在自带应用程序中保护隐私

Proceedings of the Seventh ACM Symposium on Cloud Computing Pub Date : 2016-10-05 DOI:10.1145/2987550.2987587

Sangmin Lee, Deepak Goel, Edmund L. Wong, Asim Kadav, M. Dahlin

{"title":"在自带应用程序中保护隐私","authors":"Sangmin Lee, Deepak Goel, Edmund L. Wong, Asim Kadav, M. Dahlin","doi":"10.1145/2987550.2987587","DOIUrl":null,"url":null,"abstract":"Enterprise environments limit personal device usage for corporate data within a small set of enterprise provided apps or by using a whitelist of third-party apps. Both these options provide employees with limited app features, and a whitelist can be cumbersome to manage. In this paper we present CleanRoom, a new app platform designed to protect confidentiality in a brave \"Bring Your Own Apps\" (BYOA) world where employees use their own untrusted third-party apps to create, edit, and share corporate data. CleanRoom's core guarantee is privacy-preserving collaboration: CleanRoom enables employees to work together on shared data while ensuring that the owners of the data---not the app accessing the data---control who can access and collaborate using this data. CleanRoom provides fine-grained data object sandboxes and uses platform level access control to preserve privacy. We show that CleanRoom prevents a faulty or malicious app from leaking any data to unauthorized users or the app's publisher. CleanRoom accommodates a broad range of apps, preserves the confidentiality of the data that these apps access, and incurs low overhead. Furthermore, CleanRoom supports a novel privacy-preserving error reporting through a combination of differential privacy and static program analysis.","PeriodicalId":362207,"journal":{"name":"Proceedings of the Seventh ACM Symposium on Cloud Computing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Privacy Preserving Collaboration in Bring-Your-Own-Apps\",\"authors\":\"Sangmin Lee, Deepak Goel, Edmund L. Wong, Asim Kadav, M. Dahlin\",\"doi\":\"10.1145/2987550.2987587\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Enterprise environments limit personal device usage for corporate data within a small set of enterprise provided apps or by using a whitelist of third-party apps. Both these options provide employees with limited app features, and a whitelist can be cumbersome to manage. In this paper we present CleanRoom, a new app platform designed to protect confidentiality in a brave \\\"Bring Your Own Apps\\\" (BYOA) world where employees use their own untrusted third-party apps to create, edit, and share corporate data. CleanRoom's core guarantee is privacy-preserving collaboration: CleanRoom enables employees to work together on shared data while ensuring that the owners of the data---not the app accessing the data---control who can access and collaborate using this data. CleanRoom provides fine-grained data object sandboxes and uses platform level access control to preserve privacy. We show that CleanRoom prevents a faulty or malicious app from leaking any data to unauthorized users or the app's publisher. CleanRoom accommodates a broad range of apps, preserves the confidentiality of the data that these apps access, and incurs low overhead. Furthermore, CleanRoom supports a novel privacy-preserving error reporting through a combination of differential privacy and static program analysis.\",\"PeriodicalId\":362207,\"journal\":{\"name\":\"Proceedings of the Seventh ACM Symposium on Cloud Computing\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Seventh ACM Symposium on Cloud Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2987550.2987587\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Seventh ACM Symposium on Cloud Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2987550.2987587","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

企业环境将个人设备对企业数据的使用限制在一小部分企业提供的应用程序中，或者通过使用第三方应用程序的白名单。这两种选择都为员工提供了有限的应用功能，而且白名单管理起来很麻烦。在本文中，我们介绍了CleanRoom，这是一个新的应用程序平台，旨在在一个勇敢的“自带应用程序”(BYOA)世界中保护机密，在这个世界中，员工使用自己的不受信任的第三方应用程序来创建、编辑和共享公司数据。洁净室的核心保证是保护隐私的协作:洁净室使员工能够在共享数据上一起工作，同时确保数据的所有者——而不是访问数据的应用程序——控制谁可以访问和使用这些数据进行协作。CleanRoom提供细粒度的数据对象沙箱，并使用平台级访问控制来保护隐私。我们证明，CleanRoom可以防止有故障或恶意的应用程序泄露任何数据给未经授权的用户或应用程序的发布者。洁净室容纳广泛的应用程序，保持这些应用程序访问的数据的机密性，并产生低开销。此外，CleanRoom通过结合差异隐私和静态程序分析，支持一种新颖的隐私保护错误报告。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Privacy Preserving Collaboration in Bring-Your-Own-Apps

Enterprise environments limit personal device usage for corporate data within a small set of enterprise provided apps or by using a whitelist of third-party apps. Both these options provide employees with limited app features, and a whitelist can be cumbersome to manage. In this paper we present CleanRoom, a new app platform designed to protect confidentiality in a brave "Bring Your Own Apps" (BYOA) world where employees use their own untrusted third-party apps to create, edit, and share corporate data. CleanRoom's core guarantee is privacy-preserving collaboration: CleanRoom enables employees to work together on shared data while ensuring that the owners of the data---not the app accessing the data---control who can access and collaborate using this data. CleanRoom provides fine-grained data object sandboxes and uses platform level access control to preserve privacy. We show that CleanRoom prevents a faulty or malicious app from leaking any data to unauthorized users or the app's publisher. CleanRoom accommodates a broad range of apps, preserves the confidentiality of the data that these apps access, and incurs low overhead. Furthermore, CleanRoom supports a novel privacy-preserving error reporting through a combination of differential privacy and static program analysis.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the Seventh ACM Symposium on Cloud Computing

自引率

0.00%

发文量