CAREER: Privacy-Compliant Web Services By Construction

职业：构建符合隐私的 Web 服务

• 批准号: 2045170
• 负责人: Malte Schwarzkopf
• 金额: $ 58.5万
• 依托单位: Brown University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-02-15 至 2026-01-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2045170&HistoricalAwards=false
• 关键词: CAREER; Privacy; Compliant; Web; Services

Today's web services store and process sensitive personal data without sufficient attention to data privacy. Privacy laws like the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the proposed United States Consumer Data Privacy Act (CDPA) and Consumer Online Privacy Rights Act (CORPA) give users new rights to control their data (e.g., access and erasure on request, rights to object to processing). With today's systems, compliance with these laws requires onerous manual labor, particularly from small and medium-sized organizations. This project investigates new systems that – by construction – comply with these privacy laws. The key idea is to provide a "micro-database" for each user, which stores all their data and which they can choose to withdraw or resubscribe. This design enables new, fundamentally privacy-centric models, such as automatically removing idle users' data while making it easy for the users to return. Realizing compliance-by-construction requires innovation in storage systems and data processing techniques. To succeed, compliant-by-construction systems must match the convenience and performance of today's systems, and the project will contribute systems that efficiently handle millions of per-user micro-databases by advancing the state-of-the-art in scalable computing techniques (e.g., dataflow systems).The proposed research will lead to new, compliant-by-construction equivalents of today's popular web service software. These privacy-first systems will provide off-the-shelf tools that automate and "democratize" good privacy practices for small and medium-size organizations. This has the potential to save considerable expense, prevent costly mistakes, and improve data privacy on the internet. The work will affect academic state-of-the-art through papers, industry practice through technology transfer and open-source software, and the general public through new tools and raised awareness of privacy issues. All software developed in this project will be available as open-source code on the project website (https://cs.brown.edu/people/malte/research/privacy-by-construction.html). Undergraduate and graduate students will be trained in privacy-conscious system design and implementation, and in the implications of new privacy laws for system design, through curriculum integration of the research.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

当今的Web服务商店和处理敏感的个人数据，没有足够关注数据隐私。诸如欧盟一般数据保护法规（GDPR），《加州消费者隐私法》（CCPA）以及拟议的美国消费者数据隐私法（CDPA）（CDPA）和消费者在线隐私权法（CORPA）等隐私法律允许控制其数据的新权利（例如，访问和擦除对处理的访问和擦除权利）。借助当今的系统，遵守这些法律需要繁重的体力劳动，尤其是中小型组织。该项目调查了新系统，这些系统（通过施工）遵守这些隐私法。关键想法是为每个用户提供一个“微数据库”，该用户存储所有数据，并可以选择撤回或重新订阅。该设计使新的以隐私为中心的模型可以自动删除空闲用户的数据，同时使用户易于返回。实现合规性需要在存储系统和数据处理技术中进行创新。为了取得成功，兼容的系统必须与当今系统的便利性和性能相匹配，并且该项目将通过推进可扩展的计算技术（例如，数据流系统）的最先进的技术来有效地处理数百万个每个用户的微型数据库。提议的研究将导致新的，符合新的，符合新的构造构造的网络服务的软件。这些隐私优先系统将提供现成的工具，以使中小型组织自动化和“民主化”良好的隐私惯例。这有可能节省大量费用，防止昂贵的错误并改善互联网上的数据隐私。这项工作将通过论文，通过技术传输和开源软件以及通用公众通过新工具来影响学术最先进的工作，并提高了对隐私问题的认识。该项目中开发的所有软件将在项目网站（https://cs.brown.edu/people/malte/malte/research/privacy-by-construction.html）上作为开源代码提供。本科生和研究生将接受隐私意识的系统设计和实施的培训，以及通过研究的课程整合的新隐私定律对系统设计的含义。该奖项反映了NSF的法定任务，并被认为是通过基金会的知识分子优点和更广泛影响的评估审查审查的审查标准来通过评估来获得的支持。

项目成果

Unleashing True Utility Computing with Quicksand

• DOI: 10.1145/3593856.3595893
• 发表时间: 2023-06
• 期刊: Proceedings of the 19th Workshop on Hot Topics in Operating Systems
• 作者: Zhenyuan Ruan;Shihang Li;Kaiyan Fan;M. Aguilera;A. Belay;S. Park;Malte Schwarzkopf

Retrofitting GDPR compliance onto legacy databases

将 GDPR 合规性改造到旧数据库

• DOI: 10.14778/3503585.3503603
• 发表时间: 2021
• 期刊: Proceedings of the VLDB Endowment
• 影响因子: 2.5
• 作者: Agarwal, Archita;George, Marilyn;Jeyaraj, Aaron;Schwarzkopf, Malte
• 通讯作者: Schwarzkopf, Malte

Edna: Disguising and Revealing User Data in Web Applications

Edna：在 Web 应用程序中伪装和泄露用户数据

• DOI: 10.1145/3600006.3613146
• 发表时间: 2023
• 期刊: ACM
• 作者: Tsai, Lillian;Gross, Hannah;Kohler, Eddie;Kaashoek, Frans;Schwarzkopf, Malte
• 通讯作者: Schwarzkopf, Malte

Privacy Heroes Need Data Disguises

隐私英雄需要数据伪装

• DOI: 10.1145/3458336.3465284
• 发表时间: 2021
• 期刊: Proceedings of the 18th ACM SIGOPS Workshop on Hot Topics in Operating Systems
• 作者: Tsai, Lillian;Schwarzkopf, Malte;Kohler, Eddie
• 通讯作者: Kohler, Eddie

K9db: Privacy-Compliant Storage For Web Applications By Construction

K9db：通过构建实现 Web 应用程序的隐私兼容存储

• 发表时间: 2023
• 期刊: Proceedings of the 17th USENIX Symposium on Operating Systems Design and Implementation (OSDI
• 作者: Albab, Kinan Dak;Sharma, Ishan;Adam, Justus;Kilimnik, Benjamin;Jeyaraj, Aaron;Paul, Raj;Agvanian, Artem;Spiegelberg, Leonhard;Schwarzkopf, Malte
• 通讯作者: Schwarzkopf, Malte