skip to main content
article
Free Access

A uniform type structure for secure information flow

Published:01 October 2007Publication History
Skip Abstract Section

Abstract

The π-calculus, a calculus of mobile processes, can compositionally represent dynamics of major programming constructs by decomposing them into name passing. The present work reports our experience in using a linear/affine typed π-calculus for the analysis and development of type-based analyses for programming languages, focussing on secure information flow analysis. After presenting a basic typed calculus for secrecy, we demonstrate its usage by a sound embedding of the dependency core calculus (DCC) and the development of the call-by-value version of DCC. The secrecy analysis is then extended to stateful computation, for which we develop a novel type discipline for imperative programming language that extends a secure multi-threaded imperative language by Smith and Volpano with general references and higher-order procedures. In each analysis, the embedding gives a simple proof of noninterference.

References

  1. Abadi, M. 1999. Secrecy in programming-language semantics. Electr. Notes Theor. Comput. Sci. 20, 1 (Jan.), 1--15.Google ScholarGoogle ScholarCross RefCross Ref
  2. Abadi, M., Banerjee, A., Heintze, N., and Riecke, J. G. 1999. A core calculus of dependency. In Proceedings of the 26th Annual Symposium on Principles of Programming Languages. ACM, New York, 147--160. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Abramsky, S., Honda, K., and McCusker, G. 1998. Fully abstract game semantics for general references. In Proceedings of the Conference on Logic in Computer Science. IEEE Computer Society Press, Los Alamitos, CA, 334--344. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Abramsky, S., Jagadeesan, R., and Malacaria, P. 2000. Full abstraction for PCF. Inf. Comput. 163, 409--470. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Amtoft, T., Nielson, F., and Nielson, H. R. 1999. Type and Effect Systems: Behaviours for Concurrency. Imperial College Press.Google ScholarGoogle Scholar
  6. Bell, D. E. and La Padula, L. 1973. Secure computer systems: Mathematical foundations. Tech. Rep. MTR-2547, Computer Laboratory, University of Cambridge, Cambridge, MA, March.Google ScholarGoogle Scholar
  7. Berger, M., Honda, K., and Yoshida, N. 2000. Sequentiality and the π-calculus. Full version of {Berger et al. 2001}.Google ScholarGoogle Scholar
  8. Berger, M., Honda, K., and Yoshida, N. 2001. Sequentiality and the π-calculus. In Proceedings of TLCA'01. Lecture Notes in Computer Science, vol. 2044. Springer-Verlag, New York, 29--45. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Berger, M., Honda, K., and Yoshida, N. 2005. Genericity and the π-calculus. Acta Inf. 42, 2-3, 83--141. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Bodei, C., Degano, P., Nielson, F., and Nielson, H. R. 1998. Control flow analysis for the pi-calculus. In CONCUR. Lecture Notes in Computer Science, vol. 1466. Springer-Verlag, New York, 84--98. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Bodei, C., Degano, P., Nielson, F., and Nielson, H. R. 1999. Static analysis of processes for no read-up and no write-down. In FoSSaCS. Lecture Notes in Computer Science, vol. 1578. Springer-Verlag, New York, 120--134. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Boudol, G. 1992. Asynchrony and the pi-calculus. Tech. Rep. 1702, INRIA.Google ScholarGoogle Scholar
  13. Boudol, G. and Castellani, I. 2002. Noninterference for concurrent programs and thread systems. Theoret. Comput. Sci. 281, 1-2, 109--130.Google ScholarGoogle ScholarCross RefCross Ref
  14. Damas, L. 1985. Type assignment in programming languages. Ph.D. dissertation, University of Edinburgh, Edinburgh, Scotland.Google ScholarGoogle Scholar
  15. Denning, D. E. and Denning, P. J. 1977. Certification of programs for secure information flow. Commun. ACM 20, 7, 504--513. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Fiore, M. 1994. Axiomatic domain theory in cagtegory of partial maps. Ph.D. dissertation, University of Edinburgh, Edinburgh, Scotland.Google ScholarGoogle Scholar
  17. Fiore, M. P. and Honda, K. 1998. Recursive types in games: Axiomatics and process representation. In Proceedings of the Conference on Logic in Computer Science. IEEE Computer Society Press, Los Alamitos, CA, 345--356. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Focardi, R., Gorrieri, R., and Martinelli, F. 2000. Non interference for the analysis of cryptographic protocols. In Proceedings of the International Colloquium on Antomata, Languages and Programming. Lecture Notes in Computer Science, vol. 1853. Springer-Verlag, New York, 354--372. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Girard, J.-Y. 1987. Linear logic. Theoret. Comput. Sci. 50, 1--102. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Heintze, N. and Riecke, J. G. 1998. The slam calculus: Programming with secrecy and integrity. In Proceedings of the 25th Annual Symposium on Principles of Programming Languages. ACM, New York, 365--377. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Hennessy, M. and Riely, J. 2000. Information flow vs. resource access in the asynchronous pi-calculus. In Proceedings of the International Colloquium on Antomata, Languages and Programming. Lecture Notes in Computer Science, vol. 1853. Springer-Verlag, New York, 415--427. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Honda, K. 1993. Types for Dyadic Interaction. In CONCUR'93. Lecture Notes in Computer Science, vol. 715. Springer-Verlag, New York, 509--523. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Honda, K. 1996. Composing Processes. In Proceedings of the Symposium on Principles of Programming Languages. ACM, New York, 344--357. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Honda, K. and Tokoro, M. 1991. An object calculus for asynchronous communication. In Proceedings of European Conference on Object-Oriented Programming. Lecture Notes in Computer Science, vol. 512. Springer-Verlag, New York, 133--147. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Honda, K., Vasconcelos, V. T., and Kubo, M. 1998. Language primitives and type disciplines for structured communication-based programming. In Proceedings of the European Symposium on Programming. Lecture Notes in Computer Science, vol. 1381. Springer-Verlag, New York, 22--138. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Honda, K., Vasconcelos, V. T., and Yoshida, N. 2000. Secure information flow as typed process behavior. In Proceedings of the European Symposium on Programming. Lecture Notes in Computer Science, vol. 1782. Springer-Verlag, New York, 180--199. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Honda, K. and Yoshida, N. 1995. On reduction-based process semantics. Theoret. Comput. Sci. 151, 437--486. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Honda, K. and Yoshida, N. 1999. Game-theoretic analysis of call-by-value computation. Theoret. Comput. Sci. 221, 393--456. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Honda, K. and Yoshida, N. 2002. A uniform type structure for secure information flow. In Proceedings of the Symposium on Principles of Programming Languages. ACM, New York, 81--92. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Honda, K. and Yoshida, N. 2003. Addendum to “Uniform type structure for secure information flow”: Subject reduction with inflation. Available at http://www.doc.ic.ac.uk/~yoshida.Google ScholarGoogle Scholar
  31. Honda, K. and Yoshida, N. 2005. Noninterference through flow analysis. J. Funct. Program. 15, 2 (Mar.), 293--349. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Honda, K., Yoshida, N., and Berger, M. 2004. Control in the π-calculus. In Proceedings of CW'04. ACM, New York.Google ScholarGoogle Scholar
  33. Howard, B. T. 1996. Inductive, coinductive, and pointed types. In Proceedings of ICFP'96. ACM, New York, 102--109. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Hudak, P., Jones, S., and Wadler, P. 1992. The Haskell home page. http://haskell.org.Google ScholarGoogle Scholar
  35. Hyland, J. M. E. and Ong, C.-H. L. 1995. Pi-calculus, dialogue games and PCF. In Proceedings of FPCA. ACM Press, 96--107. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Hyland, J. M. E. and Ong, C. H. L. 2000. On full abstraction for PCF. Inf. Comput. 163, 285--408. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Jones, C. B. 1983a. Specification and design of (parallel) programs. In IFIP Congress. North-Holland, Amsterdam, The Netherlands. 321--332.Google ScholarGoogle Scholar
  38. Jones, C. B. 1983b. Tentative steps toward a development method for interfering programs. ACM Trans. Program. Lang. Syst. 5, 4, 596--619. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Kobayashi, N., Pierce, B. C., and Turner, D. N. 1999. Linearity and the Pi-calculus. ACM Trans. Program. Lang. Syst. 21, 5 (Sept.), 914--947. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Lampson, B. W. 1973. A note on the confinement problem. Commun. ACM 16, 10, 613--615. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Leroy, X. and Weis, P. 1991. Polymorphic type inference and assignment. In POPL '91: Proceedings of the 18th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, New York, 291--302. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Milner, R. 1980. A Calculus of Communicating Systems. Lecture Notes in Computer Science, vol. 92. Springer, Berlin, Germany. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Milner, R. 1989. Communication and Concurrency. Prentice-Hall, Englewood Cliffs, NJ. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Milner, R. 1992a. Functions as processes. Math. Struct. Comput. Sci. 2, 2, 119--141.Google ScholarGoogle ScholarCross RefCross Ref
  45. Milner, R. 1992b. The polyadic π-calculus: A tutorial. In Proceedings of the International Summer School on Logic Algebra of Specification. Marktoberdorf.Google ScholarGoogle Scholar
  46. Milner, R., Parrow, J., and Walker, D. 1992. A calculus of mobile processes, Parts I and II. Inf. Comput. 100, 1, 1--77. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Milner, R., Tofte, M., and Harper, R. W. 1990. The Definition of Standard ML. MIT Press, Cambridge, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Mitchell, J. C. 1996. Foundations for Programming Languages. MIT Press, Cambridge, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Moggi, E. 1991. Notions of computation and monads. Inf. Comput. 93, 1, 55--92. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Myers, A. C. 1999. Jflow: Practical mostly-static information flow control. In Proceedings of 26th Symposium on Principles of Programming Languages. ACM, New York, 228--241. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Nielson, F., Nielson, H. R., and Hankin, C. 1999. Proceedings of the Symposium on Principles of Program Analysis. Springer-Verlag, New York.Google ScholarGoogle Scholar
  52. Ørbæk, P. and Palsberg, J. 1997. Trust in the lambda-calculus. J. Funct. Program. 7, 6, 557--591. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Palsberg, J. 2001. Type-based analysis and applications. In Proceedings of the Workshop on Progeam Analysis for Software Tools and Engineering. ACM, New York, 20--27. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Pierce, B. and Sangiorgi, D. 1996. Typing and subtyping for mobile processes. Math. Struct. Comput. Sci. 6, 5, 409--454.Google ScholarGoogle ScholarCross RefCross Ref
  55. Pierce, B. C. 2002. Types and Programming Languages. MIT Press, Cambridge, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. Pottier, F. 2002. A simple view of type-secure information flow in the π-calculus. In Proceedings of CSFW. IEEE Computer Society Press, Los Alamitos, CA, 320--330. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. Pottier, F. and Conchon, S. 2000. Information flow inference for free. In Proceedings of ICFP'00. (Montral, Canada). ACM, New York, 46--57. Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. Pottier, F. and Simonet, V. 2003. Information flow inference for ML. ACM Trans. Program. Lang. Syst. 25, 1 (Jan.), 117--158. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Ryan, P. Y. A. and Schneider, S. A. 1999. Process algebra and non-interference. In Proceedings of CSFW. IEEE Computer Society Press, Los Alamitos, CA, 214--227. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. Sabelfeld, A. and Sand, D. 1999. A per model of secure information flow in sequential programs. In Proceedings of the European Symposium on Programming. Number 1576 in Lecture Notes in Computer Science, vol. 1576. Springer-Verlag, New York, 40--58. Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. Smith, G. 2001. A new type system for secure information flow. In Proceedings of CSFW. IEEE, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  62. Smith, G. and Volpano, D. 1998. Secure information flow in a multi-threaded imperative language. In POPL '98: Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, New York, 355--364. Google ScholarGoogle ScholarDigital LibraryDigital Library
  63. Talpin, J.-P. and Jouvelot, P. 1992. The type and effect discipline. In Proceedings of the Conference on Logic in Computer Science. IEEE Computer Society Press, Los Alamitos, CA, 162--173.Google ScholarGoogle Scholar
  64. Tofte, M. 1990. Type inference for polymorphic references. Inf. Comput. 89, 1--34. Google ScholarGoogle ScholarDigital LibraryDigital Library
  65. Tse, S. and Zdancewic, S. 2004. Translating dependency into parametricity. In Proceedings of ICFP'04. ACM, New York, 115--125. Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. Volpano, D., Irvine, C., and Smith, G. 1996. A sound type system for secure flow analysis. J. Comput. Secur. 4, 2,3, 167--187. Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. Wright, A. 1994. Typing references by effect inference. In Proceedings of the European Symposium on Programming. Lecture Notes in Computer Science, vol. 582. Springer-Verlag, New York, 473--491. Google ScholarGoogle ScholarDigital LibraryDigital Library
  68. Yoshida, N. 1996. Graph types for monadic mobile processes. In Proc. FSTTCS'96. Lecture Notes in Computer Science, vol. 1180. Springer-Verlag, New York, 371--386. (The full version as LFCS Technical Report, University of Edinburgh, ECS-LFCS-96-350, 1996). Google ScholarGoogle ScholarDigital LibraryDigital Library
  69. Yoshida, N. 2002. Type-based liveness guarantee in the presence of nontermination and nondeterminism. In PPL '03, Proc. of JSST Workshop Programming and Program Language. JSST, 32--46. MCS Technical Report, 2002-20, University of Leicester. Available at www.doc.ic.ac.uk/~yoshida.Google ScholarGoogle Scholar
  70. Yoshida, N., Berger, M., and Honda, K. 2004. Strong Normalization in the π-Calculus. Inf. Comput. 191, 145--202. Google ScholarGoogle ScholarDigital LibraryDigital Library
  71. Yoshida, N., Honda, K., and Berger, M. 2002. Linearity and bisimulation. In Proceedings of FoSSaCs02. Lecture Notes in Computer Science, vol. 2303. Springer-Verlag, New York, 417--433. (A full version in Journal of Logic and Algebraic Programming.) Google ScholarGoogle ScholarDigital LibraryDigital Library
  72. Zdancewic, S. and Myers, A. C. 2001. Secure information flow and CPS. In Proceedings of the European Symposium on Programming. Lecture Notes in Computer Science, vol. 2028. Springer-Verlag, New York, 46--62. Google ScholarGoogle ScholarDigital LibraryDigital Library
  73. Zdancewic, S. and Myers, A. C. 2003. Observational determinism for concurrent program security. In Proceedings of CSFW. IEEE Computer Society Press, Los Alamitos, CA, 29--45.Google ScholarGoogle Scholar

Index Terms

  1. A uniform type structure for secure information flow

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!