Using contexts and capabilities to provide privacy protection

Privacy is an important aspect of the internet today. Providing privacy protection, however, is a difficult problem especially when you work with many data processes and systems. To solve this problem holistically, privacy needs to be a built-in feature, not an after-thought. I will talk about how to solve this problem with the idea of context and capabilities.

Privacy is an important aspect of the internet today. When you need to use a particular service, you often need to hand over some personal information. The service provider typically provides some protection about the use of your personal information based upon its privacy policy.

From the service provider’s perspective, this is not a simple task. Suppose that you have collected your users’ email addresses and made the promise that you do not share them with any third party vendor. In a large company, there could be many systems and processes that make use of email addresses. How do you ensure that none of your code leaks information to any third party vendors?

The problem can be solved with contexts and capabilities. Contexts are environmental information that tracks the purpose of your code. Capabilities represent a set of purposes that your code can be used for. As an example, bar is a function that writes sensitive information, such as email address, to a user database and it has the capability of “user-management”. Then, when a function foo() calls bar(), it is allowed as long as foo‘s stated capabilities also include “user-management”.

This talk will cover more about the why’s and the general mechanics of context and capabilities. I will also present a prototype that provides some basic functionalities of tracking contexts, defining capabilities and validating capabilities at runtime.

Context is also known as coeffects. You can find more information about the theory of context-aware programming languages at http://tomasp.net/coeffects/.

More information about context and capabilities can be found at this Hack language’s documentation: https://docs.hhvm.com/hack/contexts-and-capabilities/introduction.