Estrela: Automated, Contextual Enforcement of Data Flow Policies across APIs

Existing solutions for tracking sensitive data and enforcing data usage policies have been intertwined with a specific host language---and multiple host languages in the case of database-backed applications. In this paper, we present an alternate, policy-agnostic approach that automatically enforces API-specific policies. We demonstrate that by associating policy enforcement with the API between the application and database, it is possible to automatically enforce rich and expressive policies across database-backed applications without depending on the application or database language. We present Estrela, a web framework that allows the specification of rich and expressive policies separately from the code and enforces the policies in a highly context-dependent manner. Estrela supports both query-level policies that are applied during data-access, and row-level policies that are more granular, complex and contextual. Estrela works with legacy applications without requiring any modification to the application code or the database for enforcing the policies. We build a prototype of Estrela and a language-agnostic version of Estrela in Python, on top of Django. We evaluate its performance and effectiveness by showing its application to a forum software, a social-networking site, a conference management system, and a company intranet. Estrela adds low overhead to existing applications and supports easy migration of existing applications for policy-compliance.