Seminar: 'WebSheets: A New Privacy-Centric Framework for Web Applications', Scott Stoller

Friday, October 6, 2023 - 2:40pm to 3:40pm
NCS 120
Event Description: 


Spreadsheets are enormously popular because they enable non-programmers to create applications that manipulate tabular data.  This success inspired commercial no-code and low-code app development frameworks (e.g., Google AppSheet) for creating apps centered around interacting with tabular data stored in spreadsheets that serve as simple databases and no-code computation engines.

This talk presents the design of WebSheets, a no-code web application framework that provides novel support for security and privacy.  The key innovation of WebSheets is that access permissions are first-class. Each data table in WebSheets is paired with a permission table. Using spreadsheet formulas in permission tables, users can associate expressive fine-grained access policies with their data. By automatically filtering out inaccessible rows and columns, WebSheets presents user-customized views that are the hallmark of many web applications.  The WebSheets framework guarantees that access policies are enforced during the lifetime of this data, even as it is used throughout the application's code, or passed across applications. While achieving this global privacy guarantee similar to information flow control systems, WebSheets users can continue to work with familiar access control policies.

Additional key features of WebSheets include: a powerful formula language that supports first-class tables and declassification; a new least-privilege evaluation technique that confines WebSheets computations using OS-based access control and sandboxing mechanisms; secure integration with external systems using the least-privilege evaluation technique; and analysis techniques to help users understand and improve policies.

Computed Event Type: 
Event Title: 
Seminar: 'WebSheets: A New Privacy-Centric Framework for Web Applications', Scott Stoller