A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
httperf—a tool for measuring web server performance
ACM SIGMETRICS Performance Evaluation Review
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Distributed credential chain discovery in trust management
Journal of Computer Security
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Replication and Partitioning to Build Secure Distributed Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Practical Information-flow Control in Web-Based Information Systems
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Secure web applications via automatic partitioning
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Language-Based Isolation of Untrusted JavaScript
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Fabric: a platform for secure distributed computation and storage
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Separating web applications from user data storage with BSTORE
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
Static checking of dynamically-varying security policies in database-backed applications
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
MongoDB: The Definitive Guide
Decentralized trust management
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Automated Analysis of Security-Critical JavaScript APIs
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Flexible dynamic information flow control in Haskell
Proceedings of the 4th ACM symposium on Haskell
Logical attestation: an authorization architecture for trustworthy computing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Third-Party Web Tracking: Policy and Technology
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Abstractions for usable information flow control in Aeolus
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
Proceedings of the 2012 Haskell Symposium
Addressing covert termination and timing channels in concurrent information flow systems
Proceedings of the 17th ACM SIGPLAN international conference on Functional programming
πBox: a platform for privacy-preserving apps
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Toward principled browser security
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
Building web applications on top of encrypted data using Mylar
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
Modern extensible web platforms like Facebook and Yammer depend on third-party software to offer a rich experience to their users. Unfortunately, users running a third-party "app" have little control over what it does with their private data. Today's platforms offer only ad-hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled approach to code confinement could allow the integration of untrusted codewhile enforcing flexible, end-to-end policies on data access. This paper presents a new web framework, Hails, that adds mandatory access control and a declarative policy language to the familiar MVC architecture. We demonstrate the flexibility of Hails through GitStar.com, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.