How I know you printed my email
Internal MCIR talk on transparency:
Alexander Pretschner: How I know you printed my email
This overview talk tackles the problem of specifying, monitoring and enforcing data usage requirements of the kind, “print my email at most twice,” “notify me upon dissemination of my address,” “no more than three copies of a confidential document in the company,” “delete all copies of a movie within thirty days,” “keep financial record for five years,” and the like.
We discuss typical policies as well as an enforcement infrastructure that can act both after the fact, for accountability purposes, and preventively. It builds on two main ideas. First, requirements come at various levels of abstraction: prohibiting screenshots, writing files, playing songs, and copying database rows can most conveniently observed and controlled by monitors at different layers of abstraction: window manager, operating system, application, database. Second, when data is to be protected, usually all of its representations are meant to be protected: a picture comes as network packets, pix map, cache file, DOM object. This requires information flow tracking technology across the layers of a system and across systems.
The intention of this talk is to start a discussion on joint projects on transparency.