@inproceedings{0641ba07f18d40d98a90aab2fd094c8d,
title = "Blockaid: Data Access Policy Enforcement for Web Applications",
abstract = "Modern web applications serve large amounts of sensitive user data, access to which is typically governed by data-access policies. Enforcing such policies is crucial to preventing improper data access, and prior work has proposed many enforcement mechanisms. However, these prior methods either alter application semantics or require adopting a new programming model; the former can result in unexpected application behavior, while the latter cannot be used with existing web frameworks. Blockaid is an access-policy enforcement system that preserves application semantics and is compatible with existing web frameworks. It intercepts database queries from the application, attempts to verify that each query is policy-compliant, and blocks queries that are not. It verifies policy compliance using SMT solvers and generalizes and caches previous compliance decisions for better performance. We show that Blockaid supports existing web applications while requiring minimal code changes and adding only modest overheads.",
author = "Wen Zhang and Eric Sheng and Michael Chang and Aurojit Panda and Mooly Sagiv and Scott Shenker",
note = "Publisher Copyright: {\textcopyright} 2022 by The USENIX Association. All rights reserved.; 16th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2022 ; Conference date: 11-07-2022 Through 13-07-2022",
year = "2022",
language = "الإنجليزيّة",
series = "Proceedings of the 16th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2022",
pages = "701--718",
booktitle = "Proceedings of the 16th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2022",
}