IFDB: Decentralized information flow control for databases

Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys 2013

Volumn , Issue , 2013, Pages 43-56

  Schultz, David ^a,b   Liskov, Barbara ^b  

^a GOOGLE INC   (United States)

^b MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

DIFC; information flow control

Indexed keywords

APPLICATION ENVIRONMENT; CONFIDENTIAL INFORMATION; DECENTRALIZED INFORMATION FLOW CONTROL; DIFC; INFORMATION FLOW CONTROL; INFORMATION FLOWS; INTEGRITY CONSTRAINTS; RELATIONAL DATABASE;

FLOW CONTROL; NETWORK SECURITY; QUERY PROCESSING; WORLD WIDE WEB;

DATABASE SYSTEMS;

EID: 84877710608     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2465351.2465357     Document Type: Conference Paper

References (36)

1. A. Askarov, D. Zhang, and A. Myers. Predictive black-box mitigation of timing channels. In Proc. CCS, New York, NY, 2010. ACM.
2. D. Bell and L. LaPadula. Secure computer system: Unified exposition and Multics interpretation. Technical Report ESD-TR-75-306, MITRE Corp. MTR-2997, Bedford, MA, 1975.
3. R. Bond, K. See, C. Wong, and Y.-K. Chan. Understanding DB2 9 Security, chapter 6. IBM Press, Indianopolis, IN, 1st edition.
4. J. Bonneau. New Facebook photo hacks. In Light Blue Touchpaper. University of Cambridge Computer Laboratory, May 20, 2009. http://www. lightbluetouchpaper.org/2009/02/11/new-facebook-photo-hacks/.
5. R. Chen, N. Mohammed, B. Fung, B. Desai, and L. Xiong. Publishing set-valued data via differential privacy. Proc. VLDB, 4(11), Aug. 2011.
6. W. Cheng, D. Ports, D. Schultz, V. Popic, A. Blankstein, J. Cowling, D. Curtis, L. Shrira, and B. Liskov. Abstractions for usable information flow control in Aeolus. In Proc. USENIX ATC, Boston, MA, June 2012.
7. A. Chlipala. Static checking of dynamically-varying security policies in database-backed applications. In Proc. OSDI, Oct. 2010.
8. S. Chong, K. Vikram, and A. Myers. Sif: Enforcing confidentiality and integrity in web applications. In Proc. USENIX Security, Boston, MA, Aug. 2007.
9. D. Denning. A lattice model of secure information flow. Commun. ACM, 19, May 1976.
10. C. Dwork. Differential privacy: A survey of results. In Proc TAMC, Berlin, Heidelberg, 2008. Springer.
11. P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and event processes in the Asbestos operating system. In Proc. SOSP, Brighton, UK, 2005. ACM.
12. A. Futoransky, D. Saura, and A. Waissbein. The ND2DB attack: Database content extraction using timing attacks on the indexing algorithms. In WOOT, Boston, MA, Aug. 2007. USENIX Association.
13. M. Hay, V. Rastogi, G. Miklau, and D. Suciu. Boosting the accuracy of differentially private histograms through consistency. Proc. VLDB, 3(1-2), Sept. 2010.
14. B. Hull, V. Bychkovsky, Y. Zhang, K. Chen, M. Goraczko, A. K. Miu, E. Shih, H. Balakrishnan, and S. Madden. CarTel: A distributed mobile sensor computing system. In SenSys, Boulder, CO, November 2006. ACM.
15. S. Jeloka et al. Oracle Label Security Administrator's Guide, 11g Release 2 (11.2). Oracle Corporation, 2009.
16. P. Karger and J. Wray. Storage channels in disk arm optimization. In Proc. Security and Privacy. IEEE, May 1991.
17. E. Kohler. Hot crap! In Proc. WOWCS, Berkeley, CA, 2008. USENIX.
18. M. Krohn, A. Yip, M. Brodsky, N. Cliffer, F. Kaashoek, E. Kohler, and R. Morris. Information flow control for standard OS abstractions. In Proc. SOSP, New York, NY, 2007. ACM.
19. P. Li and S. Zdancewic. Practical information-flow control in web-based information systems. In Proc. CSFW. IEEE, 2005.
20. Y. Liu, D. Ghosal, F. Armknecht, A.-R. Sadeghi, S. Schulz, and S. Katzenbeisser. Hide and seek in time: Robust covert timing channels. In Proc. ESORICS, Berlin, Heidelberg, 2009. Springer.
21. T. F. Lunt, D. E. Denning, R. R. Schell, M. Heckman, and W. R. Shockley. The SeaView security model. IEEE Trans. Softw. Eng., 16, June 1990.
22. A. Machanavajjhala, D. Kifer, J. Gehrke, and M. Venkitasubramaniam. l-diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data, 1, March 2007.
23. T. Murphy. Security glitch exposes WellPoint customers' financial, medical data. USA Today, June 29, 2010. URL http://www.usatoday.com/money/ industries/health/2010-06-29-wellpoint-data-breach-N.htm.
24. A. Myers. JFlow: practical mostly-static information flow control. In POPL 1999, San Antonio, TX, Jan. 1999. ACM.
25. A. Myers and B. Liskov. A decentralized model for information flow control. In Proc. SOSP, Saint-Malo, France, 1997. ACM.
26. PostgreSQL Global Development Group. PostgreSQL 9.1 Documentation, Sept. 2011. http://www.postgresql.org/docs/9.1/static/.
27. J. Saltzer and M. Schroeder. The protection of information in computer systems. In Proc SOSP, Yorktown Heights, NY, Oct. 1973.
28. R. Sandhu and S. Jajodia. Polyinstantation for cover stories. In Proc. ESORICS. Springer, 1992.
29. D. Schultz. Decentralized Information Flow Control for Databases. Ph.D., MIT, Cambridge, MA, Aug. 2012.
30. N. Schwartz and E. Dash. Thieves found Citigroup site an easy entry. The New York Times, June 13, 2011. URL https: //www.nytimes.com/2011/06/14/ technology/14security.html.
31. K. Smith and M. Winslett. Entity modeling in the MLS relational model. In Proc. VLDB, San Francisco, CA, 1992. Morgan Kaufmann.
32. L. Sweeney. k -anonymity: A model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst., 10, Oct. 2002.
33. Sybase, Inc. Final Evaluation Report: SQL Server Version 11.0.6 and Secure SQL Server Version 11.0.6, chapter 5: Security Architecture. National Computer Security Center, Ft. Meade, MD, Mar. 1997.
34. TPC Benchmark W (Web Commerce) Specification. Transaction Processing Performance Council, San Jose, CA, 1.8 edition, February 2000.
35. TPC Benchmark C Specification. Transaction Processing Performance Council, San Jose, CA, 5.11 edition, February 2010.
36. N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in HiStar. In Proc. OSDI, Berkeley, CA, 2006. USENIX.