Web applications routinely access sensitive and confidential data of users through remote APIs, the privacy of which is governed by different policies specified by the application developer and implemented as checks across application code and database queries. Given the complexity of the code, it is often the case that missing policy checks cause unauthorized information leaks. To address this issue of policy compliance, we present ESTRELA, a framework that allows specification of privacy policies separately from the code and enforces it on the interfaces that access the sensitive data. One of the major concerns that this work addresses is the specification of rich and expressive stateful policies that allow applications to function seamlessly while preventing unauthorized leaks of data. At the same time, ESTRELA applies only selected policies based on the usage of sensitive data, limiting the number of policies being applied. The idea is to associate policies, written in a higher-order language, with different remote interfaces that are enforced on their outputs instead of having a fixed set of policies for different database fields, leveraging the features of the widely-used REST architectural style. ESTRELA is database-agnostic and does not require any modification to the database. We implement ESTRELA in Python, on top of Django, and evaluate its performance and effectiveness by showing its application to a social-networking application, a healthcare system and a conference management system. ESTRELA adds reasonably low overhead to existing applications that run without any policy checks, and almost negligible overheads to applications running with policy checks as part of the API code.
翻译:网络应用程序通常通过远程API访问用户的敏感和保密数据,其隐私受应用程序开发者具体规定的不同政策管辖,并作为对应用程序代码和数据库查询的检查而实施。鉴于该代码的复杂性,缺少政策检查往往导致未经授权的信息泄漏。为解决这一遵守政策的问题,我们提出ESTRELA, 该框架允许对隐私政策进行与代码分开的规格说明,并在访问敏感数据的界面上执行这一框架。该工作地址的主要关切之一是,说明允许应用程序在防止未经授权的数据泄漏的同时无缝运行的丰富和清晰的状态政策。同时,ESTREELA仅根据敏感数据的使用而适用选定的政策,限制所适用政策的数量。其想法是,以较高顺序语言撰写的政策,与不同数据库域的固定政策组合在一起,利用广泛使用的RESTEST结构风格的特征。 ESTELA是数据库,不需要对数据库作任何修改,而无需修改,ESTERELA只使用敏感数据, 将ES-SERA应用的运行效率显示ESTRERA系统, 运行中的任何磁性政策应用。