Enforcing User Privacy in Web Applications using Erlang
نویسندگان
چکیده
Social networking applications on the web handle the personal data of a large number of concurrently active users. These applications must comply with complex privacy requirements, while achieving scalability and high performance. Applying constraints to the flow of data through such applications to enforce privacy policy is challenging because individual components process data belonging to many different users. We introduce a practical approach for uniformly enforcing privacy requirements in such applications using the actor-based Erlang programming language. To isolate the personal data of users, we exploit Erlang’s inexpensive process model and use Erlang’s message passing mechanism to add policy checks. We illustrate this approach by describing the architecture of a privacy-preserving message dispatcher in a micro-blogging service. Our performance evaluation of a prototype implementation shows that this approach can enforce fine-grained privacy guarantees with a low performance overhead.
منابع مشابه
Enforcing Privacy in Web Applications
The development of web applications is typically done oblivious to privacy precautions. Largely, this is due to lack of technical knowledge and appropriate tools for enforcing privacy. As a result, web users’ personal information is constantly at risk. We introduce a solution that protects arbitrary web applications from several dangerous privacy threats. It is easy to install, usable (e.g., in...
متن کاملInterleaving Semantic Web Reasoning and Service Discovery to Enforce Context-Sensitive Security and Privacy Policies
Enforcing rich policies in open environments will increasingly require the ability to dynamically identify external sources of information necessary to enforce different policies (e.g. finding an appropriate source of location information to enforce a location-sensitive access control policy). In this paper, we introduce a semantic web framework and a metra-control model for dynamically interle...
متن کاملCredential Purpose-based Access Control for Personal Data Protection
Web-based applications enable users to carry out their business transactions virtually at any time and place whereby users are required to disclose almost all their personal information which result in greater risks of information disclosure. Therefore, protecting personal information is of utmost importance. Enforcing personal information protection in databases requires controlled access to s...
متن کاملSIF: Enforcing Confidentiality and Integrity in Web Applications
SIF (Servlet Information Flow) is a novel software framework for building high-assurance web applications, using language-based information-flow control to enforce security. Explicit, end-to-end confidentiality and integrity policies can be given either as compile-time program annotations, or as run-time user requirements. Compile-time and run-time checking efficiently enforce these policies. I...
متن کاملHails: Protecting Data Privacy in Untrusted Web Applications
Modern extensible web platforms like Facebook and Yammer depend on third-party software to offer a rich experience to their users. Unfortunately, users running a third-party “app” have little control over what it does with their private data. Today’s platforms offer only ad-hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled appr...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010