Recent regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), guarantee a “right to be forgotten”: that user data must be deleted from software systems if the user desires. Naive approaches to implementing systems are vulnerable to “history privacy” attacks where the data is logically deleted but leaves residual traces in the physical memory that may be read by an attacker. In this project we propose to study history-privacy from a programming language (PL) design and implementation standpoint by modeling history privacy attacks as a failure of compilers to preserve reasoning about deletion operations in a high-level programming language.
Funding: $30K (2022)
Goal: Develop a programming language model that supports data deletion so that correct implementations provide history-privacy guarantees.
Token Investors: Max New, Paul Grubbs
Project ID: 1029