Thesis defense: Decentralized Information Flow Control for Databases
Speaker: David Schultz , MIT CSAIL
Date: July 10 2012
Time: 2:00PM to 3:00PM
Location: 32-G449 (Kiva)
Contact: David Schultz, das@csail.mit.edu
Numerous sensitive databases are breached every year due to bugs in applications. These applications typically handle data for many users, and consequently, they have access to large amounts of confidential information. Decentralized information flow control (DIFC) has been gaining traction as a practical way to prevent
bugs in these applications from exposing information. However, many online applications use databases to store information, and there have been no prior comprehensive attempts to extend DIFC to database systems.
This talk describes IFDB, the first DBMS that secures relational databases by using DIFC. I introduce the Query by Label model and new abstractions for managing information flows in a database system, such as declassifying views. IFDB also addresses several new challenges inherent in bringing DIFC to databases, including how to handle transactions and integrity constraints without introducing unexpected information leaks. The talk also discusses my experiences porting two
applications to use IFDB. IFDB prevented several security bugs from
leaking information, and it performs nearly as well as a system without information flow control.
Thesis supervisor: Barbara Liskov
Thesis committee: Sam Madden and Nickolai Zeldovich
See other events that are part of
See other events happening in July 2012
