A type-based approach to program security

Volpano, Dennis; Smith, Geoffrey

doi:10.1007/bfb0030629

Cited by 147 publications

(134 citation statements)

References 17 publications

Supporting

Mentioning

131

Contrasting

Unclassified

Order By: Relevance

“…[VS97,DS06] and for more complex ones [PS03], but these all have flow-insensitive treatments of imperative variables. Other algorithmic but non typebased treatments of flow-sensitive information flow include Clark et al's flow logic approach [CHH02].…”

Section: Related Workmentioning

confidence: 99%

From Exponential to Polynomial-Time Security Typing via Principal Types

Hunt

Sands

2011

Programming Languages and Systems

View full text Add to dashboard Cite

Abstract. Hunt and Sands (POPL'06) studied a flow sensitive type (FST) system for multi-level security, parametric in the choice of lattice of security levels. Choosing the powerset of program variables as the security lattice yields a system which was shown to be equivalent to Amtoft and Banerjee's Hoare-style independence logic (SAS'04). Moreover, using the powerset lattice, it was shown how to derive a principal type from which all other types (for all choices of lattice) can be simply derived. Both of these earlier works gave "algorithmic" formulations of the type system/program logic, but both algorithms are of exponential complexity due to the iterative typing of While loops. Later work by Hunt and Sands (ESOP'08) adapted the FST system to provide an erasure type system which determines whether some input is correctly erased at a designated time. This type system is inherently exponential, requiring a double typing of the erasure-labelled input command. In this paper we start by developing the FST work in two key ways: (1) We specialise the FST system to a form which only derives principal types; the resulting type system has a simple algorithmic reading, yielding principal security types in polynomial time. (2) We show how the FST system can be simply extended to check for various degrees of termination sensitivity (the original FST system is completely termination insensitive, while the erasure type system is fully termination sensitive). We go on to demonstrate the power of these techniques by combining them to develop a type system which is shown to correctly implement erasure typing in polynomial time. Principality is used in an essential way to reduce type derivation size from exponential to linear.

show abstract

Section: Related Workmentioning

confidence: 99%

From Exponential to Polynomial-Time Security Typing via Principal Types

Hunt

Sands

2011

Programming Languages and Systems

View full text Add to dashboard Cite

show abstract

“…The next stage of our research is to extend our type system to include additional features present in Volpano, Smith and Irvine's original type system [1] and Volpano and Smith's extension [18] -specifically procedures, primitive operations and conditional statements. This will allow us to analyse more accurate representations of functions in widely used security APIs such as PKCS #11 [20].…”

Section: Discussionmentioning

confidence: 99%

Towards a Type System for Security APIs

Keighren

Aspinall

Steel

2009

Foundations and Applications of Security Analysis

View full text Add to dashboard Cite

Abstract. Security API analysis typically only considers a subset of an API's functions, with results bounded by the number of function calls. Furthermore, attacks involving partial leakage of sensitive information are usually not covered. Type-based static analysis has the potential to alleviate these shortcomings. To that end, we present a type system for secure information flow based upon the one of Volpano, Smith and Irvine [1], extended with types for cryptographic keys and ciphertext similar to those in Sumii and Pierce [2]. In contrast to some other type systems, the encryption and decryption of keys does not require special treatment. We show that a well-typed sequence of commands is non-interferent, based upon a definition of indistinguishability where, in certain circumstances, the adversary can distinguish between ciphertexts that correspond to encrypted public data.

show abstract

“…We cannot aim for completeness here, for a good overview see the recent survey paper by Palsberg in the PASTE'01 workshop. Particularly influencing are the works on region calculus [20], on effect systems [17,13,14], on flow analysis [19], on secrecy and security analysis [8,16,22,21], on binding-time analysis [3,9,12,5,6].…”

Section: Related Workmentioning

confidence: 99%

A Prototype Dependency Calculus

Thiemann

2002

Programming Languages and Systems

View full text Add to dashboard Cite

Abstract. Dependency has been identified as the main ingredient underlying many program analyses, in particular flow analysis, secrecy and integrity analysis, and binding-time analysis. Driven by that insight, Abadi, Banerjee, Heintze, and Riecke [1] have defined a dependency core calculus (DCC). DCC serves as a common target language for defining the above analyses by translation to DCC. The present work considers the opposite direction. We define a Prototype Dependency Calculus (PDC) and define flow analysis, secrecy analysis, and region analysis by translation from PDC.

show abstract

A type-based approach to program security

Cited by 147 publications

References 17 publications

From Exponential to Polynomial-Time Security Typing via Principal Types

From Exponential to Polynomial-Time Security Typing via Principal Types

Towards a Type System for Security APIs

A Prototype Dependency Calculus

Contact Info

Product

Resources

About