Static checking of dynamically-varying security policies in database-backed applications

Author(s)

Chlipala, Adam

Abstract

We present a system for sound static checking of security policies for database-backed Web applications. Our tool checks a combination of access control and information flow policies, where the policies vary based on database contents. For instance, one or more database tables may represent an access control matrix, controlling who may read or write which cells of these and other tables. Using symbolic evaluation and automated theorem-proving, our tool checks these policies statically, requiring no program annotations (beyond the policies themselves) and adding no run-time overhead. Specifications come in the form of SQL queries as policies: for instance, an application's confidentiality policy is a fixed set of queries, whose results provide an upper bound on what information may be released to the user. To provide user-dependent policies, we allow queries to depend on what secrets the user knows. We have used our prototype implementation to check several programs representative of the data-centric Web applications that are common today.

Date issued

2010-10

URI

https://hdl.handle.net/1721.1/129993

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2010

Publisher

USENIX Association

Citation

Chlipala, Adam. “Static checking of dynamically-varying security policies in database-backed applications.” Paper in the Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2010, Vancouver, BC, October 4-6 2010, USENIX Association: 105–118 © 2010 The Author(s)

Version: Author's final manuscript

ISBN

9781931971799