skip to main content
10.1145/2628136.2628151acmconferencesArticle/Chapter ViewAbstractPublication PagesicfpConference Proceedingsconference-collections
research-article

SeLINQ: tracking information across application-database boundaries

Published: 19 August 2014 Publication History

Abstract

The root cause for confidentiality and integrity attacks against computing systems is insecure information flow. The complexity of modern systems poses a major challenge to secure end-to-end information flow, ensuring that the insecurity of a single component does not render the entire system insecure. While information flow in a variety of languages and settings has been thoroughly studied in isolation, the problem of tracking information across component boundaries has been largely out of reach of the work so far. This is unsatisfactory because tracking information across component boundaries is necessary for end-to-end security.
This paper proposes a framework for uniform tracking of information flow through both the application and the underlying database. Key enabler of the uniform treatment is recent work by Cheney et al., which studies database manipulation via an embedded language-integrated query language (with Microsoft's LINQ on the backend). Because both the host language and the embedded query languages are functional F#-like languages, we are able to leverage information-flow enforcement for functional languages to obtain information-flow control for databases "for free", synergize it with information-flow control for applications and thus guarantee security across application-database boundaries. We develop the formal results in the form of a security type system that includes a treatment of algebraic data types and pattern matching, and establish its soundness. On the practical side, we implement the framework and demonstrate its usefulness in a case study with a realistic movie rental database.

References

[1]
SPARKAda Examinar. Software release. http://www.praxis-his.com/sparkada/.
[2]
OWASP Top 10: Ten Most Critical Web Application Security Risks. https://www.owasp.org/index.php/Top_10_2013-Top_10/, 2013. Accessed: 2014-02-20.
[3]
BNF Converter. http://bnfc.digitalgrammars.com/, 2014. Accessed: 2014-02-20.
[4]
Google Web Toolkit. http://www.gwtproject.org/, 2014. Accessed: 2014-02-20.
[5]
LINQ (Language-Integrated Query). http://msdn.microsoft.com/en-us/library/bb397926.aspx, 2014. Accessed: 2014-02-20.
[6]
Privileges Provided by MySQL. https://dev.mysql.com/doc/refman/5.1/en/privileges-provided.html, 2014. Accessed: 2014-02-20.
[7]
Database Roles and Privileges. http://www.postgresql.org/docs/9.0/static/user-manag.html, 2014. Accessed: 2014-02-20.
[8]
Authorization and Permissions in SQL Server. http://msdn.microsoft.com/en-us/library/bb669084(v=vs.110).aspx, 2014. Accessed: 2014-02-20.
[9]
Internet Movie Database. http://www.imdb.com/, 2014. Accessed: 2014-02-20.
[10]
PostgreSQL sample database. http://www.postgresqltutorial.com/postgresql-sample-database/, 2014. Accessed: 2014-02-20.
[11]
Ruby on Rails. http://rubyonrails.org/, 2014. Accessed: 2014-02-20.
[12]
I. G. Baltopoulos and A. D. Gordon. Secure compilation of a multi-tier web language. In TLDI, pages 27--38, 2009.
[13]
N. Bielova. Survey on JavaScript security policies and their enforcement mechanisms in a web browser. J. Log. Algebr. Program., pages 243--262, 2013.
[14]
A. Birgisson, A. Russo, and A. Sabelfeld. Unifying Facets of Information Integrity. In ICISS, pages 48--65, 2010.
[15]
L. Caires, J. A. Pérez, J. a. C. Seco, H. T. Vieira, and L. Ferrío. Type-Based Access Control in Data-Centric Systems. In ESOP, pages 136--155, 2011.
[16]
J. Cheney, S. Lindley, and P. Wadler. A practical theory of language-integrated query. In ICFP, pages 403--416. ACM, 2013.
[17]
G. Chinis, P. Pratikakis, S. Ioannidis, and E. Athanasopoulos. Practical information flow for legacy web applications. In ICOOOLPS, pages 17--28, 2013.
[18]
A. Chlipala. Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications. In OSDI, pages 105--118, 2010.
[19]
S. Chong, K. Vikram, and A. C. Myers. SIF: Enforcing Confidentiality and Integrity in Web Applications. In Proc. USENIX Security Symposium, pages 1--16, Aug. 2007.
[20]
S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, and X. Zheng. Building secure web applications with automatic partitioning. Commun. ACM, 52 (2): 79--87, 2009. 10.1145/1461928.1461949.
[21]
E. Cooper, S. Lindley, P. Wadler, and J. Yallop. Links: Web Programming Without Tiers. In FMCO, pages 266--296, 2006.
[22]
B. J. Corcoran, N. Swamy, and M. W. Hicks. Cross-tier, label-based security enforcement for web applications. In SIGMOD Conference, pages 269--282, 2009.
[23]
L. Damas and R. Milner. Principal type-schemes for functional programs. In POPL, pages 207--212. ACM, 1982.
[24]
B. Davis and H. Chen. DBTaint: Cross-application Information Flow Tracking via Databases. In WebApps, pages 12--12. USENIX Association, 2010.
[25]
D. E. Denning and P. J. Denning. Certification of Programs for Secure Information Flow. Comm. of the ACM, 20 (7): 504--513, July 1977.
[26]
J. Domingo-Ferrer, editor. Inference Control in Statistical Databases, From Theory to Practice, volume 2316 of LNCS, 2002. Springer.
[27]
D. B. Giffin, A. Levy, D. Stefan, D. Terei, D. Mazières, J. C. Mitchell, and A. Russo. Hails: Protecting Data Privacy in Untrusted Web Applications. In OSDI, pages 47--60, 2012.
[28]
J. A. Goguen and J. Meseguer. Security Policies and Security Models. In Proc. IEEE SP, pages 11--20, Apr. 1982.
[29]
G. L. Guernic. Confidentiality Enforcement Using Dynamic Information Flow Analyses. PhD thesis, Kansas State University, 2007.
[30]
D. Hedin and A. Sabelfeld. A perspective on information-flow control. Proc. of the 2011 Marktoberdorf Summer School. IOS Press, 2011.
[31]
N. Heintze and J. G. Riecke. The SLam Calculus: Programming with Secrecy and Integrity. In POPL, pages 365--377, 1998.
[32]
Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D.-T. Lee, and S.-Y. Kuo. Securing web application code by static analysis and runtime protection. In WWW, pages 40--52, 2004.
[33]
A. Kennedy. Types for Units-of-Measure: Theory and Practice. In Z. Horváth, R. Plasmeijer, and V. Zsók, editors, CEFP, volume 6299 of Lecture Notes in Computer Science, pages 268--305. Springer, 2009. ISBN 978-3-642-17684-5. URL http://dblp.uni-trier.de/db/conf/cefp/cefp2009.html#Kennedy09.
[34]
P. Li and S. Zdancewic. Downgrading policies and relaxed noninterference. In POPL, pages 158--170, 2005.
[35]
P. Li and S. Zdancewic. Practical Information-flow Control in Web-Based Information Systems. In CSFW, 2005.
[36]
J. Liu, M. D. George, K. Vikram, X. Qi, L. Waye, and A. C. Myers. Fabric: a platform for secure distributed computation and storage. In SOSP, pages 321--334, 2009.
[37]
L. Lourenço and L. Caires. Information Flow Analysis for Valued-Indexed Data Security Compartments. In TGC, 2013.
[38]
A. C. Myers, L. Zheng, S. Zdancewic, S. Chong, and N. Nystrom. Jif: Java Information Flow. Software release. Located at http://www.cs.cornell.edu/jif, July 2001.
[39]
A. Narayanan and V. Shmatikov. Robust De-anonymization of Large Sparse Datasets. In IEEE Symp. on Security and Privacy, 2008.
[40]
F. Pottier and V. Simonet. Information flow inference for ML. In POPL, pages 319--330. ACM, 2002.
[41]
A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, pages 5--19, 2003.
[42]
A. Sabelfeld and A. C. Myers. A Model for Delimited Information Release. In ISSS, volume 3233 of LNCS, pages 174--191, 2003.
[43]
A. Sabelfeld and D. Sands. A Per Model of Secure Information Flow in Sequential Programs. Higher Order and Symbolic Computation, 14 (1): 59--91, Mar. 2001.
[44]
A. Sabelfeld and D. Sands. Declassification: Dimensions and Principles. J. Computer Security, 17 (5): 517--548, Jan. 2009.
[45]
J. H. Saltzer, D. P. Reed, and D. D. Clark. End-To-End Arguments in System Design. ACM Trans. Comput. Syst., pages 277--288, 1984.
[46]
D. A. Schultz and B. Liskov. IFDB: decentralized information flow control for databases. In EuroSys, pages 43--56, 2013.
[47]
E. J. Schwartz, T. Avgerinos, and D. Brumley. All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). In Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP '10, pages 317--331, Washington, DC, USA, 2010. IEEE Computer Society. ISBN 978-0-7695-4035-1. 10.1109/SP.2010.26. URL http://dx.doi.org/10.1109/SP.2010.26.
[48]
V. Simonet. The Flow Caml system. Software release. Located at http://cristal.inria.fr/~simonet/soft/flowcaml, 2003.
[49]
N. Swamy, B. J. Corcoran, and M. Hicks. Fable: A Language for Enforcing User-defined Security Policies. In IEEE Symp. on Security and Privacy, 2008.
[50]
D. Syme. Leveraging .NET Meta-programming Components from F#: Integrated Queries and Interoperable Heterogeneous Execution. In Workshop on ML, pages 43--54. ACM, 2006.
[51]
D. Volpano. Safety versus Secrecy. In Proc. Symp. on Static Analysis, volume 1694 of LNCS, pages 303--311. Springer-Verlag, Sept. 1999.
[52]
D. Volpano, G. Smith, and C. Irvine. A Sound Type System for Secure Flow Analysis. J. Computer Security, 4 (3): 167--187, 1996.
[53]
S. Yoshihama, T. Yoshizawa, Y. Watanabe, M. Kudo, and K. Oyanagi. Dynamic Information Flow Control Architecture for Web Applications. In ESORICS, pages 267--282, 2007.

Cited By

View all
  • (2023)Access Control for Database Applications: Beyond Policy EnforcementProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595905(223-230)Online publication date: 22-Jun-2023
  • (2023)Generalized Policy-Based Noninterference for Efficient Confidentiality-PreservationProceedings of the ACM on Programming Languages10.1145/35912317:PLDI(267-291)Online publication date: 6-Jun-2023
  • (2023)RuleKeeper: GDPR-Aware Personal Data Compliance for Web Frameworks2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179395(2817-2834)Online publication date: May-2023
  • Show More Cited By

Index Terms

  1. SeLINQ: tracking information across application-database boundaries

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      ICFP '14: Proceedings of the 19th ACM SIGPLAN international conference on Functional programming
      August 2014
      390 pages
      ISBN:9781450328739
      DOI:10.1145/2628136
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 19 August 2014

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. end-to-end security
      2. information flow
      3. language-integrated queries
      4. static analysis

      Qualifiers

      • Research-article

      Funding Sources

      Conference

      ICFP'14
      Sponsor:

      Acceptance Rates

      ICFP '14 Paper Acceptance Rate 28 of 85 submissions, 33%;
      Overall Acceptance Rate 333 of 1,064 submissions, 31%

      Upcoming Conference

      ICFP '25
      ACM SIGPLAN International Conference on Functional Programming
      October 12 - 18, 2025
      Singapore , Singapore

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)10
      • Downloads (Last 6 weeks)1
      Reflects downloads up to 17 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2023)Access Control for Database Applications: Beyond Policy EnforcementProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595905(223-230)Online publication date: 22-Jun-2023
      • (2023)Generalized Policy-Based Noninterference for Efficient Confidentiality-PreservationProceedings of the ACM on Programming Languages10.1145/35912317:PLDI(267-291)Online publication date: 6-Jun-2023
      • (2023)RuleKeeper: GDPR-Aware Personal Data Compliance for Web Frameworks2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179395(2817-2834)Online publication date: May-2023
      • (2022)Information Flow Control in Software DB Units Based on Formal VerificationProgramming and Computer Software10.1134/S036176882204005348:4(265-285)Online publication date: 18-Jul-2022
      • (2021)Language Support for Secure Software Development with Enclaves2021 IEEE 34th Computer Security Foundations Symposium (CSF)10.1109/CSF51468.2021.00037(1-16)Online publication date: Jun-2021
      • (2020)Language-Based Web Session Integrity2020 IEEE 33rd Computer Security Foundations Symposium (CSF)10.1109/CSF49147.2020.00016(107-122)Online publication date: Jun-2020
      • (2019)RiverbedProceedings of the 16th USENIX Conference on Networked Systems Design and Implementation10.5555/3323234.3323285(615-629)Online publication date: 26-Feb-2019
      • (2019)Language-integrated privacy-aware distributed queriesProceedings of the ACM on Programming Languages10.1145/33605933:OOPSLA(1-30)Online publication date: 10-Oct-2019
      • (2019)LWeb: information flow security for multi-tier web applicationsProceedings of the ACM on Programming Languages10.1145/32903883:POPL(1-30)Online publication date: 2-Jan-2019
      • (2019)Information-Flow Control for Database-Backed Applications2019 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP.2019.00016(79-94)Online publication date: Jun-2019
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media