skip to main content
research-article
Open Access

Giving semantics to program-counter labels via secure effects

Published:04 January 2021Publication History
Skip Abstract Section

Abstract

Type systems designed for information-flow control commonly use a program-counter label to track the sensitivity of the context and rule out data leakage arising from effectful computation in a sensitive context. Currently, type-system designers reason about this label informally except in security proofs, where they use ad-hoc techniques. We develop a framework based on monadic semantics for effects to give semantics to program-counter labels. This framework leads to three results about program-counter labels. First, we develop a new proof technique for noninterference, the core security theorem for information-flow control in effectful languages. Second, we unify notions of security for different types of effects, including state, exceptions, and nontermination. Finally, we formalize the folklore that program-counter labels are a lower bound on effects. We show that, while not universally true, this folklore has a good semantic foundation.

References

  1. Martín Abadi, Anindya Banerjee, Nevin Heintze, and Jon Riecke. 1999. A Core Calculus of Dependency. In Principles of Programming Languages (POPL). https://doi.org/10.1145/292540.292555 Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Maximilian Algehed and Jean-Philippe Bernardy. 2019. Simple Noninterference from Parametricity. In International Conference on Functional Programming (ICFP). https://doi.org/10.1145/3341693 Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Maximilian Algehed and Alejandro Russo. 2017. Encoding DCC in Haskell. In Programming Languages and Analysis for Security (PLAS). https://doi.org/10.1145/3139337.3139338 Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Owen Arden. 2017. Flow-Limited Authorization. Ph.D. Dissertation. Cornell University. https://doi.org/10.7298/X4HX19P9 Google ScholarGoogle ScholarCross RefCross Ref
  5. Aslan Askarov, Sebastian Hunt, Andrei Sabelfeld, and David Sands. 2008. Termination-Insensitive Noninterference Leaks More Than Just a Bit. In European Symposium on Research in Computer Security (ESORICS). Springer, 333-348. https: //doi.org/10.1007/978-3-540-88313-5_22 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Andrej Bauer and Matija Pretnar. 2015. Programming with Algebraic Efects and Handlers. Journal of Logical and Algebraic Methods in Programming (JLAMP) 84, 1 ( 2015 ). https://doi.org/10.1016/j.jlamp. 2014. 02.001 Google ScholarGoogle ScholarCross RefCross Ref
  7. Johan Bay and Aslan Askarov. 2020. Reconciling Progress-Insensitive Noninterference and Declassification. In Computer Security Foundations (CSF). 95-106. https://doi.org/10.1109/CSF49147. 2020.00015 Google ScholarGoogle ScholarCross RefCross Ref
  8. William J. Bowman and Amal Ahmed. 2015. Noninterference for Free. In International Conference on Functional Programming (ICFP). https://doi.org/10.1145/2784731.2784733 Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Michael Clarkson and Fred Schneider. 2010. Hyperproperties. Journal of Computer Security (JCS) 18, 6 ( 2010 ). https: //doi.org/10.3233/JCS-2009-0393 Google ScholarGoogle ScholarCross RefCross Ref
  10. Patrick Cousot and Radhia Cousot. 1977. Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. https://doi.org/10.1145/512950.512973 Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Matthias Felleisen. 1990. On the expressive power of programming languages. In European Symposium on Programming (ESOP). https://doi.org/10.1007/3-540-52592-0_60 Google ScholarGoogle ScholarCross RefCross Ref
  12. Soichiro Fujii, Shin-ya Katsumata, and Paul-André Mellisès. 2016. Towards a Formal Theory of Graded Monads. In Foundations of Software Science and Computational Structures (FOSSACS). https://doi.org/10.1007/978-3-662-49630-5_30 Google ScholarGoogle ScholarCross RefCross Ref
  13. Nikolaos Galatos. 2007. Residuated Lattices: An Algebraic Glimpse at Substructural Logics. Elsevier Sience.Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Joseph A. Goguen and Jose Meseguer. 1982. Security Policies and Security Models. In Symposium on Security and Privacy (SSP) (Oakland). https://doi.org/10.1109/SP. 1982.10014 Google ScholarGoogle ScholarCross RefCross Ref
  15. Nevin Heintze and John G. Riecke. 1998. The SLam Calculus: Programming with Secrecy and Integrity. In Principles of Programming Languages (POPL). https://doi.org/10.1145/268946.268976 Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Andrew K. Hirsch and Ethan Cecchetti. 2020. Giving Semantics to Program-Counter Labels via Secure Efects. Technical Report. Max Planck Institute for Software Systems. https://arxiv.org/abs/ 2010.13191Google ScholarGoogle Scholar
  17. Alan Jefrey. 1997. Premonoidal Categoies and a Graphical View of Programs. http://fpl.cs.depaul.edu/ajefrey/premon/ paper.htmlGoogle ScholarGoogle Scholar
  18. Shin-ya Katsumata. 2014. Parametric Efect Monads and Semantics of Efect Systems. In Principles of Programming Languages (POPL). https://doi.org/10.1145/2535838.2535846 Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. G. A. Kavvos. 2019. Modalities, Cohesion, and Information Flow. In Principles of Programming Languages (POPL). https: //doi.org/10.1145/3290333 Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Paul C Kocher. 1996. Timing attacks on implementations of Difie-Hellman, RSA, DSS, and other systems. In International Cryptology Conference (CRYPTO). Springer, 104-113.Google ScholarGoogle Scholar
  21. Daan Leijen. 2016. Type Directed Compilation of Row-Typed Algebraic Efects. Technical Report. Microsoft. https://www. microsoft.com/en-us/research/wp-content/uploads/2016/08/algef-tr-2016-1.pdfGoogle ScholarGoogle Scholar
  22. Jed Liu, Owen Arden, Michael D. George, and Andrew C. Myers. 2017. Fabric: Building Open Distributed Systems Securely by Construction. Journal of Computer Security (JCS) 25 ( 2017 ). https://doi.org/10.323/JCS-15805 Google ScholarGoogle ScholarCross RefCross Ref
  23. J. M. Lucassen and D. K. Giford. 1988. Polymorphic Efect Systems. In Principles of Programming Languages (POPL). https://doi.org/10.1145/73560.73564 Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Tom Magrino, Jed Liu, Owen Arden, Chinawat Isradisaikul, and Andrew C. Myers. 2016. Jif 3.5: Java Information Flow. ( June 2016 ). https://www.cs.cornell.edu/jif Software release.Google ScholarGoogle Scholar
  25. Daniel Marino and Todd Milstein. 2009. A Generic Type-and-Efect System. In Types in Language Design and Implementation (TLDI). https://doi.org/10.1145/1481861.1481868 Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Matthew P. Milano and Andrew C. Myers. 2018. MixT: A Language for Mixing Consistency in Geodistributed Transactions. In Programming Languages Design and Implementation (PLDI). https://doi.org/10.1145/3192366.3192375 Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Eugenio Moggi. 1989. Computational Lambda-Calculus and Monads. In Logic in Computer Science (LICS). https://doi.org/10. 1109/LICS. 1989.39155 Google ScholarGoogle ScholarCross RefCross Ref
  28. Eugenio Moggi. 1991. Notions of Computation and Monads. Information and Computation 93, 1 ( 1991 ). https://doi.org/10. 1016/ 0890-5401 ( 91 ) 90052-4 Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Scott Moore, Aslan Askarov, and Stephen Chong. 2012. Precise Enforcement of Progress-Sensitive Security. In Computer Security Foundations (CSF). 881-893. https://doi.org/10.1145/2382196.2382289 Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Andrew C. Myers. 1999. JFlow: Practical mostly-static information flow control. In Principles of Programming Languages (POPL). 228-241.Google ScholarGoogle Scholar
  31. Flemming Nielson. 1996. Annotated Type and Efect Systems. ACM Computing Surveys (CSUR) 28, 2 ( 1996 ). https: //doi.org/10.1145/234528.234745 Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Flemming Nielson and Hanne Riis Nielson. 1999. Type and Efect Systems. In Correct System Design, Recent Insight and Advances, (to Hans Langmaack on the occasion of his retirement from his professorship at the University of Kiel). Springer. https://doi.org/10.1007/3-540-48092-7_6 Google ScholarGoogle ScholarCross RefCross Ref
  33. Dominic Orchard, Tomas Petricek, and Alan Mycroft. 2014. The Semantic Marriage of Efects and Monads. ( 2014 ). https: //arxiv.org/abs/1401.5391Google ScholarGoogle Scholar
  34. Benjamin C Pierce. 2002. Types and Programming Languages. MIT press.Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Gordon Plotkin and John Power. 2003. Algebraic Operations and Generic Efects. Applied Categorical Structures 11, 1 ( 2003 ). https://doi.org/10.1023/A:1023064908962 Google ScholarGoogle ScholarCross RefCross Ref
  36. Gordon Plotkin and Matija Pretnar. 2009. Handlers of Algebraic Efects. In European Symposium on Programming (ESOP). https://doi.org/10.1007/978-3-642-00590-9_7 Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Fran¸ois Pottier and Vincent Simonet. 2002. Information Flow Inference for ML. In Principles of Programming Languages (POPL). https://doi.org/10.1145/503272.503302 Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Matija Pretnar. 2010. The Logic and Handling of Algebraic Efects. Ph.D. Dissertation. School of Informatics, The University of Edinburgh. http://hdl.handle.net/ 1842 /4611Google ScholarGoogle Scholar
  39. Willard Rafnsson and Andrei Sabelfeld. 2014. Compositional Information-Flow Security for Interactive Systems. In Computer Security Foundations (CSF). https://doi.org/10.1109/CSF. 2013.8 Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Vineet Rajani and Deepak Garg. 2018. Types for Information Flow Control: Labeling Granularity and Semantic Models. In Computer Security Foundations (CSF). https://doi.org/10.1109/CSF. 2018.00024 Google ScholarGoogle ScholarCross RefCross Ref
  41. Alejandro Russo, Koen Claessen, and John Hughes. 2008. A Library for Light-Weight Information-Flow Security in Haskell. In Haskell Symposium (HASKELL). https://doi.org/10.1145/1411286.1411289 Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Andrei Sabelfeld and Andrew C. Myers. 2003. Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications (JSAC) 21, 1 ( 2003 ). https://doi.org/10.1109/JSAC. 2002.806121 Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Andrei Sabelfeld and David Sands. 2001. A PER Model of Secure Information Flow in Sequential Programs. Higher-Order and Symbolic Computation 14, 1 ( 2001 ). https://doi.org/10.1023/A:1011553200337 Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Naokata Shikuma and Atsushi Igarashi. 2008. Proving Noninterference by a Fully Complete Translation to the Simply Typed-calculus. Logical Methods in Computer Science (LMCS) 4, 3 ( September 2008 ). https://doi.org/10.2168/LMCS-4( 3 :10) 2008 Google ScholarGoogle ScholarCross RefCross Ref
  45. Deian Stefan, Alejandro Russo, John C. Mitchell, and David Mazières. 2011. Flexible Dynamic Information Flow Control in Haskell. In Haskell Symposium (HASKELL). https://doi.org/10.1145/2034675.2034688 Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Ross Tate. 2013. The Sequential Semantics of Producer Efect Systems. In Principles of Programming Languages (POPL). https://doi.org/10.1145/2429069.2429074 Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Tsa-ching Tsai, Alejandro Russo, and John Hughes. 2007. A Library for Secure Multi-Threaded Information Flow in Haskell. In Computer Security Foundations (CSF). https://doi.org/10.1109/CSF. 2007.6 Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Stephen Tse and Steve Zdancewic. 2004. Translating Dependency into Parametricity. In International Conference on Functional Programming (ICFP). https://doi.org/10.1145/1016850.1016868 Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Marco Vassena, Alejandro Russo, Pablo Buiras, and Lucas Waye. 2018. MAC: A Verified Static Information-Flow Control Library. Journal of Logical and Algebraic Methods in Programming (JLAMP) 95 ( 2018 ). https://doi.org/10.1016/j.jlamp. 2017. 12.003 Google ScholarGoogle ScholarCross RefCross Ref
  50. Dennis Volpano and Geofrey Smith. 1997. Eliminating covert flows with minimum typings. In Computer Security Foundations Workshop (CSFW). IEEE.Google ScholarGoogle ScholarCross RefCross Ref
  51. Dennis Volpano, Geofrey Smith, and Cynthia Irvine. 1996. A Sound Type System for Secure Flow Analysis. Journal of Computer Security (JCS) 4, 3 ( 1996 ). https://doi.org/10.3233/JCS-1996-42-304 Google ScholarGoogle ScholarCross RefCross Ref
  52. Philip Wadler and Peter Thiemann. 1998. The Marriage of Efects and Monads. In International Conference on Functional Programming (ICFP). https://doi.org/10.1145/289423.289429 Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Lucas Waye, Pablo Buiras, Dan King, Stephen Chong, and Alejandro Russo. 2015. It's My Privilege: Controlling Downgrading in DC-Labels. In Security and Trust Management (STM). https://doi.org/10.1007/978-3-319-24858-5_13 Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Steve Zdancewic and Andrew C Myers. 2002. Secure information flow via linear continuations. Higher-Order and Symbolic Computation 15, 2-3 ( 2002 ).Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Giving semantics to program-counter labels via secure effects

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!