A monadic analysis of information flow security with mutable state

We explore the logical underpinnings of higher-order, security-typed languages with mutable state. Our analysis is based on a logic of information flow derived from lax logic and the monadic metalanguage. Thus, our logic deals with mutation explicitly, with impurity reflected in the types, in contrast to most higher-order security-typed languages, which deal with mutation implicitly via side-effects. More importantly, we also take a store-oriented view of security, wherein security levels are associated with elements of the mutable store. This view matches closely with the operational semantics of low-level imperative languages where information flow is expressed by operations on the store. An interesting feature of our analysis lies in its treatment of upcalls (low-security computations that include high-security ones), employing an “informativeness” judgment indicating under what circumstances a type carries useful information.

[1]  William L. Harrison,et al.  Domain Separation by Construction , 2003 .

[2]  Frank Pfenning,et al.  A judgmental reconstruction of modal logic , 2001, Mathematical Structures in Computer Science.

[3]  G. Schoch,et al.  Role of interferon in the pathogenesis of virus diseases in mice as demonstrated by the use of anti-interferon serum. I. Rapid evolution of encephalomyocarditis virus infection , 1976, The Journal of experimental medicine.

[4]  Eugenio Moggi,et al.  Notions of Computation and Monads , 1991, Inf. Comput..

[5]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[6]  Nick Benton,et al.  Computational types from a logical perspective , 1998, Journal of Functional Programming.

[7]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[8]  Andrew C. Myers,et al.  Programming Languages for Information Security , 2002 .

[9]  Nobuko Yoshida,et al.  A uniform type structure for secure information flow , 2002, POPL '02.

[10]  Andrew C. Myers,et al.  Secure Information Flow via Linear Continuations , 2002, High. Order Symb. Comput..

[11]  VolpanoDennis,et al.  A sound type system for secure flow analysis , 1996 .

[12]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[13]  Eugenio Moggi,et al.  Computational lambda-calculus and monads , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[14]  Andrew C. Myers,et al.  Secure Information Flow and CPS , 2001, ESOP.

[15]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[16]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[17]  Gérard P. Huet,et al.  Confluent Reductions: Abstract Properties and Applications to Term Rewriting Systems , 1980, J. ACM.

[18]  Sylvain Conchon,et al.  Information flow inference for free , 2000, ICFP '00.

[19]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[20]  Andrew C. Myers,et al.  Robust declassification , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[21]  Gerard Huet,et al.  Conflunt reductions: Abstract properties and applications to term rewriting systems , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[22]  Steve Zdancewic,et al.  A Type System for Robust Declassification , 2003, MFPS.

[23]  Karl Crary,et al.  From system F to typed assembly language , 1999, TOPL.

[24]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[25]  PottierFrançois,et al.  Information flow inference for ML , 2002 .

[26]  HuetGérard Confluent Reductions: Abstract Properties and Applications to Term Rewriting Systems , 1980 .