A Framework for Automatically Enforcing Privacy Policies Jean Yang MSRC / October 15, 2013.

Slides:



Advertisements
Similar presentations
A View Based Security Framework for XML Wenfei Fan, Irini Fundulaki, Floris Geerts, Xibei Jia, Anastasios Kementsietsidis University of Edinburgh Digital.
Advertisements

Operating System Security
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
System Design System Design - Mr. Ahmad Al-Ghoul System Analysis and Design.
Access Control Methodologies
A Language for Automatically Enforcing Privacy Jean Yang with Kuat Yessenov and Armando Solar-Lezama.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
Database Management System
Access Control Intro, DAC and MAC System Security.
Model-Driven Design and Administration of Access Control in Enterprise Applications April 2005.
Information Retrieval in Practice
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation
CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.
Automatic Implementation of provable cryptography for confidentiality and integrity Presented by Tamara Rezk – INDES project - INRIA Joint work with: Cédric.
Overview of Search Engines
ORACLE DATABASE SECURITY
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
DSpace XML UI Project Texas A&M University Digital Initiatives, Research and Technology Scott Phillips, Cody Green, Alexey Maslov, Adam Mikeal, Brian Surratt,
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
Secure Web Applications via Automatic Partitioning Stephen Chong, Jed Liu, Andrew C. Meyers, Xin Qi, K. Vikram, Lantian Zheng, Xin Zheng. Cornell University.
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
Switch off your Mobiles Phones or Change Profile to Silent Mode.
About Chris Welch Synergy – Global Reach. Local Service. - Cell Online - USA | South.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
Preventing Information Leaks with Jeeves Jean Yang, MIT April 8, 2015.
CS162 Week 8 Kyle Dewey. Overview Example online going over fail03.not (from the test suite) in depth A type system for secure information flow Implementing.
Module 9 Configuring Messaging Policy and Compliance.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
Microsoft SharePoint Server 2010 for the Microsoft ASP.NET Developer Yaroslav Pentsarskyy
Module 9 Configuring Messaging Policy and Compliance.
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
Chapter 5 Network Security
BA372 Stored Procedures and Triggers Lab. What needs to be done to change a customer’s credit limit? Who am I? May I? Do it Log it Display A database.
Containment and Integrity for Mobile Code End-to-end security, untrusted hosts Andrew Myers Fred Schneider Department of Computer Science Cornell University.
SECURE WEB APPLICATIONS VIA AUTOMATIC PARTITIONING S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, X. Zheng Cornell University.
CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 25 Integrity Protection: Biba, Clark Wilson, and Chinese Wall.
Windows Role-Based Access Control Longhorn Update
Logical view –show classes and objects Process view –models the executables Implementation view –Files, configuration and versions Deployment view –Physical.
 Registry itself is easy and straightforward in implementation  The objects of registry are actually complicated to store and manage  Objects of Registry.
Presented by Vishy Grandhi.  Architecture (Week 1) ◦ Development Environments ◦ Model driven architecture ◦ Licensing and configuration  AOT (Week 2)
London 28 February 2012 European Commission Information Society and Media GaLA Gamification 1 KAM STAR.
Academic Year 2014 Spring Academic Year 2014 Spring.
Chapter 5 : Integrity And Security  Domain Constraints  Referential Integrity  Security  Triggers  Authorization  Authorization in SQL  Views 
Privilege Management Chapter 22.
Secure middleware patterns E.B.Fernandez. Middleware security Architectures have been studied and several patterns exist Security aspects have not been.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Decentralized Information Flow A paper by Myers/Liskov.
A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:
A Framework for Automatically Enforcing Privacy Policies Jean Yang MIT KIT / April 17, 2014.
CS162 Week 8 Kyle Dewey. Overview Example online going over fail03.not (from the test suite) in depth A type system for secure information flow Implementing.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
CS526Topic 19: Integrity Models1 Information Security CS 526 Topic 19: Integrity Protection Models.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Precise, Dynamic Information Flow for Database- Backed Applications Jean Yang, Travis Hance, Thomas H. Austin, Armando Solar-Lezama, Cormac Flanagan, and.
MLS/MCS on SE Linux Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework Uses.
SE Linux Implementation Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework.
Database and Cloud Security
Database System Implementation CSE 507
Controlling User Access
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
SE Linux Implementation
Understanding Android Security
Access Control What’s New?
Presentation transcript:

A Framework for Automatically Enforcing Privacy Policies Jean Yang MSRC / October 15, 2013

Privacy matters. People get it wrong.

Many possible points of failure. getLocation(user) findAllUsers(location) findTopLocations() Only friends can see GPS location. Desired Policy Policy Implementation Policy

Increasingly complex policies. Only friends can see GPS location. Desired Policy who are local within next five hours

Jean Yang / Jeeves5

Easier if we separate policies from other functionality. getLocation(user) findAllUsers(location) findTopLocations() Only friends can see GPS location. Policy ImplementationOther Implementation

Jean Yang / Jeeves7

 |  findAllUsers(MSRC) The Jeeves Language k You have no friends in this location. Jean Yang / Jeeves8 Associated with policies.

val loc =  gpsCoords | country(gpsCoords)  a label a Core Functionality val msg = “Jean’s location is ” + asStr(loc) Contextual Enforcement print {andrey} msg “Jean’s location is N , W 0.13 .” print {rishabh} msg “Jean’s location is in the United Kingdom.” Policies restrict a: oc.(isNear(oc, jean)) { low, high } 9 Sensitive Values Jean Yang / Jeeves Label. Output channel. Predicate. High value.Low value.

Jeeves Execution = 3 Faceted execution 10Jean Yang / Jeeves  3 | 0  a  true | false  a Storing policies Policies label a restrict a: oc.true Constraints print {…} … true  a = low a  oc.true false

Jean Yang / Jeeves11 restrict a: oc.isNear(oc,me) Policies may refer to sensitive values. Jeeves Policies oc.addConstraint(  isNear(oc, me)  a == low) Constraints always take this form. Notes There is always a consistent assignment. Notion of maximal functionality: if a label is allowed to be high, we try to set it to high.

Jean Yang / Jeeves12

Jean Yang / Jeeves13 Classical Security Level 3: top secret. Level 2: highly classified. Level 1: privileged information. Lattice of access levels.

Jean Yang / Jeeves14 Classical Security Viewers must have access for the highest level. + Level 3 Level 0

 |  Jean Yang / Jeeves15 Jeeves Security p +

Jeeves Non-Interference Guarantee  H | L  a Given a sensitive value all executions where a must be low produce equivalent outputs no matter the value of H. 16Jean Yang / Jeeves Takes into account when label depends on sensitive values!

Non-Interference in Jeeves 17Jean Yang / Jeeves restrict a: oc.(distance(oc, location) < 25) protected location viewer Viewer within radius: a is allowed to be high.

Non-Interference in Jeeves 18Jean Yang / Jeeves restrict a: oc.(distance(oc, location) < 25) protected location Viewer outside radius: a must be low. Viewer should not be able to distinguish actual location from any other of these points. viewer

Jean Yang / Jeeves19

Implementation Overload operators for faceted evaluation. Policy environment Use an SMT solver as a model finder. print mkLabel restrict 20Jean Yang / Jeeves = 3  3 | 42  a Store policies in runtime environment  true | false  a false

Case study: JConf Jean Yang / Jeeves21 JConf policies JConf functionality ReviewerAuthor

User Role Paper Title Author Reviews Tags … Policy Review Reviewer Content Policy Context User Stage Policy Core Program Search papers. Display papers. Add and remove tags. Assign and submit reviews. Functionality 22Jean Yang / Jeeves Jconf Architecture

Functionality vs. Policy FileTotal LOCPolicy LOC ConfUser.scala21221 PaperRecord.scala30475 PaperReview.scala11632 ConfContext.scala60 Backend + Squeryl8000 Frontend (Scalatra)6290 Frontend (SSP)7980 Total Jean Yang / Jeeves < 5%

Jean Yang / Jeeves24 SQL (Squeryl) Embedded DSL Scalatra frontend PostGre SQL Embedded DSL Django frontend Jeeves Frameworks Python-Jeeves source transform

Jean Yang / Jeeves25 What about inputs? Reviewer A Reviews New review Reviewer B New review --- Author

Jean Yang / Jeeves26 Reviewer A Reviews New review Reviewer B New review Old review Author Storing multiple versions?

Jean Yang / Jeeves27 Scores New score Old score User --- User When viewers specify trust… Need to additionally track who is writing…

Low-level mechanism Jean Yang / Jeeves28 Mutable State 42 p1p1 p2p2 p2p2 Associate references with policies wrestrict in. out. ((in == alice) && isFriends (out, alice)) wrestrict in. out.(isFriends(in, alice))

Jean Yang / Jeeves29 Execution with writer’s inputs Execution without writer’s inputs New score Guarantees

Write Policy Case Studies Jean Yang / Jeeves30 AuthenticationBattleship game Conference management Notes Support policies for confidentiality and integrity. Policy-agnosticism good for encoding other policies, for instance game rules.

 |  Jean Yang / Jeeves31 select * from papers where author = “Jean Yang” author high author low policies p Interfacing with the DB

32 FINALLY.. I CAN FOCUS ON FUNCTIONALITY!

Jeeves Team Jean Yang / Jeeves33 Armando Solar- Lezama Thomas Austin Cormac Flanagan Travis Hance Benjamin Shaibu

 |  Program The Jeeves Framework k Jean Yang / Jeeves34 Customized page jeeveslang.org

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.