a framework for automatically enforcing privacy policies jean yang mit kit / april 17, 2014

A Framework for Automatically

Enforcing Privacy PoliciesJean Yang

MIT KIT / April 17, 2014

Privacy matters.People get it wrong.

Many possible points of failure.

getLocation(user)

findAllUsers(location)

findTopLocations()

Only friends can see GPS

location.

Desired Policy

Policy

Implementation

Policy

Policy

Increasingly complex policies.

Only friends can see GPS

location.

Desired Policy

who are localwithin next five hours

Jean Yang / Jeeves 5

Easier if we separate policies from other functionality.

getLocation(user)

findAllUsers(location)

findTopLocations()

Only friends can see GPS

location.

Policy Implementation Other Implementation

| findAllUsers(MIT)

The Jeeves Language

k

You have no friends in this location.

Jean Yang / Jeeves 7

Associated withpolicies.

val loc = gpsCoords | country(gpsCoords)a

label a

Core Functionalityval msg = “Jean’s location is ” + asStr(loc)

Contextual Enforcementprint {fuming} msg “Jean’s location is N 42, W 71.”print {rishabh} msg “Jean’s location is in the United States.”

Policiesrestrict a: loc.(isNear(oc, jean))

{ low, high }

8

Sensitive Values

Jean Yang / Jeeves

Label.

Label.

Output channel. Predicate.

High value. Low value.

Jean Yang / Jeeves 9

Jeeves Execution

=

3

Faceted execution

3 | 0 a

true | false a

Storing policies

Policies

label arestrict a: loc.true

Constraintsprint {…} …true a = low

a loc.true

false

Jean Yang / Jeeves 10

Classical SecurityLevel 3:

top secret.

Level 2:highly classified.

Level 1:privileged information.

Lattice of access levels.

Jean Yang / Jeeves 11

Classical Security

Viewers must have access for the highest level.

+Level 3

Level 3

Level 0

Jean Yang / Jeeves 12

| Jeeves Security

p+

Jean Yang / Jeeves 13

ImplementationOverload operators for faceted evaluation.

Policy environment

Use an SMT solver as a model finder.

print

mkLabelrestrict

=

33 | 42 a

Store policies in runtime environment

true | false a

false

Jean Yang / Jeeves 14

Case Studies in Progress

Conference management

system

Course manager

Protein signaling

Fitness tracking (with Fuming)

15

FINALLY.. I CAN FOCUS ON FUNCTIONALITY!

Jean Yang / Jeeves 16

Jeeves Team

Armando Solar-

LezamaThomas Austin

Cormac Flanagan

TravisHance

BenjaminShaibu

|

This Talk

Jean Yang / Jeeves jeeveslang.org

You have no friends in this location.

Jeeves programmingmodel

Theoretical guarantees

Implementation strategies

Case studies Join us!