Information Flow in Databases for Free

Abstract

The root cause for con dentiality and integrity attacks against computing systems is insecure information flow. The complexity of modern systems poses a major challengeto secure end-to-end information flow, ensuring that the insecurity of a single component does not render the entire system insecure. While information flow in a variety of languages and settings has been thoroughly studied in isolation, the problem of tracking information across component boundaries has been largely out of reach of the work so far. This is unsatisfactory because tracking information across component boundaries is necessary for end-to-end security. This work proposes a framework for uniform tracking of information flow through both the application and the underlying database. Key enabler of the uniform treatment is work by Cheney et al., presented at last year's ICFP, which studies database manipulation via an embedded language-integrated query language (with Microsoft's LINQ on the backend). Because both the host language and the embedded query languages are both functional F#-like languages, we are able leverage information flow enforcement for functional languages to obtain information flow control for databases \for free", synergize it with information flow control for applications and thus guarantee end-to-end security. We develop the formal results in the form of a security type system that includes a novel treatment of algebraic data types and pattern matching, and establish its soundness. On the practical side, we implement the framework and demonstrate its usefulness in a case study with a realistic movie rental database.