skip to main content
10.1145/1111037.1111045acmconferencesArticle/Chapter ViewAbstractPublication PagespoplConference Proceedingsconference-collections
Article

On flow-sensitive security types

Published:11 January 2006Publication History

ABSTRACT

This article investigates formal properties of a family of semantically sound flow-sensitive type systems for tracking information flow in simple While programs. The family is indexed by the choice of flow lattice.By choosing the flow lattice to be the powerset of program variables, we obtain a system which, in a very strong sense, subsumes all other systems in the family (in particular, for each program, it provides a principal typing from which all others may be inferred). This distinguished system is shown to be equivalent to, though more simply described than, Amtoft and Banerjee's Hoare-style independence logic (SAS'04).In general, some lattices are more expressive than others. Despite this, we show that no type system in the family can give better results for a given choice of lattice than the type system for that lattice itself.Finally, for any program typeable in one of these systems, we show how to construct an equivalent program which is typeable in a simple flow-insensitive system. We argue that this general approach could be useful in a proof-carrying-code setting.

References

  1. Torben Amtoft and Anindya Banerjee. Information flow analysis in logical form. In SAS 2004 (11th Static Analysis Symposium), Verona, Italy, August 2004, volume 3148 of LNCS, pages 100--115. Springer-Verlag, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  2. Wolfram Amme, Niall Dalton, Jeffery von Ronne, and Michael Franz. SafeTSA: A type safe and referentially secure mobile-code representation based on static single assignment form. In SIGPLAN '01 Conference on Programming Language Design and Implementation, pages 137--147, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Andrew W. Appel. Modern Compiler Implementation in Java. Cambridge University Press, Cambridge, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. GR. Andrews and RP. Reitman. An axiomatic approach to information flow in programs. ACM TOPLAS, 2(1):56--75, January 1980. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. J.-P. Banâtre, CBryce, and DLe Métayer. Compile-time detection of information flow in sequential programs. In Proc. European Symp. on Research in Computer Security, volume 875 of LNCS, pages 55--73. Springer-Verlag, 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proc. ACM Symp. on Principles of Programming Languages, pages 238--252, January 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In Conference Record of the Sixth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 269--282, San Antonio, Texas, 1979. ACM Press, New York, NY. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Ron Cytron, Jeanne Ferrante, Barry K. Rosen, Mark K. Wegman, and F. Kenneth Zadeck. An efficient method of computing static single assignment form. In 16th Annual ACM Symposium on Principles of Programming Languages, pages 25--35, 1989. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Paul R. Carini and Michael Hind. Flow-sensitive interprocedural constant propagation. In PLDI '95: Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation, pages 23--31. ACM Press, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. D. Clark, C. Hankin, and S. Hunt. Information flow for Algol-like languages. Journal of Computer Languages, 28(1):3--28, April 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Comm. of the ACM, 20(7):504--513, July 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. B. Davey and H. Priestley. Introduction to Lattices and Order. Cambridge University Press, 1990.Google ScholarGoogle Scholar
  13. Roberto Giacobazzi, Francesco Ranzato, and Francesca Scozzari. Making abstract interpretations complete. J. ACM, 47(2):361--416, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. S. Genaim and F. Spoto. Information Flow Analysis for Java Bytecode. In RCousot, editor, Proc. of the Sixth International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI'05), volume 3385 of Lecture Notes in Computer Science, pages 346--362, Paris, France, January 2005. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. N. Heintze and J. G. Riecke. The SLam calculus: programming with secrecy and integrity. In Proc. ACM Symp. on Principles of Programming Languages, pages 365--377, January 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. S. Hunt and D. Sands. Binding Time Analysis: A New PERspective. In Proceedings of the ACM Symposium on Partial Evaluation and Semantics-Based Program Manipulation (PEPM'91), pages 154--164, September 1991. ACM SIGPLAN Notices 26(9). Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. D. Hedin and D. Sands. Timing aware information flow security for a JavaCard-like bytecode. In First Workshop on Bytecode Semantics, Verification, Analysis and Transformation (BYTECODE '05), 2005. To Appear, ENTCS. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. F. Nielson, H. Riis Nielson, and C. Hankin. Principles of Program Analysis. Springer-Verlag, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. A. Sabelfeld and A.C. Myers. Language-based information-flow security. IEEE J. Selected Areas in Communications, 21(1):5--19, January 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. A. Sabelfeld and D. Sands. A per model of secure information flow in sequential programs. Higher Order and Symbolic Computation, 14(1):59--91, March 2001. Earlier version in ESOP'99. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. J. Computer Security, 4(3):167--187, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. J.B. Wells. The essence of principal typings. In Proc. International Colloquium on Automata, Languages and Programming, volume 2380 of LNCS, pages 913--925. Springer-Verlag, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. On flow-sensitive security types

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!