Balancing Isolation and Sharing of Data for Third-Party Extensible App Ecosystems
Florian Schr\"oder, Raphael M. Reischuk, Johannes Gehrke
TL;DR
This paper introduces a secure, privacy-preserving extensibility mechanism for cloud applications, enabling personalization through untrusted components while preventing undesired access and information flow.
Contribution
It presents a novel component abstraction and a SAFE framework-based methodology for secure personalization in cloud application ecosystems.
Findings
Provides a secure extension mechanism for cloud apps
Ensures no undesired information flow between components
Demonstrates secure extension of a social network app
Abstract
In the landscape of application ecosystems, today's cloud users wish to personalize not only their browsers with various extensions or their smartphones with various applications, but also the various extensions and applications themselves. The resulting personalization significantly raises the attractiveness for typical Web 2.0 users, but gives rise to various security risks and privacy concerns, such as unforeseen access to certain critical components, undesired information flow of personal information to untrusted applications, or emerging attack surfaces that were not possible before a personalization has taken place. In this paper, we propose a novel extensibility mechanism which is used for implementing personalization of existing cloud applications towards (possibly untrusted) components in a secure and privacy-friendly manner. Our model provides a clean component abstraction,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Advanced Malware Detection Techniques · Cloud Data Security Solutions