CAREER: Privacy-Compliant Web Services By Construction

职业：构建符合隐私的 Web 服务

• 批准号: 2045170
• 负责人: Malte Schwarzkopf
• 金额: $ 58.5万
• 依托单位: Brown University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-02-15 至 2026-01-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2045170&HistoricalAwards=false
• 关键词: CAREER; Privacy; Compliant; Web; Services

Today's web services store and process sensitive personal data without sufficient attention to data privacy. Privacy laws like the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the proposed United States Consumer Data Privacy Act (CDPA) and Consumer Online Privacy Rights Act (CORPA) give users new rights to control their data (e.g., access and erasure on request, rights to object to processing). With today's systems, compliance with these laws requires onerous manual labor, particularly from small and medium-sized organizations. This project investigates new systems that – by construction – comply with these privacy laws. The key idea is to provide a "micro-database" for each user, which stores all their data and which they can choose to withdraw or resubscribe. This design enables new, fundamentally privacy-centric models, such as automatically removing idle users' data while making it easy for the users to return. Realizing compliance-by-construction requires innovation in storage systems and data processing techniques. To succeed, compliant-by-construction systems must match the convenience and performance of today's systems, and the project will contribute systems that efficiently handle millions of per-user micro-databases by advancing the state-of-the-art in scalable computing techniques (e.g., dataflow systems).The proposed research will lead to new, compliant-by-construction equivalents of today's popular web service software. These privacy-first systems will provide off-the-shelf tools that automate and "democratize" good privacy practices for small and medium-size organizations. This has the potential to save considerable expense, prevent costly mistakes, and improve data privacy on the internet. The work will affect academic state-of-the-art through papers, industry practice through technology transfer and open-source software, and the general public through new tools and raised awareness of privacy issues. All software developed in this project will be available as open-source code on the project website (https://cs.brown.edu/people/malte/research/privacy-by-construction.html). Undergraduate and graduate students will be trained in privacy-conscious system design and implementation, and in the implications of new privacy laws for system design, through curriculum integration of the research.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

今天的Web服务存储和处理敏感的个人数据，而没有充分关注数据隐私。欧盟的《通用数据保护条例》（GDPR）、《加州消费者隐私法》（CCPA）以及拟议中的《美国消费者数据隐私法》（CDPA）和《消费者在线隐私权法》（CORPA）等隐私法赋予用户控制其数据的新权利（例如，根据请求访问和擦除，反对处理的权利）。在当今的系统中，遵守这些法律需要繁重的体力劳动，特别是中小型组织。这个项目调查新的系统，通过建设，符合这些隐私法。其核心思想是为每个用户提供一个"微型数据库"，存储他们所有的数据，他们可以选择撤回或重新订阅。这种设计实现了新的、从根本上以隐私为中心的模型，例如自动删除空闲用户的数据，同时使用户更容易返回。通过建设实现合规，需要在存储系统和数据处理技术方面进行创新。为了取得成功，符合建设的系统必须匹配当今系统的便利性和性能，该项目将通过推进可扩展计算技术的最新技术（例如，拟议的研究将导致新的，符合建设相当于今天流行的web服务软件。这些隐私优先系统将提供现成的工具，使中小型组织的良好隐私做法自动化和“民主化”。这有可能节省大量费用，防止代价高昂的错误，并改善互联网上的数据隐私。这项工作将通过论文影响最先进的学术水平，通过技术转让和开源软件影响行业实践，并通过新工具和提高对隐私问题的认识影响公众。该项目开发的所有软件都将作为开源代码在项目网站上提供（https：//cs.brown.edu/people/malte/research/privacy-by-construction.html）。本科生和研究生将通过研究课程的整合，在隐私意识的系统设计和实施，以及新的隐私法对系统设计的影响方面进行培训。该奖项反映了NSF的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Unleashing True Utility Computing with Quicksand

• DOI: 10.1145/3593856.3595893
• 发表时间: 2023-06
• 期刊: Proceedings of the 19th Workshop on Hot Topics in Operating Systems
• 作者: Zhenyuan Ruan;Shihang Li;Kaiyan Fan;M. Aguilera;A. Belay;S. Park;Malte Schwarzkopf

Retrofitting GDPR compliance onto legacy databases

将 GDPR 合规性改造到旧数据库

• DOI: 10.14778/3503585.3503603
• 发表时间: 2021
• 期刊: Proceedings of the VLDB Endowment
• 影响因子: 2.5
• 作者: Agarwal, Archita;George, Marilyn;Jeyaraj, Aaron;Schwarzkopf, Malte
• 通讯作者: Schwarzkopf, Malte

Edna: Disguising and Revealing User Data in Web Applications

Edna：在 Web 应用程序中伪装和泄露用户数据

• DOI: 10.1145/3600006.3613146
• 发表时间: 2023
• 期刊: ACM
• 作者: Tsai, Lillian;Gross, Hannah;Kohler, Eddie;Kaashoek, Frans;Schwarzkopf, Malte
• 通讯作者: Schwarzkopf, Malte

Privacy Heroes Need Data Disguises

隐私英雄需要数据伪装

• DOI: 10.1145/3458336.3465284
• 发表时间: 2021
• 期刊: Proceedings of the 18th ACM SIGOPS Workshop on Hot Topics in Operating Systems
• 作者: Tsai, Lillian;Schwarzkopf, Malte;Kohler, Eddie
• 通讯作者: Kohler, Eddie

K9db: Privacy-Compliant Storage For Web Applications By Construction

K9db：通过构建实现 Web 应用程序的隐私兼容存储

• 发表时间: 2023
• 期刊: Proceedings of the 17th USENIX Symposium on Operating Systems Design and Implementation (OSDI
• 作者: Albab, Kinan Dak;Sharma, Ishan;Adam, Justus;Kilimnik, Benjamin;Jeyaraj, Aaron;Paul, Raj;Agvanian, Artem;Spiegelberg, Leonhard;Schwarzkopf, Malte
• 通讯作者: Schwarzkopf, Malte