Enforcing privacy policies with meta-code
Proceedings of the 6th Asia-Pacific Workshop on Systems, 2015•dl.acm.org
This paper proposes a mechanism for expressing and enforcing security policies for shared
data. Security policies are expressed as stateful meta-code operations; meta-code can
express a broad class of policies, including access-based policies, use-based policies,
obligations, and sticky policies with declassification. The meta-code is interposed in the
filesystem access path to ensure policy compliance. The generality and feasibility of our
approach is demonstrated using a sports analytics prototype system.
data. Security policies are expressed as stateful meta-code operations; meta-code can
express a broad class of policies, including access-based policies, use-based policies,
obligations, and sticky policies with declassification. The meta-code is interposed in the
filesystem access path to ensure policy compliance. The generality and feasibility of our
approach is demonstrated using a sports analytics prototype system.
This paper proposes a mechanism for expressing and enforcing security policies for shared data. Security policies are expressed as stateful meta-code operations; meta-code can express a broad class of policies, including access-based policies, use-based policies, obligations, and sticky policies with declassification. The meta-code is interposed in the filesystem access path to ensure policy compliance. The generality and feasibility of our approach is demonstrated using a sports analytics prototype system.