Tracking Information Flows in Interactive and Object-Oriented Programs
This thesis improves the current state of the art on information-flow control of interactive and object-oriented programs, respectively. Given a policy which specifies which information flows are permitted in a program, the objective here is to ensure that only flows satisfying the policy can occur. The challenge is to develop a sane policy and an automated, permissive enforcement mechanism for said policy.
For object-oriented programs, we present a static, flow-sensitive type system for tracking flows through lazy static class initializations with persistent failures, a language construct in languages such as Java and C#, untreated by tools such as Jif. We show how a class initialization status can be utilized as a covert channel for moving 1 bit of information, and show that the type system enforces a termination-insensitive notion of noninterference.