Towards Multiverse Databases

A multiverse database transparently presents each application user with a flexible, dynamic, and independent view of shared data. This transformed view of the entire database contains only information allowed by a centralized and easily-auditable privacy policy. By enforcing the privacy policy once, in the database, multiverse databases reduce programmer burden and eliminate many frontend bugs that expose sensitive data. Multiverse databases' per-user transformations risk expensive queries if applied dynamically on reads, or impractical storage requirements if the database proactively materializes policy-compliant views. We propose an efficient design based on a joint dataflow across "universes" that combines global, shared computation and cached state with individual, per-user processing and state. This design, which supports arbitrary SQL queries and complex policies, imposes no performance overhead on read queries. Our early prototype supports thousands of parallel universes on a single server.

[1]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[2]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[3]  Pauline Bolignano,et al.  Semantic-based Automated Reasoning for AWS Access Policies using SMT , 2018, 2018 Formal Methods in Computer Aided Design (FMCAD).

[4]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[5]  Peter Druschel,et al.  Qapla: Policy compliance for database-backed systems , 2017, USENIX Security Symposium.

[6]  Adam Chlipala,et al.  Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications , 2010, OSDI.

[7]  Xi Wang,et al.  Jitk: A Trustworthy In-Kernel Interpreter Infrastructure , 2014, OSDI.

[8]  S. Sudarshan,et al.  Fine Grained Authorization Through Predicated Grants , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[9]  Elaine Shi,et al.  Private and Continual Release of Statistics , 2010, TSEC.

[10]  Xi Wang,et al.  Improving application security with data flow assertions , 2009, SOSP '09.

[11]  Armando Solar-Lezama,et al.  Precise, dynamic information flow for database-backed applications , 2015, PLDI.

[12]  Armando Solar-Lezama,et al.  Type-Driven Repair for Information Flow Security , 2016, ArXiv.

[13]  Selim G. Akl,et al.  Views for Multilevel Database Security , 1987, IEEE Transactions on Software Engineering.

[14]  Milos Nikolic,et al.  How to Win a Hot Dog Eating Contest: Distributed Incremental View Maintenance with Batch Updates , 2016, SIGMOD Conference.

[15]  Amir Shaikhha,et al.  DBToaster: higher-order delta processing for dynamic, frequently fresh views , 2012, The VLDB Journal.

[16]  Armando Solar-Lezama,et al.  A language for automatically enforcing privacy policies , 2012, POPL '12.

[17]  M. Abadi,et al.  Naiad: a timely dataflow system , 2013, SOSP.

[18]  Eddie Kohler,et al.  Noria: dynamic, partially-stateful data-flow for high-performance web applications , 2018, OSDI.

[19]  Milos Nikolic,et al.  DBToaster: Higher-order Delta Processing for Dynamic, Frequently Fresh Views , 2012, Proc. VLDB Endow..