Campus Event Calendar
Event Entry
What and Who
Comprehensive and Practical Policy Compliance in Data Retrieval Systems
Eskam Elnikety
MMCI
SWS Student Defense Talks - Thesis Defense
SWS
Public Audience
English
Note: We use this to send email in the morning.
Date, Time and Location
Wednesday, 24 June 2020
10:00
60 Minutes
E1 5
029
Saarbrücken
Abstract
Data retrieval systems such as online search engines and online social
networks process many data items coming from different sources, each
subject to its own data use policy. Ensuring compliance with these
policies in a large and fast-evolving system presents a significant
technical challenge since bugs, misconfigurations, or operator errors
can cause (accidental) policy violations. To prevent such violations,
researchers and practitioners develop policy compliance systems.
Existing policy compliance systems, however, are either not
comprehensive or not practical. To be comprehensive, a compliance
system must be able to enforce users' policies regarding their
personal privacy preferences, the service provider's own policies
regarding data use such as auditing and personalization, and
regulatory policies such as data retention and censorship. To be
practical, a compliance system needs to meet stringent requirements:
(1) runtime overhead must be low; (2) existing applications must run
with few modifications; and (3) bugs, misconfigurations, or actions
by unprivileged operators must not cause policy violations.
In this thesis, we present the design and implementation of two
comprehensive and practical compliance systems: Thoth and Shai. Thoth
relies on pure runtime monitoring: it tracks data flows by intercepting
processes' I/O, and then it checks the associated policies to allow
only policy-compliant flows at runtime. Shai, on the other hand,
combines offline analysis and light-weight runtime monitoring: it
pushes as many policy checks as possible to an offline (flow) analysis
by predicting the policies that data-handling processes will be
subject to at runtime, and then it compiles those policies into a set
of fine-grained I/O capabilities that can be enforced directly by the
underlying operating system.
networks process many data items coming from different sources, each
subject to its own data use policy. Ensuring compliance with these
policies in a large and fast-evolving system presents a significant
technical challenge since bugs, misconfigurations, or operator errors
can cause (accidental) policy violations. To prevent such violations,
researchers and practitioners develop policy compliance systems.
Existing policy compliance systems, however, are either not
comprehensive or not practical. To be comprehensive, a compliance
system must be able to enforce users' policies regarding their
personal privacy preferences, the service provider's own policies
regarding data use such as auditing and personalization, and
regulatory policies such as data retention and censorship. To be
practical, a compliance system needs to meet stringent requirements:
(1) runtime overhead must be low; (2) existing applications must run
with few modifications; and (3) bugs, misconfigurations, or actions
by unprivileged operators must not cause policy violations.
In this thesis, we present the design and implementation of two
comprehensive and practical compliance systems: Thoth and Shai. Thoth
relies on pure runtime monitoring: it tracks data flows by intercepting
processes' I/O, and then it checks the associated policies to allow
only policy-compliant flows at runtime. Shai, on the other hand,
combines offline analysis and light-weight runtime monitoring: it
pushes as many policy checks as possible to an offline (flow) analysis
by predicting the policies that data-handling processes will be
subject to at runtime, and then it compiles those policies into a set
of fine-grained I/O capabilities that can be enforced directly by the
underlying operating system.
Contact
--email hidden
Video Broadcast
Yes
Saarbrücken
E1 5
SWS Space 2 (6312)
passcode not visible
logged in users only
Maria-Louise Albrecht, 06/10/2020 13:21 -- Created document.