Enforcing User Privacy in Web Applications using Erlang

Social networking applications on the web handle the personal data of a large number of concurrently active users. These applications must comply with complex privacy requirements, while achieving scalability and high performance. Applying constraints to the flow of data through such applications to enforce privacy policy is challenging because individual components process data belonging to many different users.

We introduce a practical approach for uniformly enforcing privacy requirements in such applications using the actor-based Erlang programming language. To isolate the personal data of users, we exploit Erlang’s inexpensive process model and use Erlang’s message passing mechanism to add policy checks. We illustrate this approach by describing the architecture of a privacy-preserving message dispatcher in a micro-blogging service. Our performance evaluation of a prototype implementation shows that this approach can enforce fine-grained privacy guarantees with a low performance overhead.

Web 2.0 Security and Privacy (W2SP)
Publication Year
Related Projects