Meet Scooter

Scooter is a language for defining defining database schemas, security policies, and migrations over both. Together with the Sidecar verifier, it statically prevents common errors such as incorrect policy refactoring, and leakage due to schema migrations.

Step 1: Define a policy

Scooter uses a strongly-typed expression language to define who can read or write to each field.
These policies are compiled to your target application for automatic enforcement.

Step 2: Write a migration

Scooter uses migrations to update both schemas and policies.
All new fields and models must have a policy.

Step 3: Verify with Sidecar

Sidecar checks if the combination of schema and policy changes in your migrations could cause data leakage.
If it finds a leak, Sidecar will give you an example.

Migration unsafe!

COUNTEREXAMPLE:

Principal: User(1)

CAN NOW ACCESS:

...

About the Project

Scooter is a research project developed by John Renner, Alex Sanchez-Stern, Fraser Brown, Sorin Lerner, and Deian Stefan

Scooter was published in PLDI'21 as Scooter & Sidecar: A domain-specific approach to secure database migrations