Abstract

Formal proof of security measure effectiveness and computation security is vitally important for trust in critical information systems. It should be realized that formal security verification must be carried out at each infrastructural level (from the hardware level to the application level) in the process of system design. Currently, computation security analysis on the application level remains the major challenge as it requires complex labeling of computing environment elements. Traditionally, to solve this problem, information flow control (IFC) methods are employed. Unlike access control mechanisms widely used in modern operating systems (OSs) and database management systems (DBMSs), IFC has limited application in software design and mostly comes down to trivial taint tracking. This paper describes an approach to full-fledged implementation of IFC in PL/SQL program units with the use of the PLIF platform. In addition, a general scheme of computation security analysis for enterprise applications that work with relational DBMSs is considered. The key advantage of our approach is the explicit separation of functions between software developers and security analysts.

中文翻译：

---

PLIF平台在PL/SQL程序单元中实现信息流分析的场景

摘要

安全措施有效性和计算安全性的正式证明对于关键信息系统的信任至关重要。应该认识到，在系统设计过程中，必须在各个基础设施层面（从硬件层面到应用层面）进行形式化的安全验证。目前，应用程序级别的计算安全分析仍然是主要挑战，因为它需要对计算环境元素进行复杂的标记。传统上，为了解决这个问题，采用信息流控制（IFC）方法。与现代操作系统 (OS) 和数据库管理系统 (DBMS) 中广泛使用的访问控制机制不同，IFC 在软件设计中的应用有限，并且大多归结为琐碎的污点跟踪。本文描述了一种使用 PLIF 平台在 PL/SQL 程序单元中全面实现 IFC 的方法。此外，还考虑了与关系 DBMS 一起使用的企业应用程序的计算安全分析的通用方案。我们方法的主要优点是软件开发人员和安全分析师之间的功能明确分离。