ABSTRACT
Privacy is one of the critical aspects in the design of computing systems. Various techniques are being used to enforce privacy, such as information flow control, symmetric/asymmetric cryptography, secure computing enclaves, partial homomorphic encryption and differential privacy. These mechanisms should ideally be combined in complex software systems as they offer different properties and performance trade offs. Unfortunately, reasoning about the privacy properties of such combination is still an open research problem.
In this paper, we present our vision on a programming language in which we incorporate different privacy preservation techniques in a common programming model.
- Abbas Acar, Hidayet Aksu, A Selcuk Uluagac, and Mauro Conti. 2018. A Survey on Homomorphic Encryption Schemes: Theory and Implementation. ACM Computing Surveys (CSUR) 51, 4 (2018). Google ScholarDigital Library
- Aslan Askarov, Daniel Hedin, and Andrei Sabelfeld. 2008. Cryptographically-masked Flows. Theoretical Computer Science 402, 2-3 (2008). Google ScholarDigital Library
- Aslan Askarov and Andrei Sabelfeld. 2007. Gradual Release: Unifying Declassification, Encryption and Key Release Policies. In 2007 IEEE Symposium on Security and Privacy (SP). Google ScholarDigital Library
- Andrew Baumann, Marcus Peinado, and Galen Hunt. 2015. Shielding Applications from an Untrusted Cloud with Haven. ACM Transactions on Computer Systems (TOCS) 33, 3 (2015). Google ScholarDigital Library
- Stefan Brenner, Colin Wulf, David Goltzsche, Nico Weichbrodt, Matthias Lorenz, Christof Fetzer, Peter Pietzuch, and Rüdiger Kapitza. 2016. SecureKeeper: Confidential ZooKeeper using Intel SGX. In Proceedings of the 17th International Middleware Conference. ACM. Google ScholarDigital Library
- Joan Daemen and Vincent Rijmen. 1999. AES proposal: Rijndael. (1999).Google Scholar
- Luminous Fennell and Peter Thiemann. LJGS: Gradual Security Types for Object-Oriented Languages. In 30th European Conference on Object-Oriented Programming (ECOOP 2016).Google Scholar
- Cédric Fournet and Tamara Rezk. 2008. Cryptographically Sound Implementations for Typed Information-flow Security. ACM SIGPLAN Notices 43, 1 (2008). Google ScholarDigital Library
- Boniface Hicks, David King, and Patrick McDaniel. 2005. Declassification with Cryptographic Functions in a Security-Typed Language. Technical Report NASTR-0004-2005. Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, USA.Google Scholar
- Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. Innovative Instructions and Software Model for Isolated Execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP '13). Google ScholarDigital Library
- Andrew C. Myers. 1999. JFlow: Practical Mostly-Static Information Flow Control. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '99). ACM, New York, USA, 228--241. Google ScholarDigital Library
- Christian Priebe, Kapil Vaswani, and Manuel Costa. 2018. EnclaveDB: A Secure Database Using SGX. In 2018 IEEE Symposium on Security and Privacy (SP).Google Scholar
- Ronald L Rivest, Adi Shamir, and Leonard Adleman. 1978. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Commun. ACM 21, 2 (1978). Google ScholarDigital Library
- Guido Salvaneschi and Mira Mezini. 2014. Towards Reactive Programming for Object-Oriented Applications. In Transactions on Aspect-Oriented Software Development XI (Lecture Notes in Computer Science), Vol. 8400. Springer Berlin Heidelberg.Google Scholar
- G. Salvaneschi, S. Proksch, S. Amann, S. Nadi, and M. Mezini. 2017. On the Positive Effect of Reactive Programming on Software Comprehension: An Empirical Study. IEEE Transactions on Software Engineering 43, 12 (Dec 2017). Google ScholarDigital Library
- Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. 2015. VC3: Trustworthy Data Analytics in the Cloud Using SGX. In 2015 IEEE Symposium on Security and Privacy (SP). Google ScholarDigital Library
- Matías Toro, Ronald Garcia, and Éric Tanter. 2018. Type-Driven Gradual Security with References. ACM Trans. Program. Lang. Syst. 40, 4, Article 16 (Dec. 2018). Google ScholarDigital Library
- Pascal Weisenburger, Mirko Köhler, and Guido Salvaneschi. 2018. Distributed System Development with ScalaLoci. Proc. ACM Program. Lang. 2, OOPSLA, Article 129 (Oct. 2018), 30 pages. Google ScholarDigital Library
Index Terms
- Language support for multiple privacy enhancing technologies
Recommendations
How Privacy Concerns, Trust and Risk Beliefs, and Privacy Literacy Influence Users' Intentions to Use Privacy-Enhancing Technologies: The Case of Tor
Due to an increasing collection of personal data by internet companies and several data breaches, research related to privacy gained importance in the last years in the information systems domain. Privacy concerns can strongly influence users' decision ...
Privacy-enhancing technologies: approaches and development
In this paper, we discuss privacy threats on the Internet and possible solutions to this problem. Examples of privacy threats in the communication networks are identity disclosure, linking data traffic with identity, location disclosure in connection ...
The first workshop on language support for privacy-enhancing technologies (PETShop'13)
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityThe Workshop on Language Support for Privacy-Enhancing Technologies (PETShop'13) aims at bringing together researchers from the areas of security, programming languages, compiler construction, and program verification to exchange ideas and research ...
Comments