Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications
The authors present a system for sound static checking of security policies for database-backed web applications. The tool checks a combination of access control and information flow policies, where the policies vary based on database contents. For instance, one or more database tables may represent an access control matrix, controlling who may read or write which cells of these and other tables. Using symbolic evaluation and automated theorem-proving, the tool checks these policies statically, requiring no program annotations (beyond the policies themselves) and adding no run-time overhead. Specifications come in the form of SQL queries as policies: for instance, an application's confidentiality policy is a fixed set of queries, whose results provide an upper bound on what information may be released to the user.