Project B2

Programming Principles and
Abstractions for Privacy

Principal Investigators

Deepak Garg

E1 5 412
66123 Saarbrücken

+49 681 9303 9201
+49 681 9303 9199
dg(Replace this parenthesis with the @ sign)mpi-sws.org


Christian Hammer

August-Bebel-Str. 89
14482 Potsdam

+49 331 977-3041
+49 331 977-3042
hammer(Replace this parenthesis with the @ sign)cs.uni-potsdam.de

PhD Students

Vineet Rajani

E1 5 309
66123 Saarbrücken

+49 681 9303 9213
vrajani(Replace this parenthesis with the @ sign)mpi-sws.org


David Pfaff

E9 1 3.04
66123 Saarbrücken

+49 681 302 71919
david.pfaff(Replace this parenthesis with the @ sign)cispa.saarland

Project Summary

Privacy is generally enforced during application deployment and execution, without any feedback from the app developer on how to constrain or modify an app’s behavior if it violates a site-specific privacy policy. As a remedy, we propose to build programming language abstractions and programming principles that allow an app developer to enforce privacy by design, taking into account the possibility that the app may have to react to privacy constraints during deployment. We will investigate the well-known but little understood privacy-utility trade-off for applications that are written from-scratch in a policy-aware setting. We envision a system where app developers structure their code into modules. Each module provides certain functionality and requires certain permissions: the more permissive the user’s privacy policies, the more functionality can be provided. Static and dynamic analysis techniques will ensure that the policy on each module and the user’s privacy permissions are enforced. The system will support gradual app development, where a developer may make her app privacy compliant one module at a time. We will evaluate our system based on realistic case studies for Web and Android applications.

Role Within the Collaborative Research Center

cdB2

Open Positions

In the context of this project we are looking for two qualified PhD students with a track record in topics relevant to the project. If you are interested please send a letter of intent together with your short CV to the PIs of the project.