IFDB: Decentralized Information Flow Control for Databases
Numerous sensitive databases are breached every year due to bugs in applications. These applications typically handle data for many users, and consequently, they have access to large amounts of confidential information. This paper describes IFDB, a DBMS that secures databases by using decentralized...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | en_US |
| Published: |
Association for Computing Machinery (ACM)
2014
|
| Online Access: | http://hdl.handle.net/1721.1/90268 https://orcid.org/0000-0002-5914-1866 |
| _version_ | 1826190580384792576 |
|---|---|
| author | Schultz, David Liskov, Barbara H. |
| author2 | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory |
| author_facet | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Schultz, David Liskov, Barbara H. |
| author_sort | Schultz, David |
| collection | MIT |
| description | Numerous sensitive databases are breached every year due to bugs in applications. These applications typically handle data for many users, and consequently, they have access to large amounts of confidential information.
This paper describes IFDB, a DBMS that secures databases by using decentralized information flow control (DIFC). We present the Query by Label model, which introduces new abstractions for managing information flows in a relational database. IFDB also addresses several challenges inherent in bringing DIFC to databases, including how to handle transactions and integrity constraints without introducing covert channels.
We implemented IFDB by modifying PostgreSQL, and extended two application environments, PHP and Python, to provide a DIFC platform. IFDB caught several security bugs and prevented information leaks in two web applications we ported to the platform. Our evaluation shows that IFDB's throughput is as good as PostgreSQL for a real web application, and about 1% lower for a database benchmark based on TPC-C. |
| first_indexed | 2024-09-23T08:42:31Z |
| format | Article |
| id | mit-1721.1/90268 |
| institution | Massachusetts Institute of Technology |
| language | en_US |
| last_indexed | 2024-09-23T08:42:31Z |
| publishDate | 2014 |
| publisher | Association for Computing Machinery (ACM) |
| record_format | dspace |
| spelling | mit-1721.1/902682022-09-23T13:59:22Z IFDB: Decentralized Information Flow Control for Databases Schultz, David Liskov, Barbara H. Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Schultz, David Liskov, Barbara H. Numerous sensitive databases are breached every year due to bugs in applications. These applications typically handle data for many users, and consequently, they have access to large amounts of confidential information. This paper describes IFDB, a DBMS that secures databases by using decentralized information flow control (DIFC). We present the Query by Label model, which introduces new abstractions for managing information flows in a relational database. IFDB also addresses several challenges inherent in bringing DIFC to databases, including how to handle transactions and integrity constraints without introducing covert channels. We implemented IFDB by modifying PostgreSQL, and extended two application environments, PHP and Python, to provide a DIFC platform. IFDB caught several security bugs and prevented information leaks in two web applications we ported to the platform. Our evaluation shows that IFDB's throughput is as good as PostgreSQL for a real web application, and about 1% lower for a database benchmark based on TPC-C. 2014-09-22T18:26:38Z 2014-09-22T18:26:38Z 2013-04 Article http://purl.org/eprint/type/ConferencePaper 9781450319942 http://hdl.handle.net/1721.1/90268 David Schultz and Barbara Liskov. 2013. IFDB: decentralized information flow control for databases. In Proceedings of the 8th ACM European Conference on Computer Systems (EuroSys '13). ACM, New York, NY, USA, 43-56. https://orcid.org/0000-0002-5914-1866 en_US http://dx.doi.org/10.1145/2465351.2465357 Proceedings of the 8th ACM European Conference on Computer Systems (EuroSys '13) Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/ application/pdf Association for Computing Machinery (ACM) MIT web domain |
| spellingShingle | Schultz, David Liskov, Barbara H. IFDB: Decentralized Information Flow Control for Databases |
| title | IFDB: Decentralized Information Flow Control for Databases |
| title_full | IFDB: Decentralized Information Flow Control for Databases |
| title_fullStr | IFDB: Decentralized Information Flow Control for Databases |
| title_full_unstemmed | IFDB: Decentralized Information Flow Control for Databases |
| title_short | IFDB: Decentralized Information Flow Control for Databases |
| title_sort | ifdb decentralized information flow control for databases |
| url | http://hdl.handle.net/1721.1/90268 https://orcid.org/0000-0002-5914-1866 |
| work_keys_str_mv | AT schultzdavid ifdbdecentralizedinformationflowcontrolfordatabases AT liskovbarbarah ifdbdecentralizedinformationflowcontrolfordatabases |