Decentralized information flow control for databases

Privacy and integrity concerns have been mounting in recent years as sensitive data such asmedical records, social network records, and corporate and government secrets are increasingly being stored in online systems. The rate of high-profile breaches has illustrated that current techniques are inadequate for protecting sensitive information. Many of these breaches involve databases that handle information for a multitude of individuals, but databases don’t provide practical tools to protect those individuals from each other, so that task is relegated to the application.This dissertation describes a system that improves security in a principled way by extending the database system and the application platform to support information flow control. Information flow control has been gaining traction as a practical way to protect information in the contexts of programming languages and operating systems. Recent research advocates the decentralizedmodel for information flow control (difc), since it provides the necessary expressiveness to protect data for many individuals with varied security concerns.However, despite the fact thatmost applications implicated in breaches rely on relational databases, there havebeennoprior comprehensive attempts to extend difc to a database system. This dissertation introduces ifdb, which is a database management system that supports difc with minimal overhead. ifdb pioneers the Query by Label model, which provides applications with a simple way to delineate constraints on the confidentiality and integrity of the data they obtain from the database.This dissertation also defines new abstractions formanaging information flows in a database and proposes new ways to address covert channels. Finally, the ifdb implementation and case studies with real applications demonstrate that database support for difc improves security, is easy for developers to use, and has good performance. Thesis Supervisor: Barbara Liskov Title: Institute Professor