University of Cambridge > > Microsoft Research Cambridge, public talks > A Framework for Automatically Enforcing Privacy Policies

A Framework for Automatically Enforcing Privacy Policies

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Microsoft Research Cambridge Talks Admins.

This event may be recorded and made available internally or externally via Microsoft will own the copyright of any recordings made. If you do not wish to have your image/voice recorded please consider this before attending

It is increasingly important for applications to protect sensitive data. Security policies are difficult to manage because their global nature requires coordinated reasoning and enforcement. To mitigate this, we propose a policy-agnostic programming model in which the programmer implements information flow policies separately from the other functionality. The programmer may rely on the runtime to automatically produce outputs adhering to these policies. For my Ph.D. thesis, I have developed the Jeeves programming language to explore this model. Jeeves allows programmers to define multiple views of sensitive values along with policies for disclosing these views. The Jeeves semantics describe the dynamic enforcement of these policies. We have proven security guarantees about our semantics and implemented Jeeves as an embedded domain-specific language in Scala. We have used our implementation to build a small conference management system. The goal of my thesis is to demonstrate the feasibility of policy-agnostic programming in a web framework. Towards this, we are working on a Python implementation of Jeeves and also working on extending Jeeves’s guarantees across the database interface.

This talk is part of the Microsoft Research Cambridge, public talks series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


© 2006-2024, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity