Abstract
In this paper, we develop a novel notion of dependent information flow types. Dependent information flow types fit within the standard framework of dependent type theory, but, unlike usual dependent types, crucially allow the security level of a type, rather than just the structural data type itself, to depend on runtime values.
Our dependent function and dependent sum information flow types provide a direct, natural and elegant way to express and enforce fine grained security policies on programs, including programs that manipulate structured data types in which the security level of a structure field may depend on values dynamically stored in other fields, still considered a challenge to security enforcement in software systems such as data-centric web-based applications.
We base our development on the very general setting of a minimal lambda-calculus with references and collections. We illustrate its expressiveness, showing how secure operations on relevant scenarios can be modelled and analysed using our dependent information flow type system, which is also shown to be amenable to algorithmic type checking. Our main results include type-safety and non-interference theorems ensuring that well-typed programs do not violate prescribed security policies.
Supplemental Material
- M. Abadi, A. Banerjee, N. Heintze, and J. G. Riecke:. A Core Calculus of Dependency. In POPL 1999. Google Scholar
Digital Library
- O. Arden, M. D. George, J. Liu, K. Vikram, A. Askarov, and A. C. Myers. Sharing mobile code securely with information flow control. In IEEE SSP 2012. Google Scholar
Digital Library
- G. M. Bierman, A. D. Gordon, C. Hritcu, and D. E. Langworthy. Semantic Subtyping with an SMT Solver. J. Funct. Program., 2012. Google Scholar
Digital Library
- A. Chlipala. Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications. In USENIX OSDI 2010. Google Scholar
Digital Library
- B. J. Corcoran, N. Swamy, and M. W. Hicks. Cross-tier, Label-based Security Enforcement for Web Applications. In ACM SIGMOD Int. Conf. on Management of Data, 2009. Google Scholar
Digital Library
- B. Davis and H. Chen. DBTaint: Cross-Application Information Flow Tracking via Databases. In USENIX WebApps 2010. Google Scholar
Digital Library
- L. M. de Moura and N. Bjørner. Z3: An efficient smt solver. In TACAS 2008. Google Scholar
Digital Library
- D. E. Denning and P. J. Denning. Certification of Programs for Secure Information Flow. Comm. of the ACM, 1977. Google Scholar
Digital Library
- W. Enck, P. Gilbert, B. Chun, L. P. Cox, J. Jung, P. M., and A. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In USENIX OSDI 2010. Google Scholar
Digital Library
- J. A. Goguen and J. Meseguer. Security Policies and Security Models. In IEEE SSP 1982.Google Scholar
- D. Hedin and A. Sabelfeld. Information-Flow Security for a Core of JavaScript. In IEEE CSF 2012. Google Scholar
Digital Library
- N. Heintze and J. G. Riecke. The SLam Calculus: Programming with Secrecy and Integrity. In POPL 1998. Google Scholar
Digital Library
- K. Honda, V. T. Vasconcelos, and N. Yoshida. Secure information flow as typed process behaviour. In ESOP 2000, LNCS. Google Scholar
Digital Library
- C. Hritcu, M. Greenberg, B. Karel, B. C. Pierce, and G. Morrisett. All your ifcexception are belong to us. In IEEE SSP 2013. Google Scholar
Digital Library
- P. Li and S. Zdancewic. Practical information-flow control in web-based information systems. In IEEE CSFW 2005. Google Scholar
Digital Library
- J. Liu, M. D. George, K. Vikram, X. Qi, L. Waye, and A. C. Myers. Fabric: a platform for secure distributed computation and storage. In ACM SOSP 2009. Google Scholar
Digital Library
- L. Lourenço and L. Caires. Information Flow Analysis for Valued-Indexed Data Security Compartments. In TGC 2013.Google Scholar
- A. C. Myers. JFlow: Practical Mostly-Static Information Flow Control. In POPL 1999. Google Scholar
Digital Library
- A. C. Myers and B. Liskov. A Decentralized Model for Information Flow Control. In ACM SOSP 1997. Google Scholar
Digital Library
- A. Nanevski, A. Banerjee, and D. Garg. Verification of Information Flow and Access Control Policies with Dependent Types. In IEEE SSP 2011. Google Scholar
Digital Library
- F. Pottier and V. Simonet. Information flow inference for ML. In POPL 2002. Google Scholar
Digital Library
- A. Sabelfeld and A. C. Myers. Language-Based Information-Flow Security. IEEE JSAC, 21(1):5--19, Jan. 2003. Google Scholar
Digital Library
- A. Sabelfeld and D. Sands. A Per Model of Secure Information Flow in Sequential Programs. Higher-Order and Symbolic Computation, 2001. Google Scholar
Digital Library
- N. Swamy, B. J. Corcoran, and M. Hicks. Fable: A language for enforcing user-defined security policies. In IEEE SSP 2008. Google Scholar
Digital Library
- N. Swamy, J. Chen, and R. Chugh. Enforcing Stateful Authorization and Information Flow Policies in Fine. In ESOP 2010. Google Scholar
Digital Library
- N. Swamy, J. Chen, C. Fournet, P. Strub, K. Bhargavan, and J. Yang. Secure Distributed Programming with Value-dependent Types. In ICFP 2011. Google Scholar
Digital Library
- S. Tse and S. Zdancewic. Run-time Principals in Information-flow Type Systems. ACM Trans. Program. Lang. Syst., 2007. Google Scholar
Digital Library
- D. M. Volpano, C. E. Irvine, and G. Smith. A Sound Type System for Secure Flow Analysis. Journal of Computer Security, 1996. Google Scholar
Digital Library
- H. Xi and F. Pfenning. Dependent Types in Practical Programming. In POPL 1999. Google Scholar
Digital Library
- S. Zdancewic and A. C. Myers. Observational determinism for concurrent program security. In IEEE CSFW 2003.Google Scholar
Cross Ref
- N. Zeldovich, S. Boyd-Wickizer, and D. Mazières. Securing Distributed Systems with Information Flow Control. In USENIX NSDI 2008. Google Scholar
Digital Library
- L. Zheng and A. C. Myers. Dynamic Security Labels and Static Information Flow Control. Int. J. Inf. Sec., 2007. Google Scholar
Digital Library
- G. Barthe, C. Fournet, B. Grégoire, P. Strub, N. Swamy and S. Z. Béguelin. Probabilistic relational verification for cryptographic implementations. In POPL 2014. Google Scholar
Digital Library
- L. Lourenço and L. Caires. Dependent Information Flow Types. Technical report, UNL, 2014.Google Scholar
- DIFT Prototype. http://ctp.di.fct.unl.pt/DIFTprototype.Google Scholar
Index Terms
Dependent Information Flow Types
Recommendations
Dependent Information Flow Types
POPL '15: Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming LanguagesIn this paper, we develop a novel notion of dependent information flow types. Dependent information flow types fit within the standard framework of dependent type theory, but, unlike usual dependent types, crucially allow the security level of a type, ...
A core calculus of dependency
POPL '99: Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languagesNotions of program dependency arise in many settings: security, partial evaluation, program slicing, and call-tracking. We argue that there is a central notion of dependency common to these settings that can be captured within a single calculus, the ...
A Perspective on the Dependency Core Calculus
PLAS '18: Proceedings of the 13th Workshop on Programming Languages and Analysis for SecurityThis paper presents a simple but equally expressive vari- ant on the terminating fragment of the Dependency Core Calculus (DCC) of Abadi et al. [2]. DCC is a concise and elegant calculus for tracking dependency. The calculus has applications in, among ...







Comments