[Max-Planck-Gesellshaft] [MPI-SWS]

Compliant Systems


Today's data processing systems are expected to comply with many data usage policies, including the provider's privacy policy, customer requirements, contractual obligations, and legal requirements in different jurisductions. Ensuring compliance with all applicable policies is a major challenge for providers, considering the inevitable bugs and misconfigurations in a vast and evolving application codebase, as well as errors and misteps by individual employees in a large organization.

In this project, we seek to enable compliant data processing systems, where

Towards this end, we have developed a set of complementary techniques to ensure compliance at different layers:

Guardat: Policy compliance at the storage layer

Guardat enforces rich data access policies at the storage layer. Users, developers and administrators specify file protection policies declaratively, concisely and separate from code, and Guardat enforces these policies by mediating I/O in the storage layer. Compliance relies only on the integrity of the Guardat reference monitor and any external policy dependencies.

Thoth: Compliant data retrieval systems

Thoth provides an efficient, kernel-level compliance layer for distributed data retrieval systems. Declarative policies are attached to the systems’ input and output files, key-value tuples, and network connections, and specify the data’s integrity and confidentiality requirements. Thoth tracks the flow of data through the system and enforces policy at process boundaries.

Qapla: Policy compliant database queries

Database queries are often subject to complex column and row access control, and depend on query operators like aggregation, group by, and join. Qapla enforces policy-compliant queries without relying on application code and independently of the underlying DBMS system. Qapla intercepts application queries in the database adapter and rewrites queries according to applicable policies.





This project is supported by the German Science Foundation (DFG CRC 1223), the European Research Council (imPACT Synergy project), and a Google Faculty Research Award.