Verifying Information Flow Control Libraries
Doctoral thesis, 2019

Information Flow Control (IFC) is a principled approach to protecting the confidentiality and integrity of data in software systems. Intuitively, IFC sys- tems associate data with security labels that track and restrict flows of information throughout a program in order to enforce security. Most IFC techniques require developers to use specific programming languages and tools that require substantial efforts to develop or to adopt. To avoid redundant work and lower the threshold for adopting secure languages, IFC has been embedded in general-purpose languages through software libraries that promote security-by-construction with their API.

This thesis makes several contributions to state-of-the-art static (MAC) and dynamic IFC libraries (LIO) in three areas: expressive power, theoretical IFC foundations and protection against covert channels. Firstly, the thesis gives a functor algebraic structure to sensitive data, in a way that it can be processed through classic functional programming patterns that do not incur in security checks. Then, it establishes the formal security guarantees of MAC, using the standard proof technique of term erasure, enriched with two-steps erasure, a novel idea that simplifies reasoning about advanced programming features, such as exceptions, mutable references and concurrency. Secondly, the thesis demonstrates that the lightweight, but coarse-grained, enforcement of dynamic IFC libraries (e.g., LIO) can be as precise and permissive as the fine-grained, but heavyweight, approach of fully-fledged IFC languages. Lastly, the thesis contributes to the design of secure runtime systems that protect IFC libraries, and IFC languages as well, against internal- and external-timing covert channels that leak information through certain runtime system resources and features, such as lazy evaluation and parallelism.

The results of this thesis are supported with extensive machine-checked proof scripts, consisting of 12,000 lines of code developed in the Agda proof assistant.

HB1, Lecture Hall, Hörsalsvägen 8, Hörsalar HB
Opponent: David Pichardie, ENS Rennes, France


Marco Vassena

Chalmers, Computer Science and Engineering (Chalmers), Information Security

From Fine- to Coarse-Grained Dynamic Information Flow Control and Back

Proceedings of the ACM on Programming Languages,; Vol. 3(2019)p. 1-31

Journal article

Foundations for Parallel Information Flow Control Runtime Systems

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 11426 LNCS(2019)p. 1-28

Paper in proceeding

MAC A verified static information-flow control library

Journal of Logical and Algebraic Methods in Programming,; Vol. 95(2018)p. 148-180

Journal article

Securing Concurrent Lazy Programs Against Information Leakage

Proceedings - IEEE Computer Security Foundations Symposium,; (2017)p. 37-52

Paper in proceeding

Flexible manipulation of labeled values for information-flow control libraries

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 9878 LNCS, 2016(2016)p. 538-557

Paper in proceeding

On formalizing information-flow control libraries

11th ACM SIGSAC Workshop on Programming Languages and Analysis for Security, PLAS 2016, Vienna, Austria, 24 October 2016,; (2016)p. 15-28

Paper in proceeding

Every day, billions of people entrust apps with personal data (e.g., credit card number, phone number, GPS location) for work and leisure. Sometimes, these apps break the privacy of their users, by mistake, e.g., due to a software bug, or intentionally, for profit. In response to these threats, researchers have proposed information-flow control security mechanisms that confine data in software systems. However, these techniques are not widely used: they require substantial efforts to develop and to adopt. To reduce those efforts, information-flow control techniques have been embedded in software libraries that allow developers to build secure-by-construction software. This thesis (i) demonstrates that these libraries can enforce security as effectively as fully-fledged techniques, (ii) establishes the formal security guarantees of state-of-the-art information-flow control libraries with computer-verified mathematical proofs, and (iii) presents countermeasures against assiduous attackers that leak information through the software runtime system.

Subject Categories

Computer Science



Technical report - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University: 170D

Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 4548



HB1, Lecture Hall, Hörsalsvägen 8, Hörsalar HB

Opponent: David Pichardie, ENS Rennes, France

More information

Latest update

2/6/2019 1