Abstract
Type systems designed for information-flow control commonly use a program-counter label to track the sensitivity of the context and rule out data leakage arising from effectful computation in a sensitive context. Currently, type-system designers reason about this label informally except in security proofs, where they use ad-hoc techniques. We develop a framework based on monadic semantics for effects to give semantics to program-counter labels. This framework leads to three results about program-counter labels. First, we develop a new proof technique for noninterference, the core security theorem for information-flow control in effectful languages. Second, we unify notions of security for different types of effects, including state, exceptions, and nontermination. Finally, we formalize the folklore that program-counter labels are a lower bound on effects. We show that, while not universally true, this folklore has a good semantic foundation.
- Martín Abadi, Anindya Banerjee, Nevin Heintze, and Jon Riecke. 1999. A Core Calculus of Dependency. In Principles of Programming Languages (POPL). https://doi.org/10.1145/292540.292555 Google Scholar
Digital Library
- Maximilian Algehed and Jean-Philippe Bernardy. 2019. Simple Noninterference from Parametricity. In International Conference on Functional Programming (ICFP). https://doi.org/10.1145/3341693 Google Scholar
Digital Library
- Maximilian Algehed and Alejandro Russo. 2017. Encoding DCC in Haskell. In Programming Languages and Analysis for Security (PLAS). https://doi.org/10.1145/3139337.3139338 Google Scholar
Digital Library
- Owen Arden. 2017. Flow-Limited Authorization. Ph.D. Dissertation. Cornell University. https://doi.org/10.7298/X4HX19P9 Google Scholar
Cross Ref
- Aslan Askarov, Sebastian Hunt, Andrei Sabelfeld, and David Sands. 2008. Termination-Insensitive Noninterference Leaks More Than Just a Bit. In European Symposium on Research in Computer Security (ESORICS). Springer, 333-348. https: //doi.org/10.1007/978-3-540-88313-5_22 Google Scholar
Digital Library
- Andrej Bauer and Matija Pretnar. 2015. Programming with Algebraic Efects and Handlers. Journal of Logical and Algebraic Methods in Programming (JLAMP) 84, 1 ( 2015 ). https://doi.org/10.1016/j.jlamp. 2014. 02.001 Google Scholar
Cross Ref
- Johan Bay and Aslan Askarov. 2020. Reconciling Progress-Insensitive Noninterference and Declassification. In Computer Security Foundations (CSF). 95-106. https://doi.org/10.1109/CSF49147. 2020.00015 Google Scholar
Cross Ref
- William J. Bowman and Amal Ahmed. 2015. Noninterference for Free. In International Conference on Functional Programming (ICFP). https://doi.org/10.1145/2784731.2784733 Google Scholar
Digital Library
- Michael Clarkson and Fred Schneider. 2010. Hyperproperties. Journal of Computer Security (JCS) 18, 6 ( 2010 ). https: //doi.org/10.3233/JCS-2009-0393 Google Scholar
Cross Ref
- Patrick Cousot and Radhia Cousot. 1977. Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. https://doi.org/10.1145/512950.512973 Google Scholar
Digital Library
- Matthias Felleisen. 1990. On the expressive power of programming languages. In European Symposium on Programming (ESOP). https://doi.org/10.1007/3-540-52592-0_60 Google Scholar
Cross Ref
- Soichiro Fujii, Shin-ya Katsumata, and Paul-André Mellisès. 2016. Towards a Formal Theory of Graded Monads. In Foundations of Software Science and Computational Structures (FOSSACS). https://doi.org/10.1007/978-3-662-49630-5_30 Google Scholar
Cross Ref
- Nikolaos Galatos. 2007. Residuated Lattices: An Algebraic Glimpse at Substructural Logics. Elsevier Sience.Google Scholar
Digital Library
- Joseph A. Goguen and Jose Meseguer. 1982. Security Policies and Security Models. In Symposium on Security and Privacy (SSP) (Oakland). https://doi.org/10.1109/SP. 1982.10014 Google Scholar
Cross Ref
- Nevin Heintze and John G. Riecke. 1998. The SLam Calculus: Programming with Secrecy and Integrity. In Principles of Programming Languages (POPL). https://doi.org/10.1145/268946.268976 Google Scholar
Digital Library
- Andrew K. Hirsch and Ethan Cecchetti. 2020. Giving Semantics to Program-Counter Labels via Secure Efects. Technical Report. Max Planck Institute for Software Systems. https://arxiv.org/abs/ 2010.13191Google Scholar
- Alan Jefrey. 1997. Premonoidal Categoies and a Graphical View of Programs. http://fpl.cs.depaul.edu/ajefrey/premon/ paper.htmlGoogle Scholar
- Shin-ya Katsumata. 2014. Parametric Efect Monads and Semantics of Efect Systems. In Principles of Programming Languages (POPL). https://doi.org/10.1145/2535838.2535846 Google Scholar
Digital Library
- G. A. Kavvos. 2019. Modalities, Cohesion, and Information Flow. In Principles of Programming Languages (POPL). https: //doi.org/10.1145/3290333 Google Scholar
Digital Library
- Paul C Kocher. 1996. Timing attacks on implementations of Difie-Hellman, RSA, DSS, and other systems. In International Cryptology Conference (CRYPTO). Springer, 104-113.Google Scholar
- Daan Leijen. 2016. Type Directed Compilation of Row-Typed Algebraic Efects. Technical Report. Microsoft. https://www. microsoft.com/en-us/research/wp-content/uploads/2016/08/algef-tr-2016-1.pdfGoogle Scholar
- Jed Liu, Owen Arden, Michael D. George, and Andrew C. Myers. 2017. Fabric: Building Open Distributed Systems Securely by Construction. Journal of Computer Security (JCS) 25 ( 2017 ). https://doi.org/10.323/JCS-15805 Google Scholar
Cross Ref
- J. M. Lucassen and D. K. Giford. 1988. Polymorphic Efect Systems. In Principles of Programming Languages (POPL). https://doi.org/10.1145/73560.73564 Google Scholar
Digital Library
- Tom Magrino, Jed Liu, Owen Arden, Chinawat Isradisaikul, and Andrew C. Myers. 2016. Jif 3.5: Java Information Flow. ( June 2016 ). https://www.cs.cornell.edu/jif Software release.Google Scholar
- Daniel Marino and Todd Milstein. 2009. A Generic Type-and-Efect System. In Types in Language Design and Implementation (TLDI). https://doi.org/10.1145/1481861.1481868 Google Scholar
Digital Library
- Matthew P. Milano and Andrew C. Myers. 2018. MixT: A Language for Mixing Consistency in Geodistributed Transactions. In Programming Languages Design and Implementation (PLDI). https://doi.org/10.1145/3192366.3192375 Google Scholar
Digital Library
- Eugenio Moggi. 1989. Computational Lambda-Calculus and Monads. In Logic in Computer Science (LICS). https://doi.org/10. 1109/LICS. 1989.39155 Google Scholar
Cross Ref
- Eugenio Moggi. 1991. Notions of Computation and Monads. Information and Computation 93, 1 ( 1991 ). https://doi.org/10. 1016/ 0890-5401 ( 91 ) 90052-4 Google Scholar
Digital Library
- Scott Moore, Aslan Askarov, and Stephen Chong. 2012. Precise Enforcement of Progress-Sensitive Security. In Computer Security Foundations (CSF). 881-893. https://doi.org/10.1145/2382196.2382289 Google Scholar
Digital Library
- Andrew C. Myers. 1999. JFlow: Practical mostly-static information flow control. In Principles of Programming Languages (POPL). 228-241.Google Scholar
- Flemming Nielson. 1996. Annotated Type and Efect Systems. ACM Computing Surveys (CSUR) 28, 2 ( 1996 ). https: //doi.org/10.1145/234528.234745 Google Scholar
Digital Library
- Flemming Nielson and Hanne Riis Nielson. 1999. Type and Efect Systems. In Correct System Design, Recent Insight and Advances, (to Hans Langmaack on the occasion of his retirement from his professorship at the University of Kiel). Springer. https://doi.org/10.1007/3-540-48092-7_6 Google Scholar
Cross Ref
- Dominic Orchard, Tomas Petricek, and Alan Mycroft. 2014. The Semantic Marriage of Efects and Monads. ( 2014 ). https: //arxiv.org/abs/1401.5391Google Scholar
- Benjamin C Pierce. 2002. Types and Programming Languages. MIT press.Google Scholar
Digital Library
- Gordon Plotkin and John Power. 2003. Algebraic Operations and Generic Efects. Applied Categorical Structures 11, 1 ( 2003 ). https://doi.org/10.1023/A:1023064908962 Google Scholar
Cross Ref
- Gordon Plotkin and Matija Pretnar. 2009. Handlers of Algebraic Efects. In European Symposium on Programming (ESOP). https://doi.org/10.1007/978-3-642-00590-9_7 Google Scholar
Digital Library
- Fran¸ois Pottier and Vincent Simonet. 2002. Information Flow Inference for ML. In Principles of Programming Languages (POPL). https://doi.org/10.1145/503272.503302 Google Scholar
Digital Library
- Matija Pretnar. 2010. The Logic and Handling of Algebraic Efects. Ph.D. Dissertation. School of Informatics, The University of Edinburgh. http://hdl.handle.net/ 1842 /4611Google Scholar
- Willard Rafnsson and Andrei Sabelfeld. 2014. Compositional Information-Flow Security for Interactive Systems. In Computer Security Foundations (CSF). https://doi.org/10.1109/CSF. 2013.8 Google Scholar
Digital Library
- Vineet Rajani and Deepak Garg. 2018. Types for Information Flow Control: Labeling Granularity and Semantic Models. In Computer Security Foundations (CSF). https://doi.org/10.1109/CSF. 2018.00024 Google Scholar
Cross Ref
- Alejandro Russo, Koen Claessen, and John Hughes. 2008. A Library for Light-Weight Information-Flow Security in Haskell. In Haskell Symposium (HASKELL). https://doi.org/10.1145/1411286.1411289 Google Scholar
Digital Library
- Andrei Sabelfeld and Andrew C. Myers. 2003. Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications (JSAC) 21, 1 ( 2003 ). https://doi.org/10.1109/JSAC. 2002.806121 Google Scholar
Digital Library
- Andrei Sabelfeld and David Sands. 2001. A PER Model of Secure Information Flow in Sequential Programs. Higher-Order and Symbolic Computation 14, 1 ( 2001 ). https://doi.org/10.1023/A:1011553200337 Google Scholar
Digital Library
- Naokata Shikuma and Atsushi Igarashi. 2008. Proving Noninterference by a Fully Complete Translation to the Simply Typed-calculus. Logical Methods in Computer Science (LMCS) 4, 3 ( September 2008 ). https://doi.org/10.2168/LMCS-4( 3 :10) 2008 Google Scholar
Cross Ref
- Deian Stefan, Alejandro Russo, John C. Mitchell, and David Mazières. 2011. Flexible Dynamic Information Flow Control in Haskell. In Haskell Symposium (HASKELL). https://doi.org/10.1145/2034675.2034688 Google Scholar
Digital Library
- Ross Tate. 2013. The Sequential Semantics of Producer Efect Systems. In Principles of Programming Languages (POPL). https://doi.org/10.1145/2429069.2429074 Google Scholar
Digital Library
- Tsa-ching Tsai, Alejandro Russo, and John Hughes. 2007. A Library for Secure Multi-Threaded Information Flow in Haskell. In Computer Security Foundations (CSF). https://doi.org/10.1109/CSF. 2007.6 Google Scholar
Digital Library
- Stephen Tse and Steve Zdancewic. 2004. Translating Dependency into Parametricity. In International Conference on Functional Programming (ICFP). https://doi.org/10.1145/1016850.1016868 Google Scholar
Digital Library
- Marco Vassena, Alejandro Russo, Pablo Buiras, and Lucas Waye. 2018. MAC: A Verified Static Information-Flow Control Library. Journal of Logical and Algebraic Methods in Programming (JLAMP) 95 ( 2018 ). https://doi.org/10.1016/j.jlamp. 2017. 12.003 Google Scholar
Cross Ref
- Dennis Volpano and Geofrey Smith. 1997. Eliminating covert flows with minimum typings. In Computer Security Foundations Workshop (CSFW). IEEE.Google Scholar
Cross Ref
- Dennis Volpano, Geofrey Smith, and Cynthia Irvine. 1996. A Sound Type System for Secure Flow Analysis. Journal of Computer Security (JCS) 4, 3 ( 1996 ). https://doi.org/10.3233/JCS-1996-42-304 Google Scholar
Cross Ref
- Philip Wadler and Peter Thiemann. 1998. The Marriage of Efects and Monads. In International Conference on Functional Programming (ICFP). https://doi.org/10.1145/289423.289429 Google Scholar
Digital Library
- Lucas Waye, Pablo Buiras, Dan King, Stephen Chong, and Alejandro Russo. 2015. It's My Privilege: Controlling Downgrading in DC-Labels. In Security and Trust Management (STM). https://doi.org/10.1007/978-3-319-24858-5_13 Google Scholar
Digital Library
- Steve Zdancewic and Andrew C Myers. 2002. Secure information flow via linear continuations. Higher-Order and Symbolic Computation 15, 2-3 ( 2002 ).Google Scholar
Digital Library
Index Terms
Giving semantics to program-counter labels via secure effects
Recommendations
Mechanized logical relations for termination-insensitive noninterference
We present an expressive information-flow control type system with recursive types, existential types, label polymorphism, and impredicative type polymorphism for a higher-order programming language with higher-order state. We give a novel semantic ...
Type-Driven Gradual Security with References
In security-typed programming languages, types statically enforce noninterference between potentially conspiring values, such as the arguments and results of functions. But to adopt static security types, like other advanced type disciplines, ...
Trusted declassification:: high-level policy for a security-typed language
PLAS '06: Proceedings of the 2006 workshop on Programming languages and analysis for securitySecurity-typed languages promise to be a powerful tool with which provably secure software applications may be developed. Programs written in these languages enforce a strong, global policy of noninterferencewhich ensures that high-security data will ...






Comments