Enforcing user privacy in web applications using Erlang

Social networking applications on the web handle the personal data of a large number of concurrently

active users. These applications must comply with complex

privacy requirements, while achieving scalability and high

performance. Applying constraints to the ?ow of data through

such applications to enforce privacy policy is challenging

because individual components process data belonging to many

different users.

We introduce a practical approach for uniformly enforcing

privacy requirements in such applications using the actor-based

Erlang programming language. To isolate the personal data

of users, we exploit Erlang’s inexpensive process model and

use Erlang’s message passing mechanism to add policy checks.

We illustrate this approach by describing the architecture of

a privacy-preserving message dispatcher in a micro-blogging

service. Our performance evaluation of a prototype implementation shows that this approach can enforce ?ne-grained

privacy guarantees with a low performance overhead.