Tamara Rezk scite author profile

Secure information flow by self-composition

Barthe

¹

,

D’Argenio

²

,

³

View full text Add to dashboard Cite

Information flow policies are confidentiality policies that control information leakage through program execution. A common means to enforce secure information flow is through information flow type systems. Although type systems are compositional and usually enjoy decidable type checking or inference, their extensibility is very poor: type systems need to be redefined and proven sound for each new single variation of security policy and programming language for which secure information flow verification is desired. In contrast, program logics offer a general mechanism to enforce a variety of safety policies, and for this reason are favored in Proof Carrying Code, a promising security architecture for mobile code. However, the encoding of information flow policies in program logics is not straightforward, because they refer to a relation between two program executions. The purpose of this paper is to investigate logical formulations of secure information flow based on the idea of self-composition, that reduces the problem of secure information flow of a program P to a safety property for a programP derived from P , by composing P with a renaming of itself. Self-composition enables the use of standard techniques for information flow policies verification, such as program logics and model checking, suitable in Proof Carrying Code infrastructures. We illustrate the applicability of self-composition in several settings, including different security policies such as non-interference and controlled forms of declassification, and programming languages such as an imperative language with parallel composition, a non-deterministic language, and finally a language with shared mutable data structures.

show abstract

Secure information flow by self-composition

Barthe¹,

D’Argenio²,

Rezk³

2011

Math. Struct. Comp. Sci.

View full text Add to dashboard Cite

Information flow policies are confidentiality policies that control information leakage through program execution. A common means to enforce secure information flow is through information flow type systems. Although type systems are compositional and usually enjoy decidable type checking or inference, their extensibility is very poor: type systems need to be redefined and proven sound for each new single variation of security policy and programming language for which secure information flow verification is desired. In contrast, program logics offer a general mechanism to enforce a variety of safety policies, and for this reason are favored in Proof Carrying Code, a promising security architecture for mobile code. However, the encoding of information flow policies in program logics is not straightforward, because they refer to a relation between two program executions. The purpose of this paper is to investigate logical formulations of secure information flow based on the idea of self-composition, that reduces the problem of secure information flow of a program P to a safety property for a programP derived from P , by composing P with a renaming of itself. Self-composition enables the use of standard techniques for information flow policies verification, such as program logics and model checking, suitable in Proof Carrying Code infrastructures. We illustrate the applicability of self-composition in several settings, including different security policies such as non-interference and controlled forms of declassification, and programming languages such as an imperative language with parallel composition, a non-deterministic language, and finally a language with shared mutable data structures.

show abstract

Constant-time foundations for the new spectre era

Cauligi

¹

,

Disselkoen

²

,

Gleissenthall

³

et al. 2020

View full text Add to dashboard Cite

Non-interference for a JVM-like language

Barthe

¹

,

Rezk

²

2005

View full text Add to dashboard Cite

show abstract

Deriving an information flow checker and certifying compiler for Java

Barthe

¹

,

Naumann

²

,

Rezk

³

2006

View full text Add to dashboard Cite

Language-based security provides a means to enforce endto-end confidentiality and integrity policies in mobile code scenarios, and is increasingly being contemplated by the smartcard and mobile phone industry as a solution to enforce information flow and resource control policies.Two threads of work have emerged in research on languagebased security: work that focuses on enforcing security policies for source code, which is tailored towards developers that want to increase confidence in their applications, and work that focuses on efficiently verifying similar policies for bytecode, which is tailored to code consumers that want to protect themselves against hostile applications. These lines of work serve different purposes-and thus have been developed independently-but connecting them is a key step towards the deployment of language-based security in practical applications.This paper introduces a systematic technique to connect source code and bytecode security type systems. The technique is applied to an information flow type system for a fragment of Java with exceptions, thus confronting challenges in both control and data flow tracking.

show abstract

Tamara Rezk

Secure information flow by self-composition

Secure information flow by self-composition

Constant-time foundations for the new spectre era

Non-interference for a JVM-like language

Deriving an information flow checker and certifying compiler for Java

Contact Info

Product

Resources

About