2013 Poster Sessions : Hails: Protecting Data Privacy in Untrusted Web Applications

Student Name : Deian Stefan
Advisor : David Mazières
Research Areas: Computer Systems
Modern extensible web platforms like Facebook and Yammer depend on third-party software to offer a rich experience to their users. Unfortunately, users running a third-party "app" have little control over what it does with their private data. Today’s platforms offer only ad-hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled approach to code confinement could allow the integration of untrusted code while enforcing flexible, end-to-end policies on data access. We present a new web framework, Hails, that adds mandatory access control and a declarative policy language to the familiar MVC architecture. We demonstrate the flexibility of Hails through GitStar.com, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.

Deian Stefan is a third year Ph.D. student in the Computer Science, at Stanford University. His research interest are in computer security,with specific attention to language-based approaches to decentralized information flow control and secure computation.