Programming Language Support for History-Privacy


Recent regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), guarantee a “right to be forgotten”: that user data must be deleted from software systems if the user desires. Naive approaches to implementing systems are vulnerable to “history privacy” attacks where the data is logically deleted but leaves residual traces in the physical memory that may be read by an attacker. In this project we propose to study history-privacy from a programming language (PL) design and implementation standpoint by modeling history privacy attacks as a failure of compilers to preserve reasoning about deletion operations in a high-level programming language.

People

Max
New

CSE
Engineering

Paul
Grubbs

CSE
Engineering


Funding

Funding: $30K (2022)
Goal: Develop a programming language model that supports data deletion so that correct implementations provide history-privacy guarantees.
Token Investors: Max New, Paul Grubbs


Project ID: 1029