Numerous sensitive databases are breached every year due to bugs in applications. These applications typically handle data for many users, and consequently, they have access to large amounts of confidential information. Decentralized information flow control (DIFC) has been gaining traction as a practical way to prevent bugs in these applications from exposing information. However, many online applications use databases to store information, and there have been no prior comprehensive attempts to extend DIFC to database systems. This talk describes IFDB, the first DBMS that secures relational databases by using DIFC. I introduce the Query by Label model and new abstractions for managing information flows in a database system, such as declassifying views. IFDB also addresses several new challenges inherent in bringing DIFC to databases, including how to handle transactions and integrity constraints without introducing unexpected information leaks. The talk also discusses my experiences porting two applications to use IFDB. IFDB prevented several security bugs from leaking information, and it performs nearly as well as a system without information flow control.
Thesis Supervisor: Barbara Liskov