Information Flow Analysis for Valued-Indexed Data Security Compartments [chapter]

Luísa Lourenço, Luís Caires
2014 Lecture Notes in Computer Science  
Data-intensive applications as popularised by cloud computing raise many security challenges, due to the large number of remote users involved and multi-tenancy. Frequently, the security compartment associated to data stored in shared containers, such as database tables, is not determined by the static structure of the database schema, but depends on runtime data values, as required to ensure so-called "row-level" security. In this paper, we investigate a programming language approach to these
more » ... ssues, based on a λ-calculus extended with data manipulation primitives. We develop a type-based information flow analysis introducing a notion of value-indexed security labels, representing value-indexed security levels, or compartments. Our results ensure that well-typed programs do not break confidentiality constraints imposed by a declared security discipline. Yet, this basic approach is not enough to enforce the needed security policies. When we say that a patient can see his full profile we are stating something stronger than that: a patient can see any patient's full profile. This is clearly an undesirable limitation of the simple security label model adopted, which is not expressive enough to talk about individual tuples of an entity. In intuitive terms, the P security compartment needs to be partitioned (indexed) in many partitions P(n), one for each patient n, e.g. P(joe), P(mary), etc, where L<P(n)<P for all n, and P(m) =P(n) for all n = m. Now, all patient records are stored in the same data structure, the entity table Patients. To give to the table a uniform security type, we then introduce security-label dependent records, allowing us to express"row-level" security compartments: entity Doctors
doi:10.1007/978-3-319-05119-2_11 fatcat:jquga3pknncyrmce63zozr7ufy