Flow locks: Towards a core calculus for dynamic flow policies
Paper in proceedings, 2006

Security is rarely a static notion. What is considered to be confidential or untrusted data varies over time according to changing events and states. The static verification of secure information flow has been a popular theme in recent programming language research, but information flow policies considered are based on multilevel security which presents a static view of security levels. In this paper we introduce a very simple mechanism for specifying dynamic information flow policies, flow locks, which specify conditions under which data may be read by a certain actor. The interface between the policy and the code is via instructions which open and close flow locks. We present a type and effect system for an ML-like language with references which permits the completely static verification of flow lock policies, and prove that the system satisfies a semantic security property generalising noninterference. We show that this simple mechanism can represent a number of recently proposed information flow paradigms for declassification.

Author

N. Broberg

David Sands

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

Lecture Notes in Computer Science

Vol. 3924 180-196

Subject Categories

Computer and Information Science

DOI

10.1007/11693024_13

ISBN

0302-97433-540-33095-X

More information

Created

10/8/2017