Type-preserving compilation of end-to-end verification of security enforcement

ChenJuan,; ChughRavi,; SwamyNikhil,

doi:10.1145/1809028.1806643

“…Jeeves privacy policies yield comparable expressiveness to stateof-the-art languages for verifying system security such as Jif [19], Fine [4], and Ur/Web [5]. These are static approaches that have no dynamic overhead.…”

Section: Related Workmentioning

confidence: 99%

“…Ensuring compliance with privacy policies requires reasoning globally about both the flow of information and the interaction of different policies affecting this information. A number of tools have been developed to check code against privacy policies statically [4,19] and dynamically [27]. While these checking tools can help avoid data leaks, the programmer is still responsible for implementing applications that display enough information to satisfy the user's needs without violating privacy policies.…”

Section: Introductionmentioning

confidence: 99%

A language for automatically enforcing privacy policies

Yang

¹

,

Yessenov

²

,

Solar-Lezama

³

2012

View full text Add to dashboard Cite

It is becoming increasingly important for applications to protect sensitive data. With current techniques, the programmer bears the burden of ensuring that the application's behavior adheres to policies about where sensitive values may flow. Unfortunately, privacy policies are difficult to manage because their global nature requires coordinated reasoning and enforcement. To address this problem, we describe a programming model that makes the system responsible for ensuring adherence to privacy policies. The programming model has two components: 1) core programs describing functionality independent of privacy concerns and 2) declarative, decentralized policies controlling how sensitive values are disclosed. Each sensitive value encapsulates multiple views; policies describe which views are allowed based on the output context. The system is responsible for automatically ensuring that outputs are consistent with the policies. We have implemented this programming model in a new functional constraint language named Jeeves. In Jeeves, sensitive values are introduced as symbolic variables and policies correspond to constraints that are resolved at output channels. We have implemented Jeeves as a Scala library using an SMT solver as a model finder. In this paper we describe the dynamic and static semantics of Jeeves and the properties about policy enforcement that the semantics guarantees. We also describe our experience implementing a conference management system and a social network.

show abstract

PSpec: A Formal Specification Language for Fine-Grained Control on Distributed Data Analytics

Luo

¹

,

He

²

,

Dong³

et al. 2017

2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C)

View full text Add to dashboard Cite

A language for automatically enforcing privacy policies

Yang

¹

,

Yessenov

²

,

Solar-Lezama

³

2012

Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

View full text Add to dashboard Cite

It is becoming increasingly important for applications to protect sensitive data. With current techniques, the programmer bears the burden of ensuring that the application's behavior adheres to policies about where sensitive values may flow. Unfortunately, privacy policies are difficult to manage because their global nature requires coordinated reasoning and enforcement. To address this problem, we describe a programming model that makes the system responsible for ensuring adherence to privacy policies. The programming model has two components: 1) core programs describing functionality independent of privacy concerns and 2) declarative, decentralized policies controlling how sensitive values are disclosed. Each sensitive value encapsulates multiple views; policies describe which views are allowed based on the output context. The system is responsible for automatically ensuring that outputs are consistent with the policies. We have implemented this programming model in a new functional constraint language named Jeeves. In Jeeves, sensitive values are introduced as symbolic variables and policies correspond to constraints that are resolved at output channels. We have implemented Jeeves as a Scala library using an SMT solver as a model finder. In this paper we describe the dynamic and static semantics of Jeeves and the properties about policy enforcement that the semantics guarantees. We also describe our experience implementing a conference management system and a social network.

show abstract

Type-preserving compilation of end-to-end verification of security enforcement

Cited by 4 publications

References 23 publications

A language for automatically enforcing privacy policies

A language for automatically enforcing privacy policies

PSpec: A Formal Specification Language for Fine-Grained Control on Distributed Data Analytics

A language for automatically enforcing privacy policies

Contact Info

Product

Resources

About