a framework for automatically enforcing privacy policies jean yang mit kit / april 17, 2014
DESCRIPTION
Many possible points of failure. getLocation(user) findAllUsers(location) findTopLocations() Only friends can see GPS location. Desired Policy Policy Implementation PolicyTRANSCRIPT
A Framework for Automatically
Enforcing Privacy PoliciesJean Yang
MIT KIT / April 17, 2014
Privacy matters.People get it wrong.
Many possible points of failure.
getLocation(user)
findAllUsers(location)
findTopLocations()
Only friends can see GPS
location.
Desired Policy
Policy
Implementation
Policy
Policy
Increasingly complex policies.
Only friends can see GPS
location.
Desired Policy
who are localwithin next five hours
Jean Yang / Jeeves 5
Easier if we separate policies from other functionality.
getLocation(user)
findAllUsers(location)
findTopLocations()
Only friends can see GPS
location.
Policy Implementation Other Implementation
| findAllUsers(MIT)
The Jeeves Language
k
You have no friends in this location.
Jean Yang / Jeeves 7
Associated withpolicies.
val loc = gpsCoords | country(gpsCoords)a
label a
Core Functionalityval msg = “Jean’s location is ” + asStr(loc)
Contextual Enforcementprint {fuming} msg “Jean’s location is N 42, W 71.”print {rishabh} msg “Jean’s location is in the United States.”
Policiesrestrict a: loc.(isNear(oc, jean))
{ low, high }
8
Sensitive Values
Jean Yang / Jeeves
Label.
Label.
Output channel. Predicate.
High value. Low value.
Jean Yang / Jeeves 9
Jeeves Execution
=
3
Faceted execution
3 | 0 a
true | false a
Storing policies
Policies
label arestrict a: loc.true
Constraintsprint {…} …true a = low
a loc.true
false
Jean Yang / Jeeves 10
Classical SecurityLevel 3:
top secret.
Level 2:highly classified.
Level 1:privileged information.
Lattice of access levels.
Jean Yang / Jeeves 11
Classical Security
Viewers must have access for the highest level.
+Level 3
Level 3
Level 0
Jean Yang / Jeeves 12
| Jeeves Security
p+
Jean Yang / Jeeves 13
ImplementationOverload operators for faceted evaluation.
Policy environment
Use an SMT solver as a model finder.
mkLabelrestrict
=
33 | 42 a
Store policies in runtime environment
true | false a
false
Jean Yang / Jeeves 14
Case Studies in Progress
Conference management
system
Course manager
Protein signaling
Fitness tracking (with Fuming)
15
FINALLY.. I CAN FOCUS ON FUNCTIONALITY!
Jean Yang / Jeeves 16
Jeeves Team
Armando Solar-
LezamaThomas Austin
Cormac Flanagan
TravisHance
BenjaminShaibu
|
This Talk
Jean Yang / Jeeves jeeveslang.org
You have no friends in this location.
Jeeves programmingmodel
Theoretical guarantees
Implementation strategies
Case studies Join us!