Prof. Malte Schwarzkopf / Privacy Compliance By Construction for Database-backed Web Applications
Abstract
Data privacy laws like the EU’s GDPR grant users new rights to their data, such as the right to request access and deletion. To comply with these requests, developers manually implement, audit, and maintain infrastructure to identify and extract all data for a user on request. This is costly and error-prone, and imposes burden especially on small and medium organizations, as non-compliance risks steep fines.
In this talk, I will describe an effort to construct storage systems that comply with key provisions of privacy laws like the GPDR by construction. Specifically, I will focus on a new database-like storage system design that complies with privacy laws by construction. The key idea is to organize data primarily by user: each user has their own micro-database (µDB), which contains all data related to them and which the user can download or remove at any time. Combined, the active µDBs constitute the application state. This easy-to-understand model explicitly associates data with users, gives confidence that data access and removal requests are handled correctly, and requires no developer effort.
The challenge is to make µDBs efficient: application queries that access thousands of µDBs would be slow. Our system uses a combination of static analysis, query rewriting, and materialized views to make web application requests fast even though the storage is split into many µDBs. A prototype illustrates that performance with tens of thousands of µDBs can be competitive with MariaDB, a widely-used database without privacy compliance.
About the Speaker
Malte Schwarzkopf is an Assistant Professor of Computer Science at Brown University. Previously, he was a post-doc in MIT's PDOS group and received his Ph.D. from the University of Cambridge. Malte's research focuses on new abstractions that make computer systems efficient, easy-to-use, and trustworthy. Malte's past work has received best paper awards at NSDI and EuroSys, and the NSF CAREER award (2021). He is still getting used to no longer living in a city called Cambridge.