- Library Home /
- Search Collections /
- Open Collections /
- Browse Collections /
- UBC Theses and Dissertations /
- Enhancing user privacy in web services
Open Collections
UBC Theses and Dissertations
UBC Theses and Dissertations
Enhancing user privacy in web services Légaré, Jean-Sébastien
Abstract
As the wealth of quality application services grows, so too does the volume of data that users disclose and entrust to others. To receive service, users must trust providers with their data. But, without being afforded visibility into the inner workings of the services, users cannot gain strong assurance that their data will be safeguarded. This trust is precarious. First, services may go out of business or fail, leading to complete data loss, or to the inability to view, manipulate, and share the data in a meaningful way. Second, the confidentiality of user data critically hinges on the service enforcing complex access control rules correctly, and following secure cryptographic practices diligently. Third, even when sensitive data is safeguarded most securely, every application interaction, or communication attempt may still be surveilled and scrutinized, unbeknownst to users. This thesis presents alternate web application designs that aim to provide users with verifiable guarantees about the longevity of access to data, data confidentiality, and anonymity. We achieve these goals by systematically disaggregating functional components from the service's trusted computing base, and exposing them in a way that allows external verification. Our is aim is to protect personal data, but to do so while maintaining the many advantages that traditional web applications can offer. We demonstrate the effectiveness of our approaches with proof-of-concept applications that are practical and allow immediate deployment in the current web.
Item Metadata
Title |
Enhancing user privacy in web services
|
Creator | |
Publisher |
University of British Columbia
|
Date Issued |
2017
|
Description |
As the wealth of quality application services grows, so too does the
volume of data that users disclose and entrust to others. To receive
service, users must trust providers with their data. But, without
being afforded visibility into the inner workings of the services, users
cannot gain strong assurance that their data will be safeguarded.
This trust is precarious. First, services may go out of business or
fail, leading to complete data loss, or to the inability to view,
manipulate, and share the data in a meaningful way. Second, the
confidentiality of user data critically hinges on the service
enforcing complex access control rules correctly, and following secure
cryptographic practices diligently. Third, even when sensitive data is
safeguarded most securely, every application interaction, or
communication attempt may still be surveilled and scrutinized,
unbeknownst to users.
This thesis presents alternate web application designs that aim to
provide users with verifiable guarantees about the longevity of access
to data, data confidentiality, and anonymity. We achieve these goals
by systematically disaggregating functional components from the
service's trusted computing base, and exposing them in a way that allows external
verification. Our is aim is to protect personal data, but to do so
while maintaining the many advantages that traditional web
applications can offer. We demonstrate the effectiveness of our approaches with
proof-of-concept applications that are practical and allow immediate
deployment in the current web.
|
Genre | |
Type | |
Language |
eng
|
Date Available |
2019-11-30
|
Provider |
Vancouver : University of British Columbia Library
|
Rights |
Attribution-NonCommercial-NoDerivatives 4.0 International
|
DOI |
10.14288/1.0358013
|
URI | |
Degree | |
Program | |
Affiliation | |
Degree Grantor |
University of British Columbia
|
Graduation Date |
2018-02
|
Campus | |
Scholarly Level |
Graduate
|
Rights URI | |
Aggregated Source Repository |
DSpace
|
Item Media
Item Citations and Data
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International