CAREER: Privacy-Compliant Web Services By Construction

职业：构建符合隐私的 Web 服务

• 批准号: 2045170
• 负责人: Malte Schwarzkopf
• 金额: $ 58.5万
• 依托单位: Brown University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-02-15 至 2026-01-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2045170&HistoricalAwards=false
• 关键词: CAREER; Privacy; Compliant; Web; Services

Today's web services store and process sensitive personal data without sufficient attention to data privacy. Privacy laws like the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the proposed United States Consumer Data Privacy Act (CDPA) and Consumer Online Privacy Rights Act (CORPA) give users new rights to control their data (e.g., access and erasure on request, rights to object to processing). With today's systems, compliance with these laws requires onerous manual labor, particularly from small and medium-sized organizations. This project investigates new systems that – by construction – comply with these privacy laws. The key idea is to provide a "micro-database" for each user, which stores all their data and which they can choose to withdraw or resubscribe. This design enables new, fundamentally privacy-centric models, such as automatically removing idle users' data while making it easy for the users to return. Realizing compliance-by-construction requires innovation in storage systems and data processing techniques. To succeed, compliant-by-construction systems must match the convenience and performance of today's systems, and the project will contribute systems that efficiently handle millions of per-user micro-databases by advancing the state-of-the-art in scalable computing techniques (e.g., dataflow systems).The proposed research will lead to new, compliant-by-construction equivalents of today's popular web service software. These privacy-first systems will provide off-the-shelf tools that automate and "democratize" good privacy practices for small and medium-size organizations. This has the potential to save considerable expense, prevent costly mistakes, and improve data privacy on the internet. The work will affect academic state-of-the-art through papers, industry practice through technology transfer and open-source software, and the general public through new tools and raised awareness of privacy issues. All software developed in this project will be available as open-source code on the project website (https://cs.brown.edu/people/malte/research/privacy-by-construction.html). Undergraduate and graduate students will be trained in privacy-conscious system design and implementation, and in the implications of new privacy laws for system design, through curriculum integration of the research.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

当今的网络服务存储和处理敏感的个人数据，而没有充分关注数据隐私法，例如欧盟的《通用数据保护条例》(GDPR)、《加州消费者隐私法》(CCPA) 和拟议的美国消费者数据隐私法 (CDPA)。 ) ) 和消费者在线隐私权法案 (CORPA) 赋予用户控制其数据的新权利（例如，根据请求访问和删除、反对处理的权利）。在当今的系统中，遵守这些法律需要繁重的体力劳动，尤其是来自体力劳动。小而该项目研究了通过构建遵守这些隐私法的新系统，其关键思想是为每个用户提供一个“微型数据库”，其中存储他们的所有数据并可以选择撤回或撤回。这种设计从根本上实现了以隐私为中心的新模式，例如自动删除闲置用户的数据，同时使用户能够轻松返回，这需要存储系统和数据处理技术的创新。符合施工要求的系统必须兼顾便利性和性能当今系统的一部分，该项目将通过推进最先进的可扩展计算技术（例如数据流系统）来贡献有效处理数百万个每个用户微数据库的系统。拟议的研究将带来新的、这些隐私优先的系统将提供现成的工具，为中小型组织实现良好的隐私实践自动化和“民主化”。这项工作将通过论文影响学术前沿，通过技术转让和开源软件影响行业实践，并通过新工具和提高认识来阻止公众。该项目中开发的所有软件都将作为开源代码在项目网站上提供（https://cs.brown.edu/people/malte/research/privacy-by-construction.html）。研究生将接受隐私意识系统设计和该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优点和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Unleashing True Utility Computing with Quicksand

• DOI: 10.1145/3593856.3595893
• 发表时间: 2023-06
• 期刊: Proceedings of the 19th Workshop on Hot Topics in Operating Systems
• 作者: Zhenyuan Ruan;Shihang Li;Kaiyan Fan;M. Aguilera;A. Belay;S. Park;Malte Schwarzkopf

Retrofitting GDPR compliance onto legacy databases

将 GDPR 合规性改造到旧数据库

• DOI: 10.14778/3503585.3503603
• 发表时间: 2021
• 期刊: Proceedings of the VLDB Endowment
• 影响因子: 2.5
• 作者: Agarwal, Archita;George, Marilyn;Jeyaraj, Aaron;Schwarzkopf, Malte
• 通讯作者: Schwarzkopf, Malte

Edna: Disguising and Revealing User Data in Web Applications

Edna：在 Web 应用程序中伪装和泄露用户数据

• DOI: 10.1145/3600006.3613146
• 发表时间: 2023
• 期刊: ACM
• 作者: Tsai, Lillian;Gross, Hannah;Kohler, Eddie;Kaashoek, Frans;Schwarzkopf, Malte
• 通讯作者: Schwarzkopf, Malte

Privacy Heroes Need Data Disguises

隐私英雄需要数据伪装

• DOI: 10.1145/3458336.3465284
• 发表时间: 2021
• 期刊: Proceedings of the 18th ACM SIGOPS Workshop on Hot Topics in Operating Systems
• 作者: Tsai, Lillian;Schwarzkopf, Malte;Kohler, Eddie
• 通讯作者: Kohler, Eddie

K9db: Privacy-Compliant Storage For Web Applications By Construction

K9db：通过构建实现 Web 应用程序的隐私兼容存储

• 发表时间: 2023
• 期刊: Proceedings of the 17th USENIX Symposium on Operating Systems Design and Implementation (OSDI
• 作者: Albab, Kinan Dak;Sharma, Ishan;Adam, Justus;Kilimnik, Benjamin;Jeyaraj, Aaron;Paul, Raj;Agvanian, Artem;Spiegelberg, Leonhard;Schwarzkopf, Malte
• 通讯作者: Schwarzkopf, Malte