User-Controlled Privacy: Taint, Track, and Control
OPEN ACCESS
Loading...
Author / Producer
Date
2024
Publication Type
Conference Paper
ETH Bibliography
yes
Citations
Altmetric
OPEN ACCESS
Data
Rights / License
Abstract
We develop the first language-based, Privacy by Design approach that provides support for a rich class of privacy policies. The policies are user-defined, rather than programmer-defined, and support fine-grained information flow restrictions (considering individual application inputs and outputs) with temporal constraints. Our approach, called Taint, Track, and Control (TTC), combines dynamic information-flow control and runtime verification to enforce these policies in the presence of malicious users and developers. We provide TTC's semantics and proofs of its correct enforcement, formalized in the Isabelle/HOL proof assistant. We also implement our approach in a web development framework and port three baseline applications from previous work into this framework for evaluation. Overall, our approach enforces expressive user-defined privacy policies with practical runtime performance.
Permanent link
Publication status
published
External links
Book title
Journal / series
Volume
2024 (1)
Pages / Article No.
597 - 616
Publisher
Privacy Enhancing Technologies Symposium Advisory Board
Event
24th Privacy Enhancing Technologies Symposium (PETS 2024)
Edition / version
Methods
Software
Geographic location
Date collected
Date created
Subject
privacy by default; information-flow control; web development; temporal logic
Organisational unit
03634 - Basin, David / Basin, David
Notes
Funding
204796 - Model-driven Security & Privacy (SNF)