On the Foundations of Information-Flow Control and Effects
Doctoral thesis, 2024
Language-based security investigates the security aspects of software, such as confidentiality or integrity, from the perspective of programming language theory. One approach to information-flow control (IFC) studies the design of programming languages in which programs are secure-by-construction. In this approach, types guide the development of programs, and the type system ensures that well-typed programs are secure. Practical programs feature effects such as nontermination or printing. Type systems for IFC need therefore to take these into account to guarantee security. Establishing the correctness of IFC type-systems for effectful languages is a complex matter, which often relies on ad hoc methods that depend on the concrete kinds of effects.
In this thesis, we describe a novel theory of information flow with effects. In our framework the correctness of IFC type-systems can be proved modularly with respect to the kind of effects. This theory builds upon existing models of information flow and models of effects, and thus, is readily applicable. Independently, this thesis makes two additional contributions. First, we show how to extend concurrent IFC languages with asynchronous exceptions, which, e.g., enable secure interthread communication. Second, we present a new technique for proving correctness of IFC type systems based on normalization. As a byproduct of independent interest, we present novel normalization results for the family of so-called Fitch-style modal calculi.
security
programming languages
information-flow control
Author
Carlos Tomé Cortiñas
Chalmers, Computer Science and Engineering (Chalmers), Information Security
Securing Asynchronous Exceptions
Proceedings - IEEE Computer Security Foundations Symposium,;Vol. 2020-June(2020)p. 214-229
Paper in proceeding
Simple Noninterference by Normalization
Proceedings of the ACM Conference on Computer and Communications Security,;(2019)p. 61-72
Paper in proceeding
Normalization for Fitch-Style Modal Calculi
PROCEEDINGS OF THE ACM ON PROGRAMMING LANGUAGES-PACMPL,;Vol. 6(2022)
Journal article
WebSec: Securing Web-driven Systems
Swedish Foundation for Strategic Research (SSF) (RIT17-0011), 2018-03-01 -- 2023-02-28.
Subject Categories
Computer Science
ISBN
978-91-8103-022-8
Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 5480
Publisher
Chalmers
Lecture hall ED, EDIT building Rännvägen 6B, Chalmers
Opponent: Professor Amal Ahmed, Northeastern University, Boston, U.S.A