[Pl-seminar] 12/14: Jean Yang, "A Language for Automatically Enforcing Privacy Policies"

Aaron Turon turon at ccs.neu.edu
Sun Dec 11 15:43:14 EST 2011


NEU Programming Languages Seminar presents

Jean Yang
MIT

Wednesday, 12/14

11:45am - 1:30pm
Room 366 WVH (http://www.ccs.neu.edu/home/wand/directions.html)

A Language for Automatically Enforcing Privacy Policies

It is becoming increasingly important for applications to protect
sensitive data. With current techniques, the programmer bears the
burden of ensuring that the application’s behavior adheres to policies
about where sensitive values may flow. Unfortunately, privacy policies
are difficult to manage because their global nature requires
coordinated reasoning and enforcement.

To address this problem, we describe a programming model that makes
the system responsible for ensuring adherence to privacy policies. The
programming model has two components: 1) core programs describing
functionality independent of privacy concerns and 2) declarative,
decentralized policies controlling how sensitive values are disclosed.
Each sensitive value encapsulates multiple views; policies describe
which views are allowed based on the output context. The system is
responsible for automatically ensuring that outputs are consistent
with the policies.

We have implemented this programming model in a new functional
constraint language named Jeeves. In Jeeves, sensitive values are
introduced as symbolic variables and policies correspond to
constraints that are resolved at output channels. We have implemented
Jeeves as a Scala library using an SMT solver as a model finder. In
this talk, I describe the Jeeves language, its implementations, the
guarantees it provides to the programmer, and our experience using
Jeeves to implement a simple conference management system and a social
network.

Website: https://sites.google.com/site/jeevesprogramming



More information about the pl-seminar mailing list