A Permission-Dependent Type System for Secure Information Flow Analysis

We introduce a novel type system for enforcing secure information flow in an imperative language. Our work is motivated by the problem of statically checking potential information leakage in Android applications. To this end, we design a lightweight type system featuring Android permission model, where the permissions are statically assigned to applications and are used to enforce access control in the applications. We take inspiration from a type system by Banerjee and Naumann to allow security types to be dependent on the permissions of the applications. A novel feature of our type system is a typing rule for conditional branching induced by permission testing, which introduces a merging operator on security types, allowing more precise security policies to be enforced. The soundness of our type system is proved with respect to non-interference. In addition, a type inference algorithm is presented for the underlying security type system, by reducing the inference problem to a constraint solving problem in the lattice of security types.

[1]  Juan Chen,et al.  Secure distributed programming with value-dependent types , 2011, Journal of Functional Programming.

[2]  Jaisook Landauer,et al.  A lattice of information , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[3]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[4]  J. Foster,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[5]  Avik Chaudhuri,et al.  Language-based security on Android , 2009, PLAS '09.

[6]  Anindya Banerjee,et al.  Stack-based access control and secure information flow , 2005, J. Funct. Program..

[7]  Flemming Nielson,et al.  Disjunctive Information Flow for Communicating Processes , 2015, TGC.

[8]  Deepak Garg,et al.  Verification of Information Flow and Access Control Policies with Dependent Types , 2011, 2011 IEEE Symposium on Security and Privacy.

[9]  Toby C. Murray,et al.  A Dependent Security Type System for Concurrent Imperative Programs , 2016, Arch. Formal Proofs.

[10]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[11]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[12]  Hendra Gunadi Formal Certification of Non-interferent Android Bytecode (DEX Bytecode) , 2015, 2015 20th International Conference on Engineering of Complex Computer Systems (ICECCS).

[13]  David Sands,et al.  Assumptions and Guarantees for Compositional Noninterference , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[14]  Toby C. Murray,et al.  Compositional Verification and Refinement of Concurrent Value-Dependent Noninterference , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[15]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[16]  Toby C. Murray Short Paper: On High-Assurance Information-Flow-Secure Programming Languages , 2015, PLAS@ECOOP.

[17]  Andrew C. Myers,et al.  Dynamic security labels and static information flow control , 2007, International Journal of Information Security.

[18]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[19]  Luís Caires,et al.  Information Flow Analysis for Valued-Indexed Data Security Compartments , 2013, TGC.

[20]  Steffen Lortz,et al.  Cassandra: Towards a Certifying App Store for Android , 2014, SPSM@CCS.

[21]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[22]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[23]  Flemming Nielson,et al.  Future-dependent Flow Policies with Prophetic Variables , 2016, PLAS@CCS.

[24]  Armando Solar-Lezama,et al.  Type-Driven Repair for Information Flow Security , 2016, ArXiv.

[25]  Armando Solar-Lezama,et al.  A language for automatically enforcing privacy policies , 2012, POPL '12.

[26]  Manish Mahajan,et al.  Proof carrying code , 2015 .

[27]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[28]  Patrick D. McDaniel,et al.  Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[29]  Toby C. Murray,et al.  Compositional Security-Preserving Refinement for Concurrent Imperative Programs , 2016, Arch. Formal Proofs.

[30]  Gilles Barthe,et al.  Non-interference for a JVM-like language , 2005, TLDI '05.

[31]  Steve Zdancewic,et al.  Run-time principals in information-flow type systems , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[32]  Somesh Jha,et al.  Practical DIFC Enforcement on Android , 2016, USENIX Security Symposium.

[33]  Juan Chen,et al.  Enforcing Stateful Authorization and Information Flow Policies in Fine , 2010, ESOP.

[34]  David Sands,et al.  On flow-sensitive security types , 2006, POPL '06.

[35]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[36]  Michael D. Ernst,et al.  Collaborative Verification of Information Flow for a High-Assurance App Store , 2014, Software Engineering & Management.

[37]  Gilles Barthe,et al.  Deriving an information flow checker and certifying compiler for Java , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[38]  Yao Wang,et al.  A Hardware Design Language for Timing-Sensitive Information-Flow Security , 2015, ASPLOS.

[39]  Zhuoqing Morley Mao,et al.  Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework , 2016, NDSS.

[40]  Danfeng Zhang,et al.  Towards a Flow- and Path-Sensitive Information Flow Analysis , 2017, 2017 IEEE 30th Computer Security Foundations Symposium (CSF).

[41]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[42]  Luís Caires,et al.  Dependent Information Flow Types , 2015, POPL.

[43]  Gilles Barthe,et al.  A certified lightweight non-interference Java bytecode verifier† , 2007, Mathematical Structures in Computer Science.