From Fine- to Coarse-Grained Dynamic Information Flow Control and Back
Paper in proceedings, 2019

We show that fine-grained and coarse-grained dynamic information-flow control (IFC) systems are equally expressive. To this end, we mechanize two mostly standard languages, one with a fine-grained dynamic IFC system and the other with a coarse-grained dynamic IFC system, and prove a semantics-preserving translation from each language to the other. In addition, we derive the standard security property of non-interference of each language from that of the other, via our verified translation. This result addresses a longstanding open problem in IFC: whether coarse-grained dynamic IFC techniques are less expressive than fine-grained dynamic IFC techniques (they are not!). The translations also stand to have important implications on the usability of IFC approaches. The coarse- to fine-grained direction can be used to remove the label annotation burden that fine-grained systems impose on developers, while the fine- to coarse-grained translation shows that coarse-grained systemsÐwhich are easier to design and implementÐcan track information as precisely as fine-grained systems and provides an algorithm for automatically retrofitting legacy applications to run on existing coarse-grained systems.

Information-flow control

verified source-to-source transformations

Agda

Author

Marco Vassena

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Vineet Rajani

Max Planck Institute for Software Systems

Deepak Garg

Max Planck Institute for Software Systems

Alejandro Russo

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Deian Stefan

University of California at San Diego (UCSD)

46th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 2019
Cascais, Portugal,

Subject Categories

Computer Science

DOI

10.1145/3290389

More information

Created

1/23/2019