jean yang's jeevesName Origin: Just like Wooster's clever valet Reginald Jeeves in Wodehouse's stories, the Jeeves runtime does the hard work, automatically enforcing the policies to show the appropriate output to each viewer. Meet Jean Yang who is programming security into everything even calendars. When programmers create a feature for an app or a website, even something as simple as a calendar, they should code in protections so the personal information that the feature needs to access such as your location doesn’t slip out onto the Internet. Needless to say, they sometimes fail, leaving our data to be exploited by hackers. “Just like there are many ways to sink a boat,” says Jean Yang, “there are many ways to leak information.” That’s why Yang created Jeeves, a programming language with privacy baked in. With Jeeves, developers don’t necessarily have to scrub personal information from their features, because Yang’s code essentially does it automatically. “It is a double hull for information leaks,” Yang says. Information Flow vs. Access Control: Jeeves enforces information flow and not access control. When you only have access control, you're trusting the programmer to tell you correctly at one point where a piece of data is going. Even if a sensitive location value is used in a bunch of search queries, the result of which is shared as a status (that becomes visible to many people with different levels of access), the programmer is responsible for asking for the right level of access when accessing that location. With the complex policies we're starting to see in modern applications, managing this is becoming increasingly burdensome for developers. That's why were looking at how to automatically handle information flow: the system tracks how sensitive values are used in order to make sure the values--and resulting computations--are flowing only to those with appropriate permissions. While it's relatively simple to hook access control into existing programming models, automatically handling information flow requires enhancing the language semantics (especially for conditions and function calls) to track additional information. |
I of II : a programming language which automates privacy:
II of II : Jean yang Created a programming language with privacy baked in
In Jeeves, policies are associated with labels and are functions that take an output channel as the argument and return a predicate saying whether the output channel can allow the given label to be high. For instance, the policy restrict a: λ oc.isFriends(oc, alice) associates with label a the policy that the output channel needs to be friends with user alice in order to see the high-confidentiality facets associated with the label. The Jeeves runtime uses the policies to determine the label values. Policies can depend on sensitive values, potentially causing mutual dependencies between labels.
The Jeeves runtime performs faceted execution to simultaneously execute on the multiple values, producing faceted results from operations on faceted values while performing the bookkeeping on the labels. For instance, evaluation of the expression <a ? 42 : 0> = 42 yields the faceted expression <a ? true : false>. The runtime can handle implicit flows, leakage of information through conditionals on sensitive values; the runtime evaluates conditionals on sensitive values by evaluating both branches and producing a faceted result. When the program interacts with the outside world, it needs to produce a concrete value. Effectful computations such as print now require an additional output channel argument. The Jeeves runtime uses the output channel argument to produce a system of constraints from the policies in order to assign values to the labels. The runtime can then project out the appropriate result for the output channel |
Science
|
Technology
|
Engineering
|
Mathematics
|
Empowerment
|