skip to main content
research-article

SeLINQ: tracking information across application-database boundaries

Published:19 August 2014Publication History
Skip Abstract Section

Abstract

The root cause for confidentiality and integrity attacks against computing systems is insecure information flow. The complexity of modern systems poses a major challenge to secure end-to-end information flow, ensuring that the insecurity of a single component does not render the entire system insecure. While information flow in a variety of languages and settings has been thoroughly studied in isolation, the problem of tracking information across component boundaries has been largely out of reach of the work so far. This is unsatisfactory because tracking information across component boundaries is necessary for end-to-end security.

This paper proposes a framework for uniform tracking of information flow through both the application and the underlying database. Key enabler of the uniform treatment is recent work by Cheney et al., which studies database manipulation via an embedded language-integrated query language (with Microsoft's LINQ on the backend). Because both the host language and the embedded query languages are functional F#-like languages, we are able to leverage information-flow enforcement for functional languages to obtain information-flow control for databases "for free", synergize it with information-flow control for applications and thus guarantee security across application-database boundaries. We develop the formal results in the form of a security type system that includes a treatment of algebraic data types and pattern matching, and establish its soundness. On the practical side, we implement the framework and demonstrate its usefulness in a case study with a realistic movie rental database.

References

  1. SPARKAda Examinar. Software release. http://www.praxis-his.com/sparkada/.Google ScholarGoogle Scholar
  2. OWASP Top 10: Ten Most Critical Web Application Security Risks. https://www.owasp.org/index.php/Top_10_2013-Top_10/, 2013. Accessed: 2014-02-20.Google ScholarGoogle Scholar
  3. BNF Converter. http://bnfc.digitalgrammars.com/, 2014. Accessed: 2014-02-20.Google ScholarGoogle Scholar
  4. Google Web Toolkit. http://www.gwtproject.org/, 2014. Accessed: 2014-02-20.Google ScholarGoogle Scholar
  5. LINQ (Language-Integrated Query). http://msdn.microsoft.com/en-us/library/bb397926.aspx, 2014. Accessed: 2014-02-20.Google ScholarGoogle Scholar
  6. Privileges Provided by MySQL. https://dev.mysql.com/doc/refman/5.1/en/privileges-provided.html, 2014. Accessed: 2014-02-20.Google ScholarGoogle Scholar
  7. Database Roles and Privileges. http://www.postgresql.org/docs/9.0/static/user-manag.html, 2014. Accessed: 2014-02-20.Google ScholarGoogle Scholar
  8. Authorization and Permissions in SQL Server. http://msdn.microsoft.com/en-us/library/bb669084(v=vs.110).aspx, 2014. Accessed: 2014-02-20.Google ScholarGoogle Scholar
  9. Internet Movie Database. http://www.imdb.com/, 2014. Accessed: 2014-02-20.Google ScholarGoogle Scholar
  10. PostgreSQL sample database. http://www.postgresqltutorial.com/postgresql-sample-database/, 2014. Accessed: 2014-02-20.Google ScholarGoogle Scholar
  11. Ruby on Rails. http://rubyonrails.org/, 2014. Accessed: 2014-02-20.Google ScholarGoogle Scholar
  12. I. G. Baltopoulos and A. D. Gordon. Secure compilation of a multi-tier web language. In TLDI, pages 27--38, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. N. Bielova. Survey on JavaScript security policies and their enforcement mechanisms in a web browser. J. Log. Algebr. Program., pages 243--262, 2013.Google ScholarGoogle ScholarCross RefCross Ref
  14. A. Birgisson, A. Russo, and A. Sabelfeld. Unifying Facets of Information Integrity. In ICISS, pages 48--65, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. L. Caires, J. A. Pérez, J. a. C. Seco, H. T. Vieira, and L. Ferrío. Type-Based Access Control in Data-Centric Systems. In ESOP, pages 136--155, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. J. Cheney, S. Lindley, and P. Wadler. A practical theory of language-integrated query. In ICFP, pages 403--416. ACM, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. G. Chinis, P. Pratikakis, S. Ioannidis, and E. Athanasopoulos. Practical information flow for legacy web applications. In ICOOOLPS, pages 17--28, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. A. Chlipala. Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications. In OSDI, pages 105--118, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. S. Chong, K. Vikram, and A. C. Myers. SIF: Enforcing Confidentiality and Integrity in Web Applications. In Proc. USENIX Security Symposium, pages 1--16, Aug. 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, and X. Zheng. Building secure web applications with automatic partitioning. Commun. ACM, 52 (2): 79--87, 2009. 10.1145/1461928.1461949. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. E. Cooper, S. Lindley, P. Wadler, and J. Yallop. Links: Web Programming Without Tiers. In FMCO, pages 266--296, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. B. J. Corcoran, N. Swamy, and M. W. Hicks. Cross-tier, label-based security enforcement for web applications. In SIGMOD Conference, pages 269--282, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. L. Damas and R. Milner. Principal type-schemes for functional programs. In POPL, pages 207--212. ACM, 1982. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. B. Davis and H. Chen. DBTaint: Cross-application Information Flow Tracking via Databases. In WebApps, pages 12--12. USENIX Association, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. D. E. Denning and P. J. Denning. Certification of Programs for Secure Information Flow. Comm. of the ACM, 20 (7): 504--513, July 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. J. Domingo-Ferrer, editor. Inference Control in Statistical Databases, From Theory to Practice, volume 2316 of LNCS, 2002. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. D. B. Giffin, A. Levy, D. Stefan, D. Terei, D. Mazières, J. C. Mitchell, and A. Russo. Hails: Protecting Data Privacy in Untrusted Web Applications. In OSDI, pages 47--60, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. J. A. Goguen and J. Meseguer. Security Policies and Security Models. In Proc. IEEE SP, pages 11--20, Apr. 1982.Google ScholarGoogle ScholarCross RefCross Ref
  29. G. L. Guernic. Confidentiality Enforcement Using Dynamic Information Flow Analyses. PhD thesis, Kansas State University, 2007.Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. D. Hedin and A. Sabelfeld. A perspective on information-flow control. Proc. of the 2011 Marktoberdorf Summer School. IOS Press, 2011.Google ScholarGoogle Scholar
  31. N. Heintze and J. G. Riecke. The SLam Calculus: Programming with Secrecy and Integrity. In POPL, pages 365--377, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D.-T. Lee, and S.-Y. Kuo. Securing web application code by static analysis and runtime protection. In WWW, pages 40--52, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. A. Kennedy. Types for Units-of-Measure: Theory and Practice. In Z. Horváth, R. Plasmeijer, and V. Zsók, editors, CEFP, volume 6299 of Lecture Notes in Computer Science, pages 268--305. Springer, 2009. ISBN 978-3-642-17684-5. URL http://dblp.uni-trier.de/db/conf/cefp/cefp2009.html#Kennedy09. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. P. Li and S. Zdancewic. Downgrading policies and relaxed noninterference. In POPL, pages 158--170, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. P. Li and S. Zdancewic. Practical Information-flow Control in Web-Based Information Systems. In CSFW, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. J. Liu, M. D. George, K. Vikram, X. Qi, L. Waye, and A. C. Myers. Fabric: a platform for secure distributed computation and storage. In SOSP, pages 321--334, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. L. Lourenço and L. Caires. Information Flow Analysis for Valued-Indexed Data Security Compartments. In TGC, 2013.Google ScholarGoogle Scholar
  38. A. C. Myers, L. Zheng, S. Zdancewic, S. Chong, and N. Nystrom. Jif: Java Information Flow. Software release. Located at http://www.cs.cornell.edu/jif, July 2001.Google ScholarGoogle Scholar
  39. A. Narayanan and V. Shmatikov. Robust De-anonymization of Large Sparse Datasets. In IEEE Symp. on Security and Privacy, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. F. Pottier and V. Simonet. Information flow inference for ML. In POPL, pages 319--330. ACM, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, pages 5--19, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. A. Sabelfeld and A. C. Myers. A Model for Delimited Information Release. In ISSS, volume 3233 of LNCS, pages 174--191, 2003.Google ScholarGoogle Scholar
  43. A. Sabelfeld and D. Sands. A Per Model of Secure Information Flow in Sequential Programs. Higher Order and Symbolic Computation, 14 (1): 59--91, Mar. 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. A. Sabelfeld and D. Sands. Declassification: Dimensions and Principles. J. Computer Security, 17 (5): 517--548, Jan. 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. J. H. Saltzer, D. P. Reed, and D. D. Clark. End-To-End Arguments in System Design. ACM Trans. Comput. Syst., pages 277--288, 1984. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. D. A. Schultz and B. Liskov. IFDB: decentralized information flow control for databases. In EuroSys, pages 43--56, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. E. J. Schwartz, T. Avgerinos, and D. Brumley. All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). In Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP '10, pages 317--331, Washington, DC, USA, 2010. IEEE Computer Society. ISBN 978-0-7695-4035-1. 10.1109/SP.2010.26. URL http://dx.doi.org/10.1109/SP.2010.26. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. V. Simonet. The Flow Caml system. Software release. Located at http://cristal.inria.fr/~simonet/soft/flowcaml, 2003.Google ScholarGoogle Scholar
  49. N. Swamy, B. J. Corcoran, and M. Hicks. Fable: A Language for Enforcing User-defined Security Policies. In IEEE Symp. on Security and Privacy, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. D. Syme. Leveraging .NET Meta-programming Components from F#: Integrated Queries and Interoperable Heterogeneous Execution. In Workshop on ML, pages 43--54. ACM, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. D. Volpano. Safety versus Secrecy. In Proc. Symp. on Static Analysis, volume 1694 of LNCS, pages 303--311. Springer-Verlag, Sept. 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. D. Volpano, G. Smith, and C. Irvine. A Sound Type System for Secure Flow Analysis. J. Computer Security, 4 (3): 167--187, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. S. Yoshihama, T. Yoshizawa, Y. Watanabe, M. Kudo, and K. Oyanagi. Dynamic Information Flow Control Architecture for Web Applications. In ESORICS, pages 267--282, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. SeLINQ: tracking information across application-database boundaries

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!