Access control is central to computer security. Traditionally, we wish to restrict the user to exactly what he should be able to do, no more and no less. You might think that this only applies to legitimate users: where do attackers fit into this worldview? Of course, an attacker is a user whose access should be

WP/Task responsible

Recent years have seen unprecedented growth in the popularity of social network systems, with Facebook being an archetypical example. Due to the distributed nature of access control in Facebook-style social network systems, it is difficult for a user to anticipate the privacy consequence of such actions as modifying a privacy setting or befriending another user. This work takes a first step in addressing this challenge, by proposing an access control model that formalizes and generalizes the privacy preservation mechanism of Facebook. The model can be instantiated into a family of Facebook-style social network systems, each with a recognizably different access control mechanism, so that Facebook is but one instantiation of the model. We also demonstrate that the model can be instantiated to express policies that, on the one hand, are not currently supported by Facebook, but on the other hand possess rich and natural social significance. This work thus deepens our understanding of the design space of privacy preservation mechanisms for social network systems, and lays out a formal framework for policy analysis in these systems. 1

Abstract — Various newsworthy incidents typically include breaches of security, invasion of privacy, and harm caused by false information. In the e-health domain, there has been a lot of focus on ethical issues when dealing with electronic health records (EHRs) and patient medical records (PMRs). However, equally important are the myriad of health information websites that are being used to formally or informally get medical advice online. This study surveys related work on three popular and pertinent issues in health information websites: privacy, security, and trust. Our contributions include a succinct survey of different categories of popular health information websites (WebMD.com, MayoClinic.com, KidsHealth.org, PatientsLikeMe.com) to gauge existing methods for handling these issues. Moreover, an agenda is proposed for understanding the three issues orthogonally via access control. Other outcomes of the study include recommendations for open problems identified in health websites, including the need for fine-grained privacy, security and trust controls. I.

Though Haskell is predominantly type-safe, implementations contain a few loopholes through which code can bypass typing and module encapsulation. This paper presents Safe Haskell, a language extension that closes these loopholes. Safe Haskell makes it possible to confine and safely execute untrusted, possibly malicious code. By strictly enforcing types, Safe Haskell allows a variety of different policies from API sandboxing to information-flow control to be implemented easily as monads. Safe Haskell is aimed to be as unobtrusive as possible. It enforces properties that programmers tend to meet already by convention. We describe the design of Safe Haskell and an implementation (currently shipping with GHC) that infers safety for code that lies in a safe subset of the language. We use Safe Haskell to implement an online Haskell interpreter that can securely execute arbitrary untrusted code with no overhead. The use of Safe Haskell greatly simplifies this task and allows the use of a large body of existing code and tools.

Though Haskell is predominantly type-safe, implementations contain a few loopholes through which code can bypass typing and module encapsulation. This paper presents Safe Haskell, a language extension that closes these loopholes. Safe Haskell makes it possible to confine and safely execute untrusted, possibly malicious code. By strictly enforcing types, Safe Haskell allows a variety of different policies from API sandboxing to information-flow control to be implemented easily as monads. Safe Haskell is aimed to be as unobtrusive as possible. It enforces properties that programmers tend to meet already by convention. We describe the design of Safe Haskell and an implementation (currently shipping with GHC) that infers safety for code that lies in a safe subset of the language. We use Safe Haskell to implement an online Haskell interpreter that can securely execute arbitrary untrusted code with no overhead. The use of Safe Haskell greatly simplifies this task and allows the use of a large body of existing code and tools.