Information Flow Control for Static Enforcement of User-Defined Privacy Policies

Information flow control (IFC) allows software programmers and auditors to detect and prevent the sharing of information between different parts of a program which, as a matter of policy, should be kept logically separate. However, the lack of widespread use of IFC suggests technology and usability barriers to adoption. The programming language JIF provides IFC on top of Java. To assess pragmatic issues and systematic limitations of using JIF for commercial privacy-preserving Web applications, we deliver the first Web-based case-study with customer-negotiated restrictions on data recipients and usage. On a practical level, from our experience of programming in JIF, we assess its suitability for preventing accidental misuse of personal information and deduce recommendations for future implementations. On a theoretical level, we explore the compatibility between static analysis and privacy policies configured at runtime.