Balancing Isolation and Sharing of Data in Third-Party Extensible App Ecosystems

  • Florian Schröder
  • Raphael M. Reischuk
  • Johannes Gehrke
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9114)


In the landscape of application ecosystems, today’s cloud users wish to personalize not only their browsers with various extensions or their smartphones with various applications, but also the various extensions and applications themselves. The resulting personalization significantly raises the attractiveness for typical Web 2.0 users, but gives rise to various security risks and privacy concerns, such as unforeseen access to certain critical components, undesired information flow of personal information to untrusted applications, or emerging attack surfaces that were not possible before a personalization has taken place. We propose a novel extensibility mechanism to implement personalization of existing cloud applications towards (possibly untrusted) components in a secure and privacy-friendly manner. More details of the results can be found in the long version [4] of this paper.


Data Item Output Table Extensibility Mechanism Access Control Policy Input Table 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Arellano, C., Díaz, O., Iturrioz, J.: Opening Personalization to Partners: An Architecture of Participation for Websites. In: Brambilla, M., Tokuda, T., Tolksdorf, R. (eds.) ICWE 2012. LNCS, vol. 7387, pp. 91–105. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  2. 2.
    Jørstad, I., Thanh, D.V., Dustdar, S.: Personalisation of next generation mobile services. In: Norrie, M.C., Dustdar, S., Gall, H.C. (eds.) UMICS 2006 (2007)Google Scholar
  3. 3.
    Reischuk, R.M., Backes, M., Gehrke, J.: SAFE extensibility for data-driven web applications. In: 21st Int. Conf. on World Wide Web, pp. 799–808. ACM (2012)Google Scholar
  4. 4.
    Schröder, F., Reischuk, R.M., Gehrke, J.: Balancing isolation and sharing of data for third-party extensible app ecosystems (2015).
  5. 5.
    Toch, E., Wang, Y., Cranor, L.F.: Personalization and privacy: a survey of privacy risks and remedies in personalization-based systems. User Modeling and User-Adapted Interaction 22(1–2), 203–220 (2012)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Florian Schröder
    • 1
  • Raphael M. Reischuk
    • 2
  • Johannes Gehrke
    • 3
  1. 1.Saarland UniversitySaarbrückenGermany
  2. 2.ETH ZurichZürichSwitzerland
  3. 3.Cornell UniversityIthacaUSA

Personalised recommendations