Contextual and Granular Policy Enforcement in Database-backed Applications

Abstract: Database-backed applications rely on inlined policy checks to process users' private and confidential data in a policy-compliant manner as traditional database access control mechanisms cannot enforce complex policies. However, application bugs due to missed checks are common in such applications, which result in data breaches. While separating policy from code is a natural solution, many data protection policies specify restrictions based on the context in which data is accessed and how the data is used. Enfo… Show more

“…Many IFC languages have been developed, including JIF [61], FlowCaml [72], Jeeves [78], JSFlow [54], LWeb [64], and others [5,18,20,21,25,45,47,59,60,65,71,75]. Our work builds on two ideas from this field: dynamic information-flow [4,37,67,77] Table 3: Comparison of related work JIF [61] FlowCaml [72] SIF [21] SELinks [25] UrFlow [18] Jeeves [78] JSFlow [54] Jacqueline [77] JSLINQ [5] Hails [45] DAISY [47] LWeb [64] Riverbed [75] Estrela [11] Lifty [65] Storm [59] WebTTC…”

“…The dynamic IFC systems of Jeeves [78], Jacqueline [77], Hails [45], LWeb [64], and Estrela [11] rely on policies defined at the datamodel level. Hails [45] and LWeb [64] are based on Haskell monads, Estrela [11] on modifying database queries, and Jeeves [78] and Jacqueline [77] on a custom 𝜆 calculus.…”

“…The dynamic IFC systems of Jeeves [78], Jacqueline [77], Hails [45], LWeb [64], and Estrela [11] rely on policies defined at the datamodel level. Hails [45] and LWeb [64] are based on Haskell monads, Estrela [11] on modifying database queries, and Jeeves [78] and Jacqueline [77] on a custom 𝜆 calculus. In Jeeves and Jacqueline, sensitive values are evaluated either to their actual value or a default value according to the content of some level variable, which is set according to the application's policy.…”

User-Controlled Privacy: Taint, Track, and Control

“…Many IFC languages have been developed, including JIF [61], FlowCaml [72], Jeeves [78], JSFlow [54], LWeb [64], and others [5,18,20,21,25,45,47,59,60,65,71,75]. Our work builds on two ideas from this field: dynamic information-flow [4,37,67,77] Table 3: Comparison of related work JIF [61] FlowCaml [72] SIF [21] SELinks [25] UrFlow [18] Jeeves [78] JSFlow [54] Jacqueline [77] JSLINQ [5] Hails [45] DAISY [47] LWeb [64] Riverbed [75] Estrela [11] Lifty [65] Storm [59] WebTTC…”

“…The dynamic IFC systems of Jeeves [78], Jacqueline [77], Hails [45], LWeb [64], and Estrela [11] rely on policies defined at the datamodel level. Hails [45] and LWeb [64] are based on Haskell monads, Estrela [11] on modifying database queries, and Jeeves [78] and Jacqueline [77] on a custom 𝜆 calculus.…”

“…The dynamic IFC systems of Jeeves [78], Jacqueline [77], Hails [45], LWeb [64], and Estrela [11] rely on policies defined at the datamodel level. Hails [45] and LWeb [64] are based on Haskell monads, Estrela [11] on modifying database queries, and Jeeves [78] and Jacqueline [77] on a custom 𝜆 calculus. In Jeeves and Jacqueline, sensitive values are evaluated either to their actual value or a default value according to the content of some level variable, which is set according to the application's policy.…”

User-Controlled Privacy: Taint, Track, and Control

“…However, a large gap remains between designs and the concrete system implementations. In contrast, approaches for enforcing data-usage policies [19,62] focus on the enforcement mechanism, making the policy statement implementation dependent and hence not a design artifact. Finally, there are approaches that do not propose any technical means for achieving privacyby-design, but rather report on experiences [39], analyze regulations [6], or exclusively work with system design models [5].…”

Model-driven Privacy

RuleKeeper: GDPR-Aware Personal Data Compliance for Web Frameworks