kth.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Disjunctive Policies for Database-Backed Programs
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Theoretical Computer Science, TCS.
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Theoretical Computer Science, TCS.
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Theoretical Computer Science, TCS.ORCID iD: 0000-0001-6005-5992
2024 (English)In: 2024 IEEE 37TH Computer Security Foundations Symposium, CSF 2024, Institute of Electrical and Electronics Engineers (IEEE) , 2024, p. 388-402Conference paper, Published paper (Refereed)
Abstract [en]

When specifying security policies for databases, it is often natural to formulate disjunctive dependencies, where a piece of information may depend on at most one of two dependencies P-1 or P-2, but not both. A formal semantic model of such disjunctive dependencies, the Quantale of Information, was recently introduced by Hunt and Sands as a generalization of the Lattice of Information. In this paper, we seek to contribute to the understanding of disjunctive dependencies in database-backed programs and introduce a practical framework to statically enforce disjunctive security policies. To that end, we introduce the Determinacy Quantale, a new query-based structure which captures the ordering of disjunctive information in databases. This structure can be understood as a query-based counterpart to the Quantale of Information. Based on this structure, we design a sound enforcement mechanism to check disjunctive policies for database-backed programs. This mechanism is based on a type-based analysis for a simple imperative language with database queries, which is precise enough to accommodate a variety of row- and column-level database policies flexibly while keeping track of disjunctions due to control flow. We validate our mechanism by implementing it in a tool, DIVERT, and demonstrate its feasibility on a number of use cases.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE) , 2024. p. 388-402
Series
Proceedings IEEE Computer Security Foundations Symposium, ISSN 1940-1434
National Category
Computer Sciences Computer Systems
Identifiers
URN: urn:nbn:se:kth:diva-356018DOI: 10.1109/CSF61375.2024.00017ISI: 001322679500026Scopus ID: 2-s2.0-85205942253OAI: oai:DiVA.org:kth-356018DiVA, id: diva2:1912036
Conference
37th IEEE Computer Security Foundations Symposium (CSF), JUL 08-12, 2024, Enschede, NETHERLANDS
Note

Part of ISBN 979-8-3503-6204-6, 979-8-3503-6203-9

QC 20241111

Available from: 2024-11-11 Created: 2024-11-11 Last updated: 2024-11-11Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Ahmadian, Amir M.Soloviev, MatveyBalliu, Musard

Search in DiVA

By author/editor
Ahmadian, Amir M.Soloviev, MatveyBalliu, Musard
By organisation
Theoretical Computer Science, TCS
Computer SciencesComputer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 89 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf