Cryptographically Secure Information Flow Control on Key-Value Stores

TL;DR

Clio is a cryptographically secure information flow control system for key-value stores that automatically enforces confidentiality and integrity policies, ensuring security without burdening developers with cryptographic details.

Contribution

It introduces Clio, a novel IFC system that seamlessly integrates cryptography, with a new security proof technique and a practical prototype demonstrating its effectiveness.

Findings

Clio guarantees security based on cryptographic proofs.

The prototype demonstrates Clio's practicality in real-world scenarios.

Clio simplifies secure data management for developers.

Abstract

We present Clio, an information flow control (IFC) system that transparently incorporates cryptography to enforce confidentiality and integrity policies on untrusted storage. Clio insulates developers from explicitly manipulating keys and cryptographic primitives by leveraging the policy language of the IFC system to automatically use the appropriate keys and correct cryptographic operations. We prove that Clio is secure with a novel proof technique that is based on a proof style from cryptography together with standard programming languages results. We present a prototype Clio implementation and a case study that demonstrates Clio's practicality.