publisher = "USENIX Association",
pages = "47--60",
booktitle = "Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012",
}