Blockaid
Blockaid
Modern web applications process large amounts of sensitive user data, access to which is governed by data access policies. Blockaid is a system that enforces these data access policies for web applications via a proxy that intercepts the application’s SQL queries and their results. Blockaid leverages SMT solvers to verify policy compliance and, to achieve adequate performance, generalizes and caches the results of previous compliance decisions. We demonstrate that Blockaid supports web applications written using existing web frameworks while adding only modest overheads.