March 12, 2018
Marco Guarnieri
Databases often store and manage sensitive data. Regulating the access to databases is, therefore, essential. To this end, database security researchers have developed both access control and inference control mechanisms. Unfortunately, existing mechanisms are implemented in an ad hoc fashion, with neither precise security guarantees nor the means to verify them. This has immediate consequences as existing mechanisms are inadequate to secure modern databases and are susceptible to attacks. In the talk, we will present two provably secure enforcement mechanisms for access and inference control in databases. The first system is ANGERONA, a provably secure inference control mechanism that prevents information leakage in the presence of probabilistic dependencies. ANGERONA is based on probabilistic logic programming, and it leverages a tractable inference algorithm for a practically relevant fragment of probabilistic logic programs. The second part of the talk focuses on database access control. Motivated by practical attacks against commercial database systems, we present a formal framework for reasoning about the security of database access control mechanisms, and we leverage it to build a provably secure access control mechanism that thwarts attacks that existing mechanisms fail to prevent. We also present some results bridging information-flow control and database access control. The talk his based on joint work with David Basin, Srdjan Marinovic, Daniel Schoepe, Musard Balliu, and Andrei Sabelfeld.