9,268 research outputs found
SafeWeb: A Middleware for Securing Ruby-Based Web Applications
Web applications in many domains such as healthcare and finance must process sensitive data, while complying with legal policies regarding the release of different classes of data to different parties. Currently, software bugs may lead to irreversible disclosure of confidential data in multi-tier web applications. An open challenge is how developers can guarantee these web applications only ever release sensitive data to authorised users without costly, recurring security audits.
Our solution is to provide a trusted middleware that acts as a “safety net” to event-based enterprise web applications by preventing harmful data disclosure before it happens. We describe the design and implementation of SafeWeb, a Ruby-based middleware that associates data with security labels and transparently tracks their propagation at different granularities across a multi-tier web architecture with storage and complex event processing. For efficiency, maintainability and ease-of-use, SafeWeb exploits the dynamic features of the Ruby programming language to achieve label propagation and data flow enforcement. We evaluate SafeWeb by reporting our experience of implementing a web-based cancer treatment application and deploying it as part of the UK National Health Service (NHS)
Active Integrity Constraints and Revision Programming
We study active integrity constraints and revision programming, two
formalisms designed to describe integrity constraints on databases and to
specify policies on preferred ways to enforce them. Unlike other more commonly
accepted approaches, these two formalisms attempt to provide a declarative
solution to the problem. However, the original semantics of founded repairs for
active integrity constraints and justified revisions for revision programs
differ. Our main goal is to establish a comprehensive framework of semantics
for active integrity constraints, to find a parallel framework for revision
programs, and to relate the two. By doing so, we demonstrate that the two
formalisms proposed independently of each other and based on different
intuitions when viewed within a broader semantic framework turn out to be
notational variants of each other. That lends support to the adequacy of the
semantics we develop for each of the formalisms as the foundation for a
declarative approach to the problem of database update and repair. In the paper
we also study computational properties of the semantics we consider and
establish results concerned with the concept of the minimality of change and
the invariance under the shifting transformation.Comment: 48 pages, 3 figure
CONFLLVM: A Compiler for Enforcing Data Confidentiality in Low-Level Code
We present an instrumenting compiler for enforcing data confidentiality in
low-level applications (e.g. those written in C) in the presence of an active
adversary. In our approach, the programmer marks secret data by writing
lightweight annotations on top-level definitions in the source code. The
compiler then uses a static flow analysis coupled with efficient runtime
instrumentation, a custom memory layout, and custom control-flow integrity
checks to prevent data leaks even in the presence of low-level attacks. We have
implemented our scheme as part of the LLVM compiler. We evaluate it on the SPEC
micro-benchmarks for performance, and on larger, real-world applications
(including OpenLDAP, which is around 300KLoC) for programmer overhead required
to restructure the application when protecting the sensitive data such as
passwords. We find that performance overheads introduced by our instrumentation
are moderate (average 12% on SPEC), and the programmer effort to port OpenLDAP
is only about 160 LoC.Comment: Technical report for CONFLLVM: A Compiler for Enforcing Data
Confidentiality in Low-Level Code, appearing at EuroSys 201
- …