The Hippocratic File System: Protecting Privacy in Networked Storage
Can Sar, Pei Cao, Drew Dean
Privacy protection is increasingly difficult in today's information society.
In this paper, we look at an important link in the chain of information
protection: the file system, and propose mechanisms to enhance the
disclosure control of personal data. The scheme, called the Hippocratic
File System, stores personal data's purpose and use limitation as the data's
label, propagates the label as the information flows from one place to another,
and enforces the label to prevent accidental disclosures.
the design, implementation and experience with the Hippocratic file system.
In particular, we highlight a deployment obstacle: ``cross-invocation
contamination'' of legacy applications, and describe techniques to alleviate
The paper in PDF is here.