A CleanRoom Approach to BYOA : Bring Your Own Apps

In this paper, we present CleanRoom, a new app platform designed to protect confidentiality in a Bring Your Own Apps (BYOA) world in which employees use their own third-party apps to create, edit, and share corporate data. CleanRoom’s core guarantee is privacy-preserving collaboration: CleanRoom enables employees to work together on shared documents while ensuring that the document’s owners—not the app accessing the document—control who can access and collaborate on the document. CleanRoom prevents a faulty or malicious app from leaking document data to unauthorized parties—including the app’s publisher—through a novel system design that leverages two different types of sandboxes. Through these sandboxes and other mechanisms, CleanRoom accommodates a broad range of apps, preserves the confidentiality of the documents that these apps access, incurs insignificant overhead (e.g., 0.11 ms of overhead per client-server request), and even supports accurate, privacy-preserving error reporting through a novel combination of differential privacy and static program analysis.