[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/2908080.2908098acmconferencesArticle/Chapter ViewAbstractPublication PagespldiConference Proceedingsconference-collections
research-article

Precise, dynamic information flow for database-backed applications

Published: 02 June 2016 Publication History

Abstract

We present an approach for dynamic information flow control across the application and database. Our approach reduces the amount of policy code required, yields formal guarantees across the application and database, works with existing relational database implementations, and scales for realistic applications. In this paper, we present a programming model that factors out information flow policies from application code and database queries, a dynamic semantics for the underlying $^JDB$ core language, and proofs of termination-insensitive non-interference and policy compliance for the semantics. We implement these ideas in Jacqueline, a Python web framework, and demonstrate feasibility through three application case studies: a course manager, a health record system, and a conference management system used to run an academic workshop. We show that in comparison to traditional applications with hand-coded policy checks, Jacqueline applications have 1) a smaller trusted computing base, 2) fewer lines of policy code, and 2) reasonable, often negligible, additional overheads.

References

[1]
Django: The web framework for perfectionists with deadlines. https://www.djangoproject.com, accessed July 3, 2015.
[2]
Funkload. http://funkload.nuxeo.org, accessed July 3, 2015.
[3]
HotCRP bug report: Download PC review assignments obeys paper administrators. https://github.com/kohler/hotcrp/commit/ 80ff96606bbe26e242ac7ebca85b440f2dbffebb, accessed July 3, 2015.
[4]
MacroPy. https://github.com/lihaoyi/macropy, accessed July 3, 2015.
[5]
P. Anderson and J. Cheney. Toward provenance-based security for configuration languages. In Workshop on the Theory and Practice of Provenance, 2012.
[6]
O. Arden, M. D. George, J. Liu, K. Vikram, A. Askarov, and A. C. Myers. Sharing mobile code securely with information flow control. In Symposium on Security and Privacy, SP, 2012.
[7]
T. H. Austin, J. Yang, C. Flanagan, and A. Solar-Lezama. Faceted execution of policy-agnostic programs. In Workshop on Programming Languages and Analysis for Security, PLAS, 2013.
[8]
A. Barth, A. Datta, J. C. Mitchell, and H. Nissenbaum. Privacy and contextual integrity: Framework and applications. In Symposium on Security and Privacy, SP, 2006.
[9]
A. Blankstein and M. J. Freedman. Automating isolation and least privilege in web services. In Symposium on Security and Privacy, SP, 2014.
[10]
R. Bodik, S. Chandra, J. Galenson, D. Kimelman, N. Tung, S. Barman, and C. Rodarmor. Programming with angelic nondeterminism. In Symposium on Principles of Programming Languages, POPL, 2010.
[11]
N. Broberg and D. Sands. Flow locks: Towards a core calculus for dynamic flow policies. In European Symposium on Programming, ESOP, volume 3924 of LNCS. Springer Verlag, 2006.
[12]
R. Capizzi, A. Longo, V. Venkatakrishnan, and A. Sistla. Preventing information leaks through shadow executions. In Annual Computer Security Applications Conference, ACSAC, 2008.
[13]
J. Chen, R. Chugh, and N. Swamy. Type-preserving compilation of end-to-end verification of security enforcement. In Conference on Programming Language Design and Implementation, PLDI, 2010.
[14]
J. Cheney. A formal framework for provenance security. In Computer Security Foundations Symposium, CSF ’11. IEEE, 2011.
[15]
A. Chlipala. Static checking of dynamically-varying security policies in database-backed applications. In Symposium on Operating Systems Design and Implementation, OSDI, 2010.
[16]
S. Chong, K. Vikram, and A. C. Myers. Sif: Enforcing confidentiality and integrity in web applications. In Symposium on USENIX Security, SS’07, 2007.
[17]
R. Chugh, J. A. Meister, R. Jhala, and S. Lerner. Staged information flow for javascript. In Conference on Programming Language Design and Implementation, PLDI, 2009.
[18]
B. Davis and H. Chen. DBTaint: Cross-application information flow tracking via databases. In Conference on Web Application Development, WebApps’10, 2010.
[19]
W. De Groef, D. Devriese, N. Nikiforakis, and F. Piessens. Secure multi-execution of web scripts: Theory and practice. Journal of Computer Security, 22(4), 2014.
[20]
D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Commun. ACM, 20(7), 1977.
[21]
D. E. Denning, S. G. Akl, M. Morgenstern, P. G. Neumann, R. R. Schell, and M. Heckman. Views for multilevel database security. In IEEE Symposium on Security and Privacy, SP, 1986.
[22]
D. Devriese and F. Piessens. Noninterference through secure multi-execution. In Symposium on Security and Privacy, SP, 2010.
[23]
K. Fisler, S. Krishnamurthi, L. A. Meyerovich, and M. C. Tschantz. Verification and change-impact analysis of accesscontrol policies. In International Conference on Software Engineering, ICSE ’05. ACM, 2005.
[24]
D. B. Giffin, A. Levy, D. Stefan, D. Terei, D. Mazières, J. C. Mitchell, and A. Russo. Hails: Protecting data privacy in untrusted web applications. In Symposium on Operating Systems Design and Implementation, OSDI, 2012.
[25]
G. Kiczales, J. Lamping, A. Mendhekar, C. Maeda, C. V. Lopes, J.-M. Loingtier, and J. Irwin. Aspect-Oriented Programming. In ECOOP, 1997.
[26]
C. Kolbitsch, B. Livshits, B. Zorn, and C. Seifert. Rozzle: De-cloaking internet malware. Technical Report MSR-TR- 2011-94, Microsoft Research Technical Report, 2011.
[27]
M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris. Information flow control for standard os abstractions. In Symposium on Operating Systems Principles, SOSP, 2007.
[28]
J. Liu, M. D. George, K. Vikram, X. Qi, L. Waye, and A. C. Myers. Fabric: a platform for secure distributed computation and storage. In Symposium on Operating Systems Principles, SOSP. ACM, 2009.
[29]
L. Lourenço and L. Caires. Information flow analysis for valued-indexed data security compartments. In Trustworthy Computing, 2013.
[30]
T. Lunt, D. Denning, R. Schell, M. Heckman, and W. Shockley. The seaview security model. Software Engineering, IEEE Transactions on, 16(6), 1990.
[31]
A. Milicevic, D. Jackson, M. Gligoric, and D. Marinov. Modelbased, event-driven programming paradigm for interactive web applications. In International Symposium on New Ideas, New Paradigms, and Reflections on Programming & Software, Onward!, 2013.
[32]
L. D. Moura and N. Björner. Z3: An efficient SMT solver. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS’08/ETAPS’08. Springer Verlag, 2008.
[33]
A. C. Myers. JFlow: Practical mostly-static information flow control. In Symposium on Principles of Programming Languages, POPL, 1999.
[34]
J. P. Near and D. Jackson. Rubicon: bounded verification of web applications. In Symposium on the Foundations of Software Engineering, SIGSOFT/FSE ’12. ACM, 2012.
[35]
Office for Civil Rights. Summary of the HIPAA privacy rule, 2003.
[36]
F. Pottier and V. Simonet. Information flow inference for ML. ACM Transactions on Programming Languages and Systems, 25(1):117–158, Jan. 2003.
[37]
M. Rinard, C. Cadar, D. Dumitran, D. M. Roy, T. Leu, and W. S. Beebee, Jr. Enhancing server availability and security through failure-oblivious computing. In Symposium on Operating Systems Design & Implementation, OSDI, 2004.
[38]
M. Rinard, C. Cadar, and H. H. Nguyen. Exploring the acceptability envelope. In Conference on Object-oriented Programming, Systems, Languages, and Applications, OOPSLA ’05. ACM, 2005.
[39]
H. Samimi, E. D. Aung, and T. D. Millstein. Falling back on executable specifications. In ECOOP, 2010.
[40]
H. Samimi, M. Schäfer, S. Artzi, T. Millstein, F. Tip, and L. Hendren. Automated repair of html generation errors in php applications using string constraint solving. In International Conference on Software Engineering, ICSE, 2012.
[41]
D. Schoepe, D. Hedin, and A. Sabelfeld. SeLINQ: Tracking information across application-database boundaries. In International Conference on Functional Programming, ICFP, 2014.
[42]
D. R. Smith. A generative approach to aspect-oriented programming. In GPCE, 2004.
[43]
A. Solar-Lezama. 2nd workshop on programming languages technology for massive open online courses. http: //people.csail.mit.edu/asolar/plooc2014/, accessed February 25, 2016.
[44]
N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, and J. Yang. Secure distributed programming with valuedependent types. In International Conference on Functional Programming, ICFP, 2011.
[45]
E. Walkingshaw, C. Kästner, M. Erwig, S. Apel, and E. Bodden. Variational data structures: Exploring tradeoffs in computing with variability. In International Symposium on New Ideas, New Paradigms, and Reflections on Programming & Software, Onward!, 2014.
[46]
A. Warwick. Facebook photo leak flaw raises security concerns. http://www.computerweekly.com/news/2240242708/ Facebook-photo-leak-flaw-raises-security-concerns, March 2015. {Online; posted 20-March-2015}.
[47]
J. Yang, K. Yessenov, and A. Solar-Lezama. A language for automatically enforcing privacy policies. In Symposium on Principles of Programming Languages, POPL, 2012.
[48]
A. Yip, X. Wang, N. Zeldovich, and M. F. Kaashoek. Improving application security with data flow assertions. In Symposium on Operating Systems Principles, SOSP, October 2009.
[49]
A. Rules from λ jeeves We show the most relevant rules from the dynamic semantics for the Jeeves core language λ jeeves

Cited By

View all
  • (2024)Sesame: Practical End-to-End Privacy Compliance with Policy Containers and Privacy RegionsProceedings of the ACM SIGOPS 30th Symposium on Operating Systems Principles10.1145/3694715.3695984(709-725)Online publication date: 4-Nov-2024
  • (2024)Probability from Possibility: Probabilistic Confidentiality for Storage Systems Under Nondeterminism2024 IEEE 37th Computer Security Foundations Symposium (CSF)10.1109/CSF61375.2024.00041(96-111)Online publication date: 8-Jul-2024
  • (2024)Enforcing the GDPRComputer Security – ESORICS 202310.1007/978-3-031-51476-0_20(400-422)Online publication date: 11-Jan-2024
  • Show More Cited By

Index Terms

  1. Precise, dynamic information flow for database-backed applications

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    PLDI '16: Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation
    June 2016
    726 pages
    ISBN:9781450342612
    DOI:10.1145/2908080
    • General Chair:
    • Chandra Krintz,
    • Program Chair:
    • Emery Berger
    • cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 51, Issue 6
      PLDI '16
      June 2016
      726 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/2980983
      • Editor:
      • Andy Gill
      Issue’s Table of Contents
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 02 June 2016

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Web frameworks
    2. information flow

    Qualifiers

    • Research-article

    Conference

    PLDI '16
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 406 of 2,067 submissions, 20%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)62
    • Downloads (Last 6 weeks)10
    Reflects downloads up to 21 Dec 2024

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Sesame: Practical End-to-End Privacy Compliance with Policy Containers and Privacy RegionsProceedings of the ACM SIGOPS 30th Symposium on Operating Systems Principles10.1145/3694715.3695984(709-725)Online publication date: 4-Nov-2024
    • (2024)Probability from Possibility: Probabilistic Confidentiality for Storage Systems Under Nondeterminism2024 IEEE 37th Computer Security Foundations Symposium (CSF)10.1109/CSF61375.2024.00041(96-111)Online publication date: 8-Jul-2024
    • (2024)Enforcing the GDPRComputer Security – ESORICS 202310.1007/978-3-031-51476-0_20(400-422)Online publication date: 11-Jan-2024
    • (2023)Access Control for Database Applications: Beyond Policy EnforcementProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595905(223-230)Online publication date: 22-Jun-2023
    • (2022)TaintSQL: Dynamically Tracking Fine-Grained Implicit Flows for SQL Statements2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE55969.2022.00012(1-12)Online publication date: Oct-2022
    • (2022)Compositional Information Flow Monitoring for Reactive Programs2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP53844.2022.00036(467-486)Online publication date: Jun-2022
    • (2021)VarFix: balancing edit expressiveness and search effectiveness in automated program repairProceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3468264.3468600(354-366)Online publication date: 20-Aug-2021
    • (2021)Scooter & Sidecar: a domain-specific approach to writing secure database migrationsProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454072(710-724)Online publication date: 19-Jun-2021
    • (2021)SCIFFS: Enabling Secure Third-Party Security Analytics using Serverless ComputingProceedings of the 26th ACM Symposium on Access Control Models and Technologies10.1145/3450569.3463567(175-186)Online publication date: 11-Jun-2021
    • (2020)Liquid information flow controlProceedings of the ACM on Programming Languages10.1145/34089874:ICFP(1-30)Online publication date: 3-Aug-2020
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media