Show simple item record

dc.contributor.authorYang, Jean
dc.contributor.authorHance, Travis
dc.contributor.authorAustin, Thomas H.
dc.contributor.authorFlanagan, Cormac
dc.contributor.authorChong, Stephen
dc.contributor.authorSolar Lezama, Armando
dc.date.accessioned2017-12-29T19:45:12Z
dc.date.available2017-12-29T19:45:12Z
dc.date.issued2016-06
dc.identifier.isbn978-1-4503-4261-2
dc.identifier.urihttp://hdl.handle.net/1721.1/112990
dc.description.abstractWe present an approach for dynamic information flow control across the application and database. Our approach reduces the amount of policy code required, yields formal guarantees across the application and database, works with existing relational database implementations, and scales for realistic applications. In this paper, we present a programming model that factors out information flow policies from application code and database queries, a dynamic semantics for the underlying $^JDB$ core language, and proofs of termination-insensitive non-interference and policy compliance for the semantics. We implement these ideas in Jacqueline, a Python web framework, and demonstrate feasibility through three application case studies: a course manager, a health record system, and a conference management system used to run an academic workshop. We show that in comparison to traditional applications with hand-coded policy checks, Jacqueline applications have 1) a smaller trusted computing base, 2) fewer lines of policy code, and 2) reasonable, often negligible, additional overheads. Keywords: Web frameworks, information flowen_US
dc.description.sponsorshipFacebook (Fellowship)en_US
dc.description.sponsorshipLevine (Fellowship)en_US
dc.description.sponsorshipQatar Computing Research Instituteen_US
dc.description.sponsorshipNational Science Foundation (U.S.) (Grant 1054172)en_US
dc.description.sponsorshipNational Science Foundation (U.S.) (Grant CCF-1139056)en_US
dc.description.sponsorshipNational Science Foundation (U.S.) (Grant CCF-1337278)en_US
dc.description.sponsorshipNational Science Foundation (U.S.) (Grant CCF-1421016)en_US
dc.language.isoen_US
dc.publisherAssociation for Computing Machineryen_US
dc.relation.isversionofhttp://dx.doi.org/10.1145/2908080.2908098en_US
dc.rightsCreative Commons Attribution-Noncommercial-Share Alikeen_US
dc.rights.urihttp://creativecommons.org/licenses/by-nc-sa/4.0/en_US
dc.sourcearXiven_US
dc.titlePrecise, dynamic information flow for database-backed applicationsen_US
dc.typeArticleen_US
dc.identifier.citationYang, Jean, et al. Precise, "Dynamic Information Flow for Database-Backed Applications." Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, 13-17 June 2016, Santa Barbara, CA, ACM Press, 2016, pp. 631–47.en_US
dc.contributor.departmentMassachusetts Institute of Technology. Department of Electrical Engineering and Computer Scienceen_US
dc.contributor.mitauthorSolar Lezama, Armando
dc.relation.journalProceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation - PLDI 2016en_US
dc.eprint.versionOriginal manuscripten_US
dc.type.urihttp://purl.org/eprint/type/ConferencePaperen_US
eprint.statushttp://purl.org/eprint/status/NonPeerRevieweden_US
dspace.orderedauthorsYang, Jean; Hance, Travis; Austin, Thomas H.; Solar-Lezama, Armando; Flanagan, Cormac; Chong, Stephenen_US
dspace.embargo.termsNen_US
dc.identifier.orcidhttps://orcid.org/0000-0001-7604-8252
mit.licenseOPEN_ACCESS_POLICYen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record