Abstract
The root cause for confidentiality and integrity attacks against computing systems is insecure information flow. The complexity of modern systems poses a major challenge to secure end-to-end information flow, ensuring that the insecurity of a single component does not render the entire system insecure. While information flow in a variety of languages and settings has been thoroughly studied in isolation, the problem of tracking information across component boundaries has been largely out of reach of the work so far. This is unsatisfactory because tracking information across component boundaries is necessary for end-to-end security.
This paper proposes a framework for uniform tracking of information flow through both the application and the underlying database. Key enabler of the uniform treatment is recent work by Cheney et al., which studies database manipulation via an embedded language-integrated query language (with Microsoft's LINQ on the backend). Because both the host language and the embedded query languages are functional F#-like languages, we are able to leverage information-flow enforcement for functional languages to obtain information-flow control for databases "for free", synergize it with information-flow control for applications and thus guarantee security across application-database boundaries. We develop the formal results in the form of a security type system that includes a treatment of algebraic data types and pattern matching, and establish its soundness. On the practical side, we implement the framework and demonstrate its usefulness in a case study with a realistic movie rental database.
- SPARKAda Examinar. Software release. http://www.praxis-his.com/sparkada/.Google Scholar
- OWASP Top 10: Ten Most Critical Web Application Security Risks. https://www.owasp.org/index.php/Top_10_2013-Top_10/, 2013. Accessed: 2014-02-20.Google Scholar
- BNF Converter. http://bnfc.digitalgrammars.com/, 2014. Accessed: 2014-02-20.Google Scholar
- Google Web Toolkit. http://www.gwtproject.org/, 2014. Accessed: 2014-02-20.Google Scholar
- LINQ (Language-Integrated Query). http://msdn.microsoft.com/en-us/library/bb397926.aspx, 2014. Accessed: 2014-02-20.Google Scholar
- Privileges Provided by MySQL. https://dev.mysql.com/doc/refman/5.1/en/privileges-provided.html, 2014. Accessed: 2014-02-20.Google Scholar
- Database Roles and Privileges. http://www.postgresql.org/docs/9.0/static/user-manag.html, 2014. Accessed: 2014-02-20.Google Scholar
- Authorization and Permissions in SQL Server. http://msdn.microsoft.com/en-us/library/bb669084(v=vs.110).aspx, 2014. Accessed: 2014-02-20.Google Scholar
- Internet Movie Database. http://www.imdb.com/, 2014. Accessed: 2014-02-20.Google Scholar
- PostgreSQL sample database. http://www.postgresqltutorial.com/postgresql-sample-database/, 2014. Accessed: 2014-02-20.Google Scholar
- Ruby on Rails. http://rubyonrails.org/, 2014. Accessed: 2014-02-20.Google Scholar
- I. G. Baltopoulos and A. D. Gordon. Secure compilation of a multi-tier web language. In TLDI, pages 27--38, 2009. Google Scholar
Digital Library
- N. Bielova. Survey on JavaScript security policies and their enforcement mechanisms in a web browser. J. Log. Algebr. Program., pages 243--262, 2013.Google Scholar
Cross Ref
- A. Birgisson, A. Russo, and A. Sabelfeld. Unifying Facets of Information Integrity. In ICISS, pages 48--65, 2010. Google Scholar
Digital Library
- L. Caires, J. A. Pérez, J. a. C. Seco, H. T. Vieira, and L. Ferrío. Type-Based Access Control in Data-Centric Systems. In ESOP, pages 136--155, 2011. Google Scholar
Digital Library
- J. Cheney, S. Lindley, and P. Wadler. A practical theory of language-integrated query. In ICFP, pages 403--416. ACM, 2013. Google Scholar
Digital Library
- G. Chinis, P. Pratikakis, S. Ioannidis, and E. Athanasopoulos. Practical information flow for legacy web applications. In ICOOOLPS, pages 17--28, 2013. Google Scholar
Digital Library
- A. Chlipala. Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications. In OSDI, pages 105--118, 2010. Google Scholar
Digital Library
- S. Chong, K. Vikram, and A. C. Myers. SIF: Enforcing Confidentiality and Integrity in Web Applications. In Proc. USENIX Security Symposium, pages 1--16, Aug. 2007. Google Scholar
Digital Library
- S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, and X. Zheng. Building secure web applications with automatic partitioning. Commun. ACM, 52 (2): 79--87, 2009. 10.1145/1461928.1461949. Google Scholar
Digital Library
- E. Cooper, S. Lindley, P. Wadler, and J. Yallop. Links: Web Programming Without Tiers. In FMCO, pages 266--296, 2006. Google Scholar
Digital Library
- B. J. Corcoran, N. Swamy, and M. W. Hicks. Cross-tier, label-based security enforcement for web applications. In SIGMOD Conference, pages 269--282, 2009. Google Scholar
Digital Library
- L. Damas and R. Milner. Principal type-schemes for functional programs. In POPL, pages 207--212. ACM, 1982. Google Scholar
Digital Library
- B. Davis and H. Chen. DBTaint: Cross-application Information Flow Tracking via Databases. In WebApps, pages 12--12. USENIX Association, 2010. Google Scholar
Digital Library
- D. E. Denning and P. J. Denning. Certification of Programs for Secure Information Flow. Comm. of the ACM, 20 (7): 504--513, July 1977. Google Scholar
Digital Library
- J. Domingo-Ferrer, editor. Inference Control in Statistical Databases, From Theory to Practice, volume 2316 of LNCS, 2002. Springer. Google Scholar
Digital Library
- D. B. Giffin, A. Levy, D. Stefan, D. Terei, D. Mazières, J. C. Mitchell, and A. Russo. Hails: Protecting Data Privacy in Untrusted Web Applications. In OSDI, pages 47--60, 2012. Google Scholar
Digital Library
- J. A. Goguen and J. Meseguer. Security Policies and Security Models. In Proc. IEEE SP, pages 11--20, Apr. 1982.Google Scholar
Cross Ref
- G. L. Guernic. Confidentiality Enforcement Using Dynamic Information Flow Analyses. PhD thesis, Kansas State University, 2007.Google Scholar
Digital Library
- D. Hedin and A. Sabelfeld. A perspective on information-flow control. Proc. of the 2011 Marktoberdorf Summer School. IOS Press, 2011.Google Scholar
- N. Heintze and J. G. Riecke. The SLam Calculus: Programming with Secrecy and Integrity. In POPL, pages 365--377, 1998. Google Scholar
Digital Library
- Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D.-T. Lee, and S.-Y. Kuo. Securing web application code by static analysis and runtime protection. In WWW, pages 40--52, 2004. Google Scholar
Digital Library
- A. Kennedy. Types for Units-of-Measure: Theory and Practice. In Z. Horváth, R. Plasmeijer, and V. Zsók, editors, CEFP, volume 6299 of Lecture Notes in Computer Science, pages 268--305. Springer, 2009. ISBN 978-3-642-17684-5. URL http://dblp.uni-trier.de/db/conf/cefp/cefp2009.html#Kennedy09. Google Scholar
Digital Library
- P. Li and S. Zdancewic. Downgrading policies and relaxed noninterference. In POPL, pages 158--170, 2005. Google Scholar
Digital Library
- P. Li and S. Zdancewic. Practical Information-flow Control in Web-Based Information Systems. In CSFW, 2005. Google Scholar
Digital Library
- J. Liu, M. D. George, K. Vikram, X. Qi, L. Waye, and A. C. Myers. Fabric: a platform for secure distributed computation and storage. In SOSP, pages 321--334, 2009. Google Scholar
Digital Library
- L. Lourenço and L. Caires. Information Flow Analysis for Valued-Indexed Data Security Compartments. In TGC, 2013.Google Scholar
- A. C. Myers, L. Zheng, S. Zdancewic, S. Chong, and N. Nystrom. Jif: Java Information Flow. Software release. Located at http://www.cs.cornell.edu/jif, July 2001.Google Scholar
- A. Narayanan and V. Shmatikov. Robust De-anonymization of Large Sparse Datasets. In IEEE Symp. on Security and Privacy, 2008. Google Scholar
Digital Library
- F. Pottier and V. Simonet. Information flow inference for ML. In POPL, pages 319--330. ACM, 2002. Google Scholar
Digital Library
- A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, pages 5--19, 2003. Google Scholar
Digital Library
- A. Sabelfeld and A. C. Myers. A Model for Delimited Information Release. In ISSS, volume 3233 of LNCS, pages 174--191, 2003.Google Scholar
- A. Sabelfeld and D. Sands. A Per Model of Secure Information Flow in Sequential Programs. Higher Order and Symbolic Computation, 14 (1): 59--91, Mar. 2001. Google Scholar
Digital Library
- A. Sabelfeld and D. Sands. Declassification: Dimensions and Principles. J. Computer Security, 17 (5): 517--548, Jan. 2009. Google Scholar
Digital Library
- J. H. Saltzer, D. P. Reed, and D. D. Clark. End-To-End Arguments in System Design. ACM Trans. Comput. Syst., pages 277--288, 1984. Google Scholar
Digital Library
- D. A. Schultz and B. Liskov. IFDB: decentralized information flow control for databases. In EuroSys, pages 43--56, 2013. Google Scholar
Digital Library
- E. J. Schwartz, T. Avgerinos, and D. Brumley. All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). In Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP '10, pages 317--331, Washington, DC, USA, 2010. IEEE Computer Society. ISBN 978-0-7695-4035-1. 10.1109/SP.2010.26. URL http://dx.doi.org/10.1109/SP.2010.26. Google Scholar
Digital Library
- V. Simonet. The Flow Caml system. Software release. Located at http://cristal.inria.fr/~simonet/soft/flowcaml, 2003.Google Scholar
- N. Swamy, B. J. Corcoran, and M. Hicks. Fable: A Language for Enforcing User-defined Security Policies. In IEEE Symp. on Security and Privacy, 2008. Google Scholar
Digital Library
- D. Syme. Leveraging .NET Meta-programming Components from F#: Integrated Queries and Interoperable Heterogeneous Execution. In Workshop on ML, pages 43--54. ACM, 2006. Google Scholar
Digital Library
- D. Volpano. Safety versus Secrecy. In Proc. Symp. on Static Analysis, volume 1694 of LNCS, pages 303--311. Springer-Verlag, Sept. 1999. Google Scholar
Digital Library
- D. Volpano, G. Smith, and C. Irvine. A Sound Type System for Secure Flow Analysis. J. Computer Security, 4 (3): 167--187, 1996. Google Scholar
Digital Library
- S. Yoshihama, T. Yoshizawa, Y. Watanabe, M. Kudo, and K. Oyanagi. Dynamic Information Flow Control Architecture for Web Applications. In ESORICS, pages 267--282, 2007. Google Scholar
Digital Library
Index Terms
SeLINQ: tracking information across application-database boundaries
Recommendations
SeLINQ: tracking information across application-database boundaries
ICFP '14: Proceedings of the 19th ACM SIGPLAN international conference on Functional programmingThe root cause for confidentiality and integrity attacks against computing systems is insecure information flow. The complexity of modern systems poses a major challenge to secure end-to-end information flow, ensuring that the insecurity of a single ...
Information Flow Analysis for a Dynamically Typed Language with Staged Metaprogramming
CSF '13: Proceedings of the 2013 IEEE 26th Computer Security Foundations SymposiumWeb applications written in JavaScript are regularly used for dealing with sensitive or personal data.Consequently, reasoning about their security properties has become an important problem, which is made very difficult by the highly dynamic nature of ...
Secure IoT framework and 2D architecture for End-To-End security
In this paper, we proposed an secure IoT framework to ensure an End-To-End security from an IoT application to IoT devices. The proposed IoT framework consists of the IoT application, an IoT broker and the IoT devices. The IoT devices can be deployed ...







Comments