A Principled Approach to Tracking Information Flow in the Presence of Libraries
Paper in proceedings, 2017

There has been encouraging progress on information flow control for programs in increasingly complex programming languages, tracking the propagation of information from input sources to output sinks. Yet, programs are typically deployed in an environment with rich APIs and powerful libraries, posing challenges for information flow control when the code for these APIs and libraries is either unavailable or written in a different language. This paper presents a principled approach to tracking information flow in the presence of libraries. With the goal to strike the balance between security and precision, we present a framework that explores the middle ground between the “shallow”, signature-based modeling of libraries and the “deep”, stateful approach, where library models need to be supplied manually. We formalize our approach for a core language, extend it with lists and higher-order functions, and establish soundness results with respect to the security condition of noninterference.

information flow

language-based security

noninterference

Author

Daniel Hedin

Information Security

Alexander Sjösten

Information Security

Frank Piessens

KU Leuven

Andrei Sabelfeld

Information Security

Lecture Notes in Computer Science

0302-9743 (ISSN)

Vol. 10204 49-70

Areas of Advance

Information and Communication Technology

Subject Categories

Computer and Information Science

DOI

10.1007/978-3-662-54455-6_3

ISBN

978-3-662-54454-9

More information

Latest update

5/29/2018