Jelf : a web framework for automatic privacy policy enforcement

Hance, Travis J

Author(s)

Hance, Travis J

DownloadFull printable version (1.766Mb)

Alternative title

Web framework for automatic privacy policy enforcement

Other Contributors

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.

Advisor

Armando Solar-Lezama.

Terms of use

M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582

Metadata

Show full item record

Abstract

As people share more personal data on the web, it is increasingly important to correctly enforce policies on sensitive data. To address this problem, we have developed Jelf, a web framework that allows the programmer to separate the implementation of information flow policies from the rest of the functionality. The framework builds on previous work on the Jeeves programming language [28, 7] for automatically enforcing privacy policies. Our approach is novel in that it provides end-to-end guarantees by mediating interactions between the front-end, application, and database layers. The programmer only needs to specify information flow policies once for automatic enforcement across the web framework. To build Jelf, we have integrated Jeeves with Python and extended the Django web framework. Jelf consists of a Django template layer, a Python Jeeves application layer, and a Jeeves-compatible database layer. Our Python integration does not require changing the Python interpreter: we use have implemented our solution as a dynamic source transformation and a runtime library. The programmer may use Jelf with Python 2.7 and a standard SQL database. We have used Jelf to implement a conference management system. We describe the implementation and performance of this conference management system, as well as our experience using and running Jelf. Jelf policies comprise less than 3% of the code base and are concentrated in one place. We have deployed this system to collect submissions and reviews for an actual workshop.

Description

Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2014.

Thesis: S.B., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2014.

Cataloged from PDF version of thesis.

Includes bibliographical references (pages 55-57).

Date issued

2014

URI

http://hdl.handle.net/1721.1/91824

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

DSpace@MIT