The Hippocratic File System: Protecting Privacy in Networked Storage

Can Sar, Pei Cao, Drew Dean


Privacy protection is increasingly difficult in today's information society. In this paper, we look at an important link in the chain of information protection: the file system, and propose mechanisms to enhance the disclosure control of personal data. The scheme, called the Hippocratic File System, stores personal data's purpose and use limitation as the data's label, propagates the label as the information flows from one place to another, and enforces the label to prevent accidental disclosures.

We describe the design, implementation and experience with the Hippocratic file system. In particular, we highlight a deployment obstacle: ``cross-invocation contamination'' of legacy applications, and describe techniques to alleviate this problem.

The paper in PDF is here.