Web services like Google, Facebook, and Dropbox are now an essential part of people’s lives. In order to provide value to users, these services collect, store, and analyze large amounts of their users’ sensitive data. However, once the user provides her information to the web service, she loses control over how the application manipulates that data. For example, a user cannot control where the application forwards her data. Even if the service wanted to allow users to define access controls, it is unclear how these access controls should be expressed and enforced. Not only is it difficult to develop these secure access control mechanisms, but it is also difficult to ensure these mechanisms are practical. My research addresses these concerns. More specifically, it focuses on building practical, secure mechanisms for protecting user data in large-scale, distributed web services.
Thesis Committee: Nickolai Zeldovich, James Mickens (Harvard), and Vinod Vaikuntanathan.