Web services and enterprise data retrieval systems store, process, and serve data from many users and sources.  Ensuring compliance with applicable data use policies in today's complex and agile system is a difficult challenge, because policy specification and enforcement is intertwined with application code, and any bug or misconfiguration can violate policy.  In this talk, I'll describe our work towards compliant data retrieval systems where data usage policies are specified in a declarative language separate from application code, and enforced by an efficient compliance layer that relies on a relatively small and stable trusted computing base.

Peter Druschel is the Max Planck Institute for Software Systems' founding director and leads the distributed systems research group. He is also an Adjunct Professor at Saarland University and at the University of Maryland, Associate Director of the Center for Information Security, Privacy and Accountability (CISPA), and a Principal Investigator in the Center of Excellence in Multimodal Communication and Interaction (MMCI). Peter's research interests are in understanding, designing and building computer systems. In the past, he has worked on operating systems, network services, peer-to-peer systems, and accountable distributed systems. Currently, he is interested in practical techniques to make distributed and mobile systems secure, compliant, privacy-preserving. Peter received an NSF CAREER Award (1995), an Alfred P. Sloan Fellowship (2000), and the SIGOPS Mark Weiser Award (2008). He is on the editorial boards of the Communications of the ACM (CACM) and the Royal Society Open Science Journal. Previously, he served on the editorial board of ACM Transactions on Computer Systems (TOCS) and chaired the program committees of SOSP, OSDI, NSDI, and EuroSys. Peter is a member of the Academia Europaea and the German Academy of Sciences Leopoldina.