Disjunctive Policies for Enforcing Security in Database-Backed Programs
This paper introduces a formal model and enforcement mechanism for disjunctive security policies in database-backed programs. It combines insights from database security and information flow research to reason about disjunctive information dependencies and ensure they are bounded by the specified disjunctive policy.