Open Collections

Enhancing user privacy in web services

University of British Columbia

As the wealth of quality application services grows, so too does the volume of data that users disclose and entrust to others. To receive service, users must trust providers with their data. But, without being afforded visibility into the inner workings of the services, users cannot gain strong assurance that their data will be safeguarded. This trust is precarious. First, services may go out of business or fail, leading to complete data loss, or to the inability to view, manipulate, and share the data in a meaningful way. Second, the confidentiality of user data critically hinges on the service enforcing complex access control rules correctly, and following secure cryptographic practices diligently. Third, even when sensitive data is safeguarded most securely, every application interaction, or communication attempt may still be surveilled and scrutinized, unbeknownst to users. This thesis presents alternate web application designs that aim to provide users with verifiable guarantees about the longevity of access to data, data confidentiality, and anonymity. We achieve these goals by systematically disaggregating functional components from the service's trusted computing base, and exposing them in a way that allows external verification. Our is aim is to protect personal data, but to do so while maintaining the many advantages that traditional web applications can offer. We demonstrate the effectiveness of our approaches with proof-of-concept applications that are practical and allow immediate deployment in the current web.

Text

2019-11-30

Attribution-NonCommercial-NoDerivatives 4.0 International

http://hdl.handle.net/2429/63664

Computer Science

University of British Columbia

UBCV

http://creativecommons.org/licenses/by-nc-nd/4.0/