Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Framework for Automatically Enforcing Privacy Policies Jean Yang MSRC / October 15, 2013.

Published byMyrtle Knight Modified over 8 years ago

Similar presentations

Presentation on theme: "A Framework for Automatically Enforcing Privacy Policies Jean Yang MSRC / October 15, 2013."— Presentation transcript:

1 A Framework for Automatically Enforcing Privacy Policies Jean Yang MSRC / October 15, 2013

2 Privacy matters. People get it wrong.

3 Many possible points of failure. getLocation(user) findAllUsers(location) findTopLocations() Only friends can see GPS location. Desired Policy Policy Implementation Policy

4 Increasingly complex policies. Only friends can see GPS location. Desired Policy who are local within next five hours

5 Jean Yang / Jeeves5

6 Easier if we separate policies from other functionality. getLocation(user) findAllUsers(location) findTopLocations() Only friends can see GPS location. Policy ImplementationOther Implementation

7 Jean Yang / Jeeves7

8  |  findAllUsers(MSRC) The Jeeves Language k You have no friends in this location. Jean Yang / Jeeves8 Associated with policies.

9 val loc =  gpsCoords | country(gpsCoords)  a label a Core Functionality val msg = “Jean’s location is ” + asStr(loc) Contextual Enforcement print {andrey} msg “Jean’s location is N 52.19 , W 0.13 .” print {rishabh} msg “Jean’s location is in the United Kingdom.” Policies restrict a: oc.(isNear(oc, jean)) { low, high } 9 Sensitive Values Jean Yang / Jeeves Label. Output channel. Predicate. High value.Low value.

10 Jeeves Execution = 3 Faceted execution 10Jean Yang / Jeeves  3 | 0  a  true | false  a Storing policies Policies label a restrict a: oc.true Constraints print {…} … true  a = low a  oc.true false

11 Jean Yang / Jeeves11 restrict a: oc.isNear(oc,me) Policies may refer to sensitive values. Jeeves Policies oc.addConstraint(  isNear(oc, me)  a == low) Constraints always take this form. Notes There is always a consistent assignment. Notion of maximal functionality: if a label is allowed to be high, we try to set it to high.

12 Jean Yang / Jeeves12

13 Jean Yang / Jeeves13 Classical Security Level 3: top secret. Level 2: highly classified. Level 1: privileged information. Lattice of access levels.

14 Jean Yang / Jeeves14 Classical Security Viewers must have access for the highest level. + Level 3 Level 0

15  |  Jean Yang / Jeeves15 Jeeves Security p +

16 Jeeves Non-Interference Guarantee  H | L  a Given a sensitive value all executions where a must be low produce equivalent outputs no matter the value of H. 16Jean Yang / Jeeves Takes into account when label depends on sensitive values!

17 Non-Interference in Jeeves 17Jean Yang / Jeeves restrict a: oc.(distance(oc, location) < 25) protected location viewer Viewer within radius: a is allowed to be high.

18 Non-Interference in Jeeves 18Jean Yang / Jeeves restrict a: oc.(distance(oc, location) < 25) protected location Viewer outside radius: a must be low. Viewer should not be able to distinguish actual location from any other of these points. viewer

19 Jean Yang / Jeeves19

20 Implementation Overload operators for faceted evaluation. Policy environment Use an SMT solver as a model finder. print mkLabel restrict 20Jean Yang / Jeeves = 3  3 | 42  a Store policies in runtime environment  true | false  a false

21 Case study: JConf Jean Yang / Jeeves21 JConf policies JConf functionality ReviewerAuthor

22 User Role Paper Title Author Reviews Tags … Policy Review Reviewer Content Policy Context User Stage Policy Core Program Search papers. Display papers. Add and remove tags. Assign and submit reviews. Functionality 22Jean Yang / Jeeves Jconf Architecture

23 Functionality vs. Policy FileTotal LOCPolicy LOC ConfUser.scala21221 PaperRecord.scala30475 PaperReview.scala11632 ConfContext.scala60 Backend + Squeryl8000 Frontend (Scalatra)6290 Frontend (SSP)7980 Total2865128 23Jean Yang / Jeeves < 5%

24 Jean Yang / Jeeves24 SQL (Squeryl) Embedded DSL Scalatra frontend PostGre SQL Embedded DSL Django frontend Jeeves Frameworks Python-Jeeves source transform

25 Jean Yang / Jeeves25 What about inputs? Reviewer A Reviews New review Reviewer B New review --- Author

26 Jean Yang / Jeeves26 Reviewer A Reviews New review Reviewer B New review Old review Author Storing multiple versions?

27 Jean Yang / Jeeves27 Scores New score Old score User --- User When viewers specify trust… Need to additionally track who is writing…

28 Low-level mechanism Jean Yang / Jeeves28 Mutable State 42 p1p1 p2p2 p2p2 Associate references with policies wrestrict in. out. ((in == alice) && isFriends (out, alice)) wrestrict in. out.(isFriends(in, alice))

29 Jean Yang / Jeeves29 Execution with writer’s inputs Execution without writer’s inputs New score Guarantees

30 Write Policy Case Studies Jean Yang / Jeeves30 AuthenticationBattleship game Conference management Notes Support policies for confidentiality and integrity. Policy-agnosticism good for encoding other policies, for instance game rules.

31  |  Jean Yang / Jeeves31 select * from papers where author = “Jean Yang” author high author low policies p Interfacing with the DB

32 32 FINALLY.. I CAN FOCUS ON FUNCTIONALITY!

33 Jeeves Team Jean Yang / Jeeves33 Armando Solar- Lezama Thomas Austin Cormac Flanagan Travis Hance Benjamin Shaibu

34  |  Program The Jeeves Framework k Jean Yang / Jeeves34 Customized page jeeveslang.org

Download ppt "A Framework for Automatically Enforcing Privacy Policies Jean Yang MSRC / October 15, 2013."

Similar presentations

A View Based Security Framework for XML Wenfei Fan, Irini Fundulaki, Floris Geerts, Xibei Jia, Anastasios Kementsietsidis University of Edinburgh Digital.

A View Based Security Framework for XML Wenfei Fan, Irini Fundulaki, Floris Geerts, Xibei Jia, Anastasios Kementsietsidis University of Edinburgh Digital.
Operating System Security

Operating System Security
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
System Design System Design - Mr. Ahmad Al-Ghoul System Analysis and Design.

System Design System Design - Mr. Ahmad Al-Ghoul System Analysis and Design.
Access Control Methodologies

Access Control Methodologies
A Language for Automatically Enforcing Privacy Jean Yang with Kuat Yessenov and Armando Solar-Lezama.

A Language for Automatically Enforcing Privacy Jean Yang with Kuat Yessenov and Armando Solar-Lezama.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
Database Management System

Database Management System
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Model-Driven Design and Administration of Access Control in Enterprise Applications April 2005.

Model-Driven Design and Administration of Access Control in Enterprise Applications April 2005.
Information Retrieval in Practice

Information Retrieval in Practice
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation

PAWN: A Novel Ingestion Workflow Technology for Digital Preservation
CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.

CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.
Automatic Implementation of provable cryptography for confidentiality and integrity Presented by Tamara Rezk – INDES project - INRIA Joint work with: Cédric.

Automatic Implementation of provable cryptography for confidentiality and integrity Presented by Tamara Rezk – INDES project - INRIA Joint work with: Cédric.
Overview of Search Engines

Overview of Search Engines
ORACLE DATABASE SECURITY

ORACLE DATABASE SECURITY
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
DSpace XML UI Project Texas A&M University Digital Initiatives, Research and Technology Scott Phillips, Cody Green, Alexey Maslov, Adam Mikeal, Brian Surratt,

DSpace XML UI Project Texas A&M University Digital Initiatives, Research and Technology Scott Phillips, Cody Green, Alexey Maslov, Adam Mikeal, Brian Surratt,

Similar presentations

Ads by Google