Precise, Dynamic Information Flow for Database-Backed Applications

TL;DR

This paper introduces a dynamic information flow control approach for database-backed applications that reduces policy code, provides formal guarantees, and is practical for real-world use, demonstrated through a Python framework and case studies.

Contribution

It presents a programming model and formal semantics for dynamic information flow control that separates policies from application code and integrates with existing databases.

Findings

Jacqueline reduces policy code and trusted base

Applications show minimal performance overhead

Formal guarantees of security properties are proven

Abstract

We present an approach for dynamic information flow control across the application and database. Our approach reduces the amount of policy code required, yields formal guarantees across the application and database, works with existing relational database implementations, and scales for realistic applications. In this paper, we present a programming model that factors out information flow policies from application code and database queries, a dynamic semantics for the underlying {\lambda}^JDB core language, and proofs of termination-insensitive non-interference and policy compliance for the semantics. We implement these ideas in Jacqueline, a Python web framework, and demonstrate feasibility through three application case studies: a course manager, a health record system, and a conference management system used to run an academic workshop. We show that in comparison to traditional applications with hand-coded policy checks, Jacqueline applications have 1) a smaller trusted computing base, 2) fewer lines of policy code, and 2) reasonable, often negligible, additional overheads.