Section: New Software and Platforms
Cryptographic Composition for Query Language
C2QL is a compositional language of security techniques for information privacy in the cloud. A cloud service can use security techniques to ensure information privacy. These techniques protect privacy by converting the client’s personal data into unintelligible text. But they also cause the loss of some functionalities of the service. As a solution, CSQL permits to compose security techniques to ensure information privacy without the loss of functionalities. But, the composition makes the writing of programs more intricate. To help the programmer, C2QL defines a query language for the definition of cloud services that enforces information privacy with the composition of security techniques. This language comes with a set of algebraic laws to, systematically, transform a local service without protection into its cloud equivalent that is protected by composition.
C2QL is implemented in Idris, a functional language of the Haskell family. The implementation harnesses the Idris dependant type system to ensure the correct composition of security mechanisms and provides a transformation of the implementation into a -calculus. This transformation serves two purposes. First, it makes the distribution explicit, showing how a computation is distributed over SaaS, PaaS and client applications. Then, it helps defining an encoding into ProVerif to check that the service preserves the privacy of its clients.