This research internship is part of the Momentum project “Managing your data without leakage of information” funded by the CNRS and coordinated by Pierre Bourhis. This project aims to strengthen the privacy of users on the Internet by identifying potential leaks of private information and proposing effective countermeasures to better control the nature of personal data that can be accessed by unauthorized third parties. This project therefore addresses a social issue for the entire population.
Social networks, like other web applications, are now massively adopting the REST architectural style as an API design standard that allows them to share information with authorized third parties. While this mediation layer between the third parties and the database plays the role of controlling access to the nature of the data that a third party can retrieve, it can also reveal information about the structure of the database to the database.
This research internship consists in automatically instrumenting mainstream object-relational mapping (ORM) solutions used by major frameworks (e.g., Spring) to observe the ratio of information reified in memory and accessed by the application.