On the Foundations of Information-Flow Control and Effects
Doctoral thesis, 2024
There is no doubt that society depends crucially on software systems. Correct software is therefore a pressing matter. An important aspect of software correctness is security: for example, a banking application is secure, if at least it does not send your credit card number to an unauthorised third party. It is well-known that software is riddled with bugs. Some are introduced by human mistakes; some by deficiencies of the programming languages at use. Security vulnerabilities arising from both kinds of bugs appear time and again, affecting the security needs of millions of users. It thus becomes imperative to design programming languages that help programmers avoid bugs. Developers must demand assurances that secure programming languages indeed produce secure software. This warrants mathematical justification in the form of proof. To increase reusability, these proofs would ideally be carried out in a framework that is modular on the features of the programming language.
Language-based security investigates the security aspects of software, such as confidentiality or integrity, from the perspective of programming language theory. One approach to information-flow control (IFC) studies the design of programming languages in which programs are secure-by-construction. In this approach, types guide the development of programs, and the type system ensures that well-typed programs are secure. Practical programs feature effects such as nontermination or printing. Type systems for IFC need therefore to take these into account to guarantee security. Establishing the correctness of IFC type-systems for effectful languages is a complex matter, which often relies on ad hoc methods that depend on the concrete kinds of effects.
In this thesis, we describe a novel theory of information flow with effects. In our framework the correctness of IFC type-systems can be proved modularly with respect to the kind of effects. This theory builds upon existing models of information flow and models of effects, and thus, is readily applicable. Independently, this thesis makes two additional contributions. First, we show how to extend concurrent IFC languages with asynchronous exceptions, which, e.g., enable secure interthread communication. Second, we present a new technique for proving correctness of IFC type systems based on normalization. As a byproduct of independent interest, we present novel normalization results for the family of so-called Fitch-style modal calculi.
Language-based security investigates the security aspects of software, such as confidentiality or integrity, from the perspective of programming language theory. One approach to information-flow control (IFC) studies the design of programming languages in which programs are secure-by-construction. In this approach, types guide the development of programs, and the type system ensures that well-typed programs are secure. Practical programs feature effects such as nontermination or printing. Type systems for IFC need therefore to take these into account to guarantee security. Establishing the correctness of IFC type-systems for effectful languages is a complex matter, which often relies on ad hoc methods that depend on the concrete kinds of effects.
In this thesis, we describe a novel theory of information flow with effects. In our framework the correctness of IFC type-systems can be proved modularly with respect to the kind of effects. This theory builds upon existing models of information flow and models of effects, and thus, is readily applicable. Independently, this thesis makes two additional contributions. First, we show how to extend concurrent IFC languages with asynchronous exceptions, which, e.g., enable secure interthread communication. Second, we present a new technique for proving correctness of IFC type systems based on normalization. As a byproduct of independent interest, we present novel normalization results for the family of so-called Fitch-style modal calculi.
security
programming languages
information-flow control
Lecture hall ED, EDIT building Rännvägen 6B, Chalmers
Opponent: Professor Amal Ahmed, Northeastern University, Boston, U.S.A
Author
Carlos Tomé Cortiñas
Chalmers, Computer Science and Engineering (Chalmers), Information Security
Securing Asynchronous Exceptions
Proceedings - IEEE Computer Security Foundations Symposium,; Vol. 2020-June(2020)p. 214-229
Paper in proceeding
Simple Noninterference by Normalization
Proceedings of the ACM Conference on Computer and Communications Security,; (2019)p. 61-72
Paper in proceeding
Normalization for Fitch-Style Modal Calculi
PROCEEDINGS OF THE ACM ON PROGRAMMING LANGUAGES-PACMPL,; Vol. 6(2022)
Journal article
WebSec: Securing Web-driven Systems
Swedish Foundation for Strategic Research (SSF) (RIT17-0011), 2018-03-01 -- 2023-02-28.
Subject Categories
Computer Science
ISBN
978-91-8103-022-8
Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 5480
Publisher
Chalmers
Lecture hall ED, EDIT building Rännvägen 6B, Chalmers
Opponent: Professor Amal Ahmed, Northeastern University, Boston, U.S.A