Harpocrates: Oblivious Privacy in a Statically Typed World

• Main Authors: Pehlivanoglu, Sinan, Schwarzkopf, Malte
• Format: Journal Article
• Language: English
• Published: 09.11.2024
• Subjects: Computer Science - Cryptography and Security; Computer Science - Systems and Control
• DOI: 10.48550/arxiv.2411.06317

In this paper, we introduce Harpocrates, a compiler plugin and a framework pair for Scala that binds the privacy policies to the data during data creation in form of oblivious membranes. Harpocrates eliminates raw data for a policy protected type from the application, ensuring it can only exist in protected form and centralizes the policy checking to the policy declaration site, making the privacy logic easy to maintain and verify. Instead of approaching privacy from an information flow verification perspective, Harpocrates allow the data to flow freely throughout the application, inside the policy membranes but enforces the policies when the data is tried to be accessed, mutated, declassified or passed through the application boundary. The centralization of the policies allow the maintainers to change the enforced logic simply by updating a single function while keeping the rest of the application oblivious to the change. Especially in a setting where the data definition is shared by multiple applications, the publisher can update the policies without requiring the dependent applications to make any changes beyond updating the dependency version.