skip to main content
research-article

A language for automatically enforcing privacy policies

Authors Info & Claims
Published:25 January 2012Publication History
Skip Abstract Section

Abstract

It is becoming increasingly important for applications to protect sensitive data. With current techniques, the programmer bears the burden of ensuring that the application's behavior adheres to policies about where sensitive values may flow. Unfortunately, privacy policies are difficult to manage because their global nature requires coordinated reasoning and enforcement. To address this problem, we describe a programming model that makes the system responsible for ensuring adherence to privacy policies. The programming model has two components: 1) core programs describing functionality independent of privacy concerns and 2) declarative, decentralized policies controlling how sensitive values are disclosed. Each sensitive value encapsulates multiple views; policies describe which views are allowed based on the output context. The system is responsible for automatically ensuring that outputs are consistent with the policies. We have implemented this programming model in a new functional constraint language named Jeeves. In Jeeves, sensitive values are introduced as symbolic variables and policies correspond to constraints that are resolved at output channels. We have implemented Jeeves as a Scala library using an SMT solver as a model finder. In this paper we describe the dynamic and static semantics of Jeeves and the properties about policy enforcement that the semantics guarantees. We also describe our experience implementing a conference management system and a social network.

Skip Supplemental Material Section

Supplemental Material

popl_2a_1.mp4

References

  1. G. Antoniou. A tutorial on default logics. ACM Computing Surveys (CSUR), 31(4):337--359, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. C. Barrett, A. Stump, and C. Tinelli. The smt-lib standard: Version 2.0. In SMT Workshop, 2010.Google ScholarGoogle Scholar
  3. B. Borsboom, B. v. Amstel, and F. Groeneveld. PleaseRobMe. http://pleaserobme.com, July 2011.Google ScholarGoogle Scholar
  4. J. Chen, R. Chugh, and N. Swamy. Type-preserving compilation of end-to-end verification of security enforcement. SIGPLAN Not., 45 (6):412--423, 2010. ISSN 0362-1340. doi: http://doi.acm.org/10.1145/1809028.1806643. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. A. Chlipala. Static checking of dynamically-varying security policies in database-backed applications. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, OSDI'10, pages 1--, Berkeley, CA, USA, 2010. USENIX Association. URL http://portal.acm.org/citation.cfm?id=1924943.1924951. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. B. Demsky and M. Rinard. Data structure repair using goal-directed reasoning. In ICSE '05: Proceedings of the 27th international conference on Software engineering, pages 176--185, New York, NY, USA, 2005. ACM. ISBN 1-59593-963-2. doi: http://doi.acm.org/10.1145/1062455.1062499. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. D. Devriese and F. Piessens. Noninterference through secure multiexecution. Security and Privacy, IEEE Symposium on, 0:109--124, 2010. ISSN 1081-6011. doi: http://doi.ieeecomputersociety.org/10.1109/SP.2010.15. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. R. W. Floyd. Nondeterministic algorithms. J. ACM, 14:636--644, October 1967. ISSN 0004-5411. doi: http://doi.acm.org/10.1145/321420.321422. URL http://doi.acm.org/10.1145/321420.321422. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. M. Hanus. Improving control of logic programs by using functional logic languages. In Proc. of the 4th International Symposium on Programming Language Implementation and Logic Programming, pages 1--23. Springer LNCS 631, 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. M. Hanus, H. Kuchen, J. J. Moreno-Navarro, R. Aachen, and I. Ii. Curry: A truly functional logic language, 1995.Google ScholarGoogle Scholar
  11. G. Kiczales, J. Lamping, A. Mendhekar, C. Maeda, C. V. Lopes, J.-M. Loingtier, and J. Irwin. Aspect-Oriented Programming. In ECOOP, pages 220--242, 1997.Google ScholarGoogle ScholarCross RefCross Ref
  12. E. Kohler. HotCRP. http://www.cs.ucla.edu/~kohler/hotcrp/.Google ScholarGoogle Scholar
  13. V. Kuncak, M. Mayer, R. Piskac, and P. Suter. Complete functional synthesis. In PLDI, pages 316--329, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. J. R. Lewis, J. Launchbury, E. Meijer, and M. B. Shields. Implicit parameters: dynamic scoping with static types. In Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '00, pages 108--118, New York, NY, USA, 2000. ACM. ISBN 1-58113-125-9. doi: http://doi.acm.org/10.1145/325694.325708. URL http://doi.acm.org/10.1145/325694.325708. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. J. W. Lloyd. Programming in an integrated functional and logic language. Journal of Functional and Logic Programming, 3, 1999.Google ScholarGoogle Scholar
  16. C. Morgan. The specification statement. ACM Trans. Program. Lang. Syst., 10(3):403--419, 1988. ISSN 0164-0925. doi: http://doi.acm.org/10.1145/44501.44503. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. L. D. Moura and N. Björner. Z3: An efficient SMT solver. In Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. A. Mück and T. Streicher. A tiny constraint functional logic language and its continuation semantics. In ESOP '94: Proceedings of the 5th European Symposium on Programming, pages 439--453, London, UK, 1994. Springer-Verlag. ISBN 3-540-57880-3. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. A. C. Myers. JFlow: Practical mostly-static information flow control. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), pages 228--241, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. M. Odersky, P. Altherr, V. Cremet, B. Emir, S. Maneth, S. Micheloud, N. Mihaylov, M. Schinz, E. Stenman, and M. Zenger. An overview of the scala programming language. Technical report, Citeseer, 2004.Google ScholarGoogle Scholar
  21. D. Rayside, A. Milicevic, K. Yessenov, G. Dennis, and D. Jackson. Agile specifications. In OOPSLA Companion, pages 999--1006, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. H. Samimi, E. D. Aung, and T. D. Millstein. Falling back on executable specifications. In ECOOP, pages 552--576, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. D. R. Smith. A generative approach to aspect-oriented programming. In G. Karsai and E. Visser, editors, GPCE, volume 3286 of Lecture Notes in Computer Science, pages 39--54. Springer, 2004. ISBN 3-540-23580-9.Google ScholarGoogle Scholar
  24. D. R. Smith. Aspects as invariants. In O. Danvy, H. Mairson, F. Henglein, and A. Pettorossi, editors, Automatic Program Development: A Tribute to Robert Paige, pages 270--286, 2008.Google ScholarGoogle Scholar
  25. Z. Somogyi, F. J. Henderson, and T. C. Conway. Mercury, an efficient purely declarative logic programming language. In In Proceedings of the Australian Computer Science Conference, pages 499--512, 1995.Google ScholarGoogle Scholar
  26. J. E. Vascellaro. Facebook grapples with privacy issues. In The Wall Street Journal. May 19 2010.Google ScholarGoogle Scholar
  27. A. Yip, X. Wang, N. Zeldovich, and M. F. Kaashoek. Improving application security with data flow assertions. In Proceedings of the 22th ACM Symposium on Operating Systems Principles (SOSP '09), Big Sky, Montana, October 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. H. Zhao. Hiphop for PHP: Move fast. http://developers.facebook.com/blog/post/358/, February 2010.Google ScholarGoogle Scholar

Index Terms

  1. A language for automatically enforcing privacy policies

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 47, Issue 1
      POPL '12
      January 2012
      569 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/2103621
      Issue’s Table of Contents
      • cover image ACM Conferences
        POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
        January 2012
        602 pages
        ISBN:9781450310833
        DOI:10.1145/2103656

      Copyright © 2012 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 25 January 2012

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!