Enforcing Privacy Policies with Meta-Code

This paper proposes a mechanism for expressing and enforcing security policies for shared data. Security policies are expressed as stateful meta-code operations; meta-code can express a broad class of policies, including access-based policies, use-based policies, obligations, and sticky policies with declassification. The meta-code is interposed in the filesystem access path to ensure policy compliance. The generality and feasibility of our approach is demonstrated using a sports analytics prototype system.

[1]  Robbert van Renesse,et al.  Secure Abstraction with Code Capabilities , 2013, 2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing.

[2]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[3]  Dominique Devriese,et al.  Stateful Declassification Policies for Event-Driven Programs , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[4]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[5]  Johannes Gehrke,et al.  Guardat: enforcing data policies at the storage layer , 2015, EuroSys.

[6]  Grigore Rosu,et al.  Mop: an efficient and generic runtime verification framework , 2007, OOPSLA.

[7]  Fred B. Schneider,et al.  Fine-Grained User Privacy from Avenance Tags , 2014 .

[8]  Limin Jia,et al.  Policy auditing over incomplete logs: theory, implementation and applications , 2011, CCS '11.

[9]  Keith Marzullo,et al.  An approach towards an agent computing environment , 1999, Proceedings. 19th IEEE International Conference on Distributed Computing Systems. Workshops on Electronic Commerce and Web-based Applications. Middleware.

[10]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[11]  Elaine Shi,et al.  Do You Know Where Your Data Are? Secure Data Capsules for Deployable Data Protection , 2011, HotOS.

[12]  Marianne Winslett,et al.  Super-sticky and declassifiable release policies for flexible information dissemination control , 2006, WPES '06.

[13]  Paul Dourish,et al.  A programming model for active documents , 2000, UIST '00.

[14]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[15]  Dominique Devriese,et al.  Noninterference through Secure Multi-execution , 2010, 2010 IEEE Symposium on Security and Privacy.

[16]  Carsten Griwodz,et al.  Soccer video and player position dataset , 2014, MMSys '14.

[17]  Gregory Neven,et al.  Downstream Usage Control , 2010, POLICY.

[18]  Dag Johansen,et al.  Balava: Federating Private and Public Clouds , 2011, 2011 IEEE World Congress on Services.

[19]  Saikat Guha,et al.  Bootstrapping Privacy Compliance in Big Data Systems , 2014, 2014 IEEE Symposium on Security and Privacy.

[20]  Dag Johansen,et al.  Overlay Cloud Networking through Meta-Code , 2011, 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops.