Automated Enforcement of the Principle of Least Privilege over Data Source Access

The state-of-the-art database-backed web applications usually assign full privileges to connections between applications and data sources. This phenomenon, which would enable a malicious attacker to easily compromise the applications through arbitrarily manipulating the data sources without the restriction of privileges, seriously breaks the principle of least privilege (PLP), a fundamental law of system security. Motivated to counter this problem, we propose a framework PDA (PLP over Data source Access) to automatically enforce this principle over data source access based on application-driven privilege separation. Our proposed PDA contributes from the following aspects: i) PDA achieves the privilege separation by intercepting database queries and enforcing privileged connections to database for each database query; ii) PDA can effectively defend against SQL-based vulnerabilities including buggy queries and SQL injection attacks. Lastly, we evaluate PDA on a widely used application platform, JForum, to demonstrate the effectiveness of PDA with a promising performance overhead of 8.13%.