This paper presents SELinks, an extension of the Links web programming language, that allows a database and web server to collaboratively enforce a security policy with high assurance. Our approach has a number of benefits. First, the relationship between data and its security label is made explicit by the SELinks type system, which allows the compiler to ensure that a policy is always correctly enforced. Next, application-specific logic is communicated seamlessly to the database by compiling SELinks code and values to user-defined functions and custom datatypes, respectively, to be stored in the database. As a result, application-specific security policies can be enforced at the database while processing queries, improving both the overall efficiency of the application, as well as ensuring that sensitive data never leaves the database needlessly. Our experience with two sizeable web applications indicates that cross-tier policy enforcement in SELinks is flexible, relatively easy to use and improves efficiency, in terms of increased throughput, by as much as an order of magnitude.
[ .pdf ]
@MISC{corcoran08selinks,
AUTHOR = {Brian J. Corcoran and Nikhil Swamy and Michael Hicks},
TITLE = {Cross-tier, Label-based Security Enforcement for Web Applications},
MONTH = MAR,
YEAR = 2008
}