• Corpus ID: 27122633

Shai: Enforcing Data-Specific Policies with Near-Zero Runtime Overhead

  title={Shai: Enforcing Data-Specific Policies with Near-Zero Runtime Overhead},
  author={Eslam Elnikety and Deepak Garg and Peter Druschel},
Data retrieval systems such as online search engines and online social networks must comply with the privacy policies of personal and selectively shared data items, regulatory policies regarding data retention and censorship, and the provider's own policies regarding data use. Enforcing these policies is difficult and error-prone. Systematic techniques to enforce policies are either limited to type-based policies that apply uniformly to all data of the same type, or incur significant runtime… 

Figures and Tables from this paper

RIF: Reactive information flow labels
PWNI is introduced as a fitting security policy, because noninterference is not suitable and a type system is given for static enforcement of PWNI in programs that associate checkable classes of RIF labels with variables.
Towards a Computer-Interpretable Actionable Formal Model to Encode Data Governance Rules
  • Rui Zhao, M. Atkinson
  • Computer Science
    2019 15th International Conference on eScience (eScience)
  • 2019
It is argued that intelligent systems can be used to improve the situation, by recording provenance records during processing, encoding the rules and performing reasoning, as the first step towards helping data providers and data users sustain productive relationships.
Foundations of Security, Protocols, and Equational Reasoning
This anecdotal note describes Cathy Meadow’s leadership role in formal specification and verification of cryptographic protocols through her significant research and successful efforts to bring researchers together to form a unified, cohesive, and effective community to design and evaluate cryptographic protocols.
JRIF: Reactive Information Flow Control for Java
This paper aims to demonstrate the efforts towards in-situ applicability of EMMARM, which aims to provide real-time information about concrete mechanical properties such as E-modulus and compressive strength.


Bootstrapping Privacy Compliance in Big Data Systems
The experience building and operating a system to automate privacy policy compliance checking in Bing, and central to the design of the system are Legal ease-a language that allows specification of privacy policies that impose restrictions on how user data is handled, and Grok-a data inventory for Map-Reduce-like big data systems that tracks howuser data flows among programs.
Thoth: Comprehensive Policy Compliance in Data Retrieval Systems
Thoth provides an efficient, kernel-level compliance layer for data use policies that tracks the flow of data through the system, and enforces policy regardless of bugs, misconfigurations, compromises in application code, or actions by unprivileged operators.
PolSim: Automatic Policy Validation via Meta-Data Flow Simulation
PolSim, a simulation tool that aids system policy designers by validating the provided policies and systematically ensuring that the system allows all and only expected flows, is introduced.
Hybrid Static-Runtime Information Flow and Declassification Enforcement
This paper introduces a hybrid static-runtime enforcement mechanism that works on unannotated program code and supports information-flow control, as well as declassification policies, and implements its runtime enforcer.
Efficient Runtime Policy Enforcement Using Counterexample-Guided Abstraction Refinement
A novel analysis is developed, which builds on abstraction-refinement techniques, to derive a set of runtime policy checks to enforce a given policy--as well as their placement in the code.
HLIO: mixing static and dynamic typing for information-flow control in Haskell
This paper presents the design and implementation of the approach, HLIO (Hybrid LIO), as an embedding in Haskell that uses a novel technique for deferring IFC checks based on singleton types and constraint polymorphism and offers a methodology for programmer-controlled hybrid type checking in Haskell.
Information flow control for standard OS abstractions
Flume is presented, a new DIFC model that applies at the granularity of operating system processes and standard OS abstractions (e.g., pipes and file descriptors), designed for simplicity of mechanism, to ease DIFC's use in existing applications, and to allow safe interaction between conventional and DIFC-aware processes.
Gradual Security Typing with References
ML-GS is proposed, a monomorphic ML core language with references and higher-order functions that implements gradual typing for IFC that enables non-trivial casts on reference types so that a reference can be safely used everywhere in a program regardless of whether it was created in a dynamically or statically checked part of the program.
EON: modeling and analyzing dynamic access control systems with logic programs
EON, a logic-programming language and tool that can be used to model and analyze dynamic access control systems, is presented and it is shown that query evaluation in EON can be reduced to decidable query satisfiability in a fragment of Datalog.
Static Analysis for Efficient Hybrid Information-Flow Control
This work shows how static analyses can be used to make hybrid information-flow monitors more efficient, in two ways, and derives sufficient conditions for soundly incorporating a wide range of memory abstractions into information- flow monitors.