Information flow control (IFC) allows software programmers and auditors to detect and prevent the sharing of information between different parts of a program which, as a matter of policy, should be kept logically separate. However, the lack of widespread use of IFC suggests technology and usability barriers to adoption. The programming language JIF provides IFC on top of Java. To assess pragmatic issues and systematic limitations of using JIF for commercial privacy-preserving Web applications, we deliver the first Web-based case-study with customer-negotiated restrictions on data recipients and usage. On a practical level, from our experience of programming in JIF, we assess its suitability for preventing accidental misuse of personal information and deduce recommendations for future implementations. On a theoretical level, we explore the compatibility between static analysis and privacy policies configured at runtime.
[1]
Andrew C. Myers,et al.
SIF: Enforcing Confidentiality and Integrity in Web Applications
,
2007,
USENIX Security Symposium.
[2]
Sören Preibusch.
Experiments and formal methods for privacy research
,
2010
.
[3]
Andrew C. Myers,et al.
Jif: java information flow
,
1999
.
[4]
Andrei Sabelfeld,et al.
Security-Typed Languages for Implementation of Cryptographic Protocols: A Case Study
,
2005,
ESORICS.
[5]
Boniface Hicks,et al.
From Languages to Systems: Understanding Practical Application Development in Security-typed Languages
,
2006,
2006 22nd Annual Computer Security Applications Conference (ACSAC'06).