Information Flow in Databases for Free

Examensarbete för masterexamen

Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.12380/198371
Download file(s):
File Description SizeFormat 
198371.pdfFulltext1 MBAdobe PDFView/Open
Type: Examensarbete för masterexamen
Master Thesis
Title: Information Flow in Databases for Free
Authors: Schoepe, Daniel
Abstract: The root cause for con dentiality and integrity attacks against computing systems is insecure information flow. The complexity of modern systems poses a major challengeto secure end-to-end information flow, ensuring that the insecurity of a single component does not render the entire system insecure. While information flow in a variety of languages and settings has been thoroughly studied in isolation, the problem of tracking information across component boundaries has been largely out of reach of the work so far. This is unsatisfactory because tracking information across component boundaries is necessary for end-to-end security. This work proposes a framework for uniform tracking of information flow through both the application and the underlying database. Key enabler of the uniform treatment is work by Cheney et al., presented at last year's ICFP, which studies database manipulation via an embedded language-integrated query language (with Microsoft's LINQ on the backend). Because both the host language and the embedded query languages are both functional F#-like languages, we are able leverage information flow enforcement for functional languages to obtain information flow control for databases \for free", synergize it with information flow control for applications and thus guarantee end-to-end security. We develop the formal results in the form of a security type system that includes a novel treatment of algebraic data types and pattern matching, and establish its soundness. On the practical side, we implement the framework and demonstrate its usefulness in a case study with a realistic movie rental database.
Keywords: Data- och informationsvetenskap;Informations- och kommunikationsteknik;Computer and Information Science;Information & Communication Technology
Issue Date: 2014
Publisher: Chalmers tekniska högskola / Institutionen för data- och informationsteknik, Datavetenskap (Chalmers)
Chalmers University of Technology / Department of Computer Science and Engineering, Computing Science (Chalmers)
URI: https://hdl.handle.net/20.500.12380/198371
Collection:Examensarbeten för masterexamen // Master Theses



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.