From Fine- to Coarse-Grained Dynamic Information Flow Control and Back
Paper i proceeding, 2019

We show that fine-grained and coarse-grained dynamic information-flow control (IFC) systems are equally expressive. To this end, we mechanize two mostly standard languages, one with a fine-grained dynamic IFC system and the other with a coarse-grained dynamic IFC system, and prove a semantics-preserving translation from each language to the other. In addition, we derive the standard security property of non-interference of each language from that of the other, via our verified translation. This result addresses a longstanding open problem in IFC: whether coarse-grained dynamic IFC techniques are less expressive than fine-grained dynamic IFC techniques (they are not!). The translations also stand to have important implications on the usability of IFC approaches. The coarse- to fine-grained direction can be used to remove the label annotation burden that fine-grained systems impose on developers, while the fine- to coarse-grained translation shows that coarse-grained systemsÐwhich are easier to design and implementÐcan track information as precisely as fine-grained systems and provides an algorithm for automatically retrofitting legacy applications to run on existing coarse-grained systems.

Information-flow control

verified source-to-source transformations

Agda

Författare

Marco Vassena

Chalmers, Data- och informationsteknik, Informationssäkerhet

Vineet Rajani

Max Planck Institute for Software Systems

Deepak Garg

Max Planck Institute for Software Systems

Alejandro Russo

Chalmers, Data- och informationsteknik, Informationssäkerhet

Deian Stefan

University of California San Diego

46th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), 2019
Cascais, Portugal,

Ämneskategorier

Datavetenskap (datalogi)

DOI

10.1145/3290389

Mer information

Skapat

2019-01-23