Information Flow Tracking for Side-Effectful Libraries
Paper i proceeding, 2018
Dynamic information flow control is a promising technique for ensuring
confidentiality and integrity of applications that manipulate sensitive
information. While much progress has been made on increasingly powerful
programming languages ranging from low-level machine languages to high-level
languages for distributed systems, surprisingly little attention has been
devoted to libraries and APIs. The state of the art is largely an
all-or-nothing choice: either a shallow or deep library
modeling approach. Seeking to break out of this restrictive choice, we
formalize a general mechanism that tracks information flow for a language
that includes higher-order functions, structured data types and references.
A key feature of our approach is the model heap, a part of the
memory, where security information is kept to enable the interaction between
the labeled program and the unlabeled library. We provide a
proof-of-concept implementation and report on experiments with a file system
library. The system has been proved correct using Coq.
confidentiality and integrity of applications that manipulate sensitive
information. While much progress has been made on increasingly powerful
programming languages ranging from low-level machine languages to high-level
languages for distributed systems, surprisingly little attention has been
devoted to libraries and APIs. The state of the art is largely an
all-or-nothing choice: either a shallow or deep library
modeling approach. Seeking to break out of this restrictive choice, we
formalize a general mechanism that tracks information flow for a language
that includes higher-order functions, structured data types and references.
A key feature of our approach is the model heap, a part of the
memory, where security information is kept to enable the interaction between
the labeled program and the unlabeled library. We provide a
proof-of-concept implementation and report on experiments with a file system
library. The system has been proved correct using Coq.
Side-effectful Libraries
Language-Based Security
Information Flow Control
Författare
Alexander Sjösten
Chalmers, Data- och informationsteknik, Informationssäkerhet
Daniel Hedin
Chalmers, Data- och informationsteknik, Informationssäkerhet
Andrei Sabelfeld
Chalmers, Data- och informationsteknik, Informationssäkerhet
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
03029743 (ISSN) 16113349 (eISSN)
Vol. 10854 LNCS 141-160978-3-319-92611-7 (ISBN)
38th IFIP WG 6.1 International Conference on Formal Techniques for Distributed Objects, Components, and Systems, FORTE 2018
Madrid, Spain,
Madrid, Spain,
Styrkeområden
Informations- och kommunikationsteknik
Ämneskategorier
Data- och informationsvetenskap
DOI
10.1007/978-3-319-92612-4_8