short-paper

Diesel: applying privilege separation to database access

Authors:

Adrienne Porter Felt,

Matthew Finifter,

Joel Weinberger,

David WagnerAuthors Info & Claims

ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security

Pages 416 - 422

https://doi.org/10.1145/1966913.1966971

Published: 22 March 2011 Publication History

Abstract

Database-backed applications typically grant complete database access to every part of the application. In this scenario, a flaw in one module can expose data that the module never uses for legitimate purposes. Drawing parallels to traditional privilege separation, we argue that database data should be subject to limitations such that each section of code receives access to only the data it needs. We call this data separation. Data separation defends against SQL-based errors including buggy queries and SQL injection attacks and facilitates code review, since a module's policy makes the extent of its database access explicit to programmers and code reviewers. We construct a system called Diesel, which implements data separation by intercepting database queries and applying modules' restrictions to the queries. We evaluate Diesel on three widely-used applications: Drupal, JForum, and WordPress.

References

[1]

J. P. Boyer, R. Hasan, L. E. Olson, N. Borisov, C. A. Gunter, and D. Raila. Improving multi-tier security using redundant authentication. In CSAW '07: Proceedings of the 2007 ACM workshop on Computer security architecture, pages 54--62, New York, NY, USA, 2007. ACM.

Digital Library

[2]

G. Buehrer, B. W. Weide, and P. A. G. Sivilotti. Using parse tree validation to prevent SQL injection attacks. In SEM '05: Proceedings of the 5th international workshop on Software engineering and middleware, pages 106--113, New York, NY, USA, 2005. ACM.

Digital Library

[3]

M. Dalton, C. Kozyrakis, and N. Zeldovich. Nemesis: Preventing Authentication &amp; Access Control Vulnerabilities in Web Applications. In Proceedings of the 18th USENIX Security Symposium, Montreal, Canada, August 2009.

Digital Library

[4]

V. Felmetsger, L. Cavedon, C. Kruegel, and G. Vigna. Toward Automated Detection of Logic Vulnerabilities in Web Applications. In USENIX Security, 2010.

Digital Library

[5]

A. P. Felt, M. Finifter, J. Weinberger, and D. Wagner. Diesel: Applying privilege separation to database access. Technical Report UCB/EECS-2010-149, EECS Department, University of California, Berkeley, Dec 2010.

[6]

Google. Android Developers: Security and Permissions. http://developer.android.com/guide/topics/security/security.html.

[7]

P. P. Griffiths and B. W. Wade. An authorization mechanism for a relational database system. ACM Trans. Database Syst., 1(3):242--255, 1976.

Digital Library

[8]

W. Halfond and A. Orso. AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks. In Proceedings of the IEEE and ACM International Conference on Automated Software Engineering (ASE 2005), pages 174--183, Long Beach, CA, USA, November 2005.

Digital Library

[9]

W. G. Halfond, J. Viegas, and A. Orso. A Classification of SQL-Injection Attacks and Countermeasures. In Proceedings of the IEEE International Symposium on Secure Software Engineering, Arlington, VA, USA, March 2006.

[10]

JForum---Powering communities. http://www.jforum.net.

[11]

G. Kabra, R. Ramamurthy, and S. Sudarshan. Redundancy and information leakage in fine-grained access control. In SIGMOD '06: Proceedings of the 2006 ACM SIGMOD international conference on Management of data, pages 133--144, New York, NY, USA, 2006. ACM.

Digital Library

[12]

J. C. K. Keane. {Full-disclosure} Drupal Brilliant Gallery module SQL injection vulnerability. http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2008-09/msg00506.html.

[13]

A. Krishnamurthy, A. Mettler, and D. Wagner. Fine-Grained Privilege Separation for Web Applications. In WWW '10: Proceedings of the 19th international conference on World Wide Web. ACM, 2010.

Digital Library

[14]

C. R. Landau. Security in a secure capability-based system. SIGOPS Oper. Syst. Rev., 23(4):2--4, 1989.

Digital Library

[15]

J. G. Lara. Internet Security Auditors Alert: WP-Forum &#8804; 2.3 SQL Injection vulnerabilities. http://www.securityfocus.com/archive/1/archive/1/508504/100/0/threaded, 2009.

[16]

H. M. Levy. Capability-Based Computer Systems. Butterworth-Heinemann, Newton, MA, USA, 1984.

Digital Library

[17]

N. Loeve. Funnel - A Multiplexer Plugin for MySQL-Proxy. https://lists.launchpad.net/mysql-proxy-discuss/msg00030.html.

[18]

A. Mettler, D. Wagner, and T. Close. Joe-E: A Security-Oriented Subset of Java. In Proceedings of the 17th Annual Network and Distributed Systems Security Symposium (NDSS 2010), 2010.

[19]

M. S. Miller. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis, Johns Hopkins University, Baltimore, Maryland, USA, May 2006.

Digital Library

[20]

MySQL Proxy. http://forge.mysql.com/wiki/MySQL_Proxy.

[21]

L. E. Olson, C. A. Gunter, and P. Madhusudan. A Formal Framework for Reflective Database Access Control Policies. In CCS '08: Proceedings of the 15th ACM conference on Computer and Communications Security, pages 289--298, New York, NY, USA, 2008. ACM.

Digital Library

[22]

Oracle. Examples of Second Order SQL Injection Attack. http://st-curriculum.oracle.com/tutorial/SQLInjection/html/lesson1/les01_tm_attacks2.htm.

[23]

B. Parno, J. M. McCune, D. Wendlandt, D. G. Andersen, and A. Perrig. CLAMP: Practical prevention of large-scale data leaks. In Proc. IEEE Symposium on Security and Privacy, Oakland, CA, May 2009.

Digital Library

[24]

N. Provos, M. Friedl, and P. Honeyman. Preventing privilege escalation. In SSYM'03: Proceedings of the 12th conference on USENIX Security Symposium, pages 16--16, Berkeley, CA, USA, 2003. USENIX Association.

Digital Library

[25]

S. Rizvi, A. Mendelzon, S. Sudarshan, and P. Roy. Extending query rewriting techniques for fine-grained access control. In SIGMOD '04: Proceedings of the 2004 ACM SIGMOD international conference on Management of data, pages 551--562, New York, NY, USA, 2004. ACM.

Digital Library

[26]

J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278--1308, 1975.

[27]

J. S. Shapiro, J. M. Smith, and D. J. Farber. EROS: a fast capability system. In SOSP '99: Proceedings of the seventeenth ACM Symposium on Operating Systems Principles, pages 170--185, New York, NY, USA, 1999. ACM.

Digital Library

[28]

Sun Microsystems, Inc. Connection pooling, 2008. http://java.sun.com/developer/onlineTraining/Programming/JDCBook/conpool.html#pool.

[29]

S. Thomas and L. Williams. Using Automated Fix Generation to Secure SQL Statements. In SESS '07: Proceedings of the Third International Workshop on Software Engineering for Secure Systems, page 9, Washington, DC, USA, 2007. IEEE Computer Society.

Digital Library

Cited By

Joseph AYadav NGanapathy VBehl DJayachandran P(2023)Data Protection in Permissioned Blockchains using Privilege Separation2023 15th International Conference on COMmunication Systems & NETworkS (COMSNETS)10.1109/COMSNETS56262.2023.10041304(748-756)Online publication date: 3-Jan-2023
https://doi.org/10.1109/COMSNETS56262.2023.10041304
Renner JSanchez-Stern ABrown FLerner SStefan DFreund SYahav E(2021)Scooter & Sidecar: a domain-specific approach to writing secure database migrationsProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454072(710-724)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454072
Wu HYu ZHuang DZhang HHan W(2020)Automated Enforcement of the Principle of Least Privilege over Data Source Access2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom50675.2020.00075(510-517)Online publication date: Dec-2020
https://doi.org/10.1109/TrustCom50675.2020.00075
Show More Cited By

Index Terms

Diesel: applying privilege separation to database access

Recommendations

Identifying Privilege Separation Vulnerabilities in IoT Firmware with Symbolic Execution
Computer Security – ESORICS 2019
Abstract
With the rapid proliferation of IoT devices, we have witnessed increasing security breaches targeting IoT devices. To address this, considerable attention has been drawn to the vulnerability discovery of IoT firmware. However, in contrast to the ...
Compac: enforce component-level access control in android
CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacy

In Android applications, third-party components may bring potential security problems, because they have the same privilege as the applications but cannot be fully trusted. It is desirable if their privileges can be restricted. To minimize the privilege ...
Enforcing user-space privilege separation with declarative architectures
STC '12: Proceedings of the seventh ACM workshop on Scalable trusted computing

Applying privilege separation in software development is an effective strategy for limiting the damage of an attack on a software system. In this approach, a software system is separated into a set of communicating protection domains of least privilege. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security

March 2011

527 pages

ISBN:9781450305648

DOI:10.1145/1966913

General Chairs:
Bruce Cheung
The University of Hong Kong, China
,
Lucas Chi Kwong Hui
The University of Hong Kong, China
,
Program Chairs:
Ravi Sandhu
University of Texas, San Antonio
,
Duncan S. Wong
City University of Hong Kong, China

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 March 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

Conference

ASIA CCS '11

Sponsor:

SIGSAC

ASIA CCS '11: 6th ACM Symposium on Information, Compuer and Communications Security

March 22 - 24, 2011

Hong Kong, China

Acceptance Rates

ASIACCS '11 Paper Acceptance Rate 35 of 217 submissions, 16%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
331
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Joseph AYadav NGanapathy VBehl DJayachandran P(2023)Data Protection in Permissioned Blockchains using Privilege Separation2023 15th International Conference on COMmunication Systems & NETworkS (COMSNETS)10.1109/COMSNETS56262.2023.10041304(748-756)Online publication date: 3-Jan-2023
https://doi.org/10.1109/COMSNETS56262.2023.10041304
Renner JSanchez-Stern ABrown FLerner SStefan DFreund SYahav E(2021)Scooter & Sidecar: a domain-specific approach to writing secure database migrationsProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454072(710-724)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454072
Wu HYu ZHuang DZhang HHan W(2020)Automated Enforcement of the Principle of Least Privilege over Data Source Access2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom50675.2020.00075(510-517)Online publication date: Dec-2020
https://doi.org/10.1109/TrustCom50675.2020.00075
Giffin DLevy AStefan DTerei DMazières DMitchell JRusso A(2017)Hails: Protecting data privacy in untrusted web applicationsJournal of Computer Security10.3233/JCS-1580125:4-5(427-461)Online publication date: 10-Jul-2017
https://doi.org/10.3233/JCS-15801
Yang ZLevchenko K(2017)Securing Web Applications with Predicate Access ControlData and Applications Security and Privacy XXXI10.1007/978-3-319-61176-1_30(541-554)Online publication date: 22-Jun-2017
https://doi.org/10.1007/978-3-319-61176-1_30
Geneiatakis D(2016)Minimizing Databases Attack Surface Against SQL Injection AttacksInformation and Communications Security10.1007/978-3-319-29814-6_1(1-9)Online publication date: 5-Mar-2016
https://doi.org/10.1007/978-3-319-29814-6_1
Monshizadeh MNaldurg PVenkatakrishnan VAhn GYung MLi N(2014)MACEProceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security10.1145/2660267.2660337(690-701)Online publication date: 3-Nov-2014
https://dl.acm.org/doi/10.1145/2660267.2660337
Blankstein AFreedman M(2014)Automating Isolation and Least Privilege in Web ServicesProceedings of the 2014 IEEE Symposium on Security and Privacy10.1109/SP.2014.16(133-148)Online publication date: 18-May-2014
https://dl.acm.org/doi/10.1109/SP.2014.16
Budianto EJia YDong XSaxena PLiang Z(2014)You Can’t Be Me: Enabling Trusted Paths and User Sub-origins in Web BrowsersResearch in Attacks, Intrusions and Defenses10.1007/978-3-319-11379-1_8(150-171)Online publication date: 2014
https://doi.org/10.1007/978-3-319-11379-1_8
Chen ZDong XSaxena PLiang ZSadeghi AGligor VYung M(2013)POSTER: CRYPTSERVERProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2512525(1457-1460)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2512525
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten