Jifclipse: development tools for security-typed languages

Security-typed languages such as Jif require the programmer to label variables with information flow security policies as part of application development. The compiler then flags errors wherever information leaks may occur. Resolving these information leaks is a critical task in security-typed language application development. Unfortunately, because information flows can be quite subtle, simple error messages tend to be insufficient for finding and resolving the source of information leaks; more sophisticated development tools are needed for this task. To this end we provide a set of principles to guide the development of such tools. Furthermore, we implement a subset of these principles in an integrated development environment (IDE) for Jif, called Jifclipse, which is built on the Eclipse extensible development platform. Our plug-in provides a Jif programmer with additional tools to view hidden information generated by a Jif compilation, to suggest fixes for errors, and to get more specific information behind an error message. Better development tools are essential for making security-typed application development practical; Jifclipse is a first step in this process

[1]  Steve Zdancewic,et al.  A Design for a Security-Typed Language with Certificate-Based Declassification , 2005, ESOP.

[2]  Bastiaan Heeren,et al.  Top quality type error Messages , 2005 .

[3]  Jeffrey S. Foster,et al.  Flow-insensitive type qualifiers , 2006, TOPL.

[4]  Andrew C. Myers,et al.  Decentralized robustness , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[5]  Andrew C. Myers,et al.  End-to-end availability policies and noninterference , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[6]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[7]  Boniface Hicks,et al.  Dynamic updating of information-flo w policies , 2005 .

[8]  Trent Jaeger,et al.  From Trusted to Secure: Building and Executing Applications That Enforce System Security , 2007, USENIX Annual Technical Conference.

[9]  Andrew C. Myers,et al.  Jif: java information flow , 1999 .

[10]  David Sands,et al.  Dimensions and principles of declassification , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[11]  Andrei Sabelfeld,et al.  Secure Implementation of Cryptographic Protocols: A Case Study of Mutual Distrust , 2005 .

[12]  Michael Hicks,et al.  Managing policy updates in security-typed languages , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[13]  Fredrik Hultin,et al.  Bridging Model-Based and Language-Based Security , 2003, ESORICS.

[14]  Mitchell Wand Finding the source of type errors , 1986, POPL '86.

[15]  Boniface Hicks,et al.  Trusted declassification:: high-level policy for a security-typed language , 2006, PLAS '06.

[16]  Andrew C. Myers,et al.  Complete, safe information flow with decentralized labels , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[17]  Vincent Simonet,et al.  Type Inference with Structural Subtyping: A Faithful Formalization of an Efficient Constraint Solver , 2003, APLAS.

[18]  Michael R. Clarkson,et al.  Polyglot: An Extensible Compiler Framework for Java , 2003, CC.

[19]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[20]  Ryan Stansifer,et al.  Explaining type errors in polymorphic languages , 1993, LOPL.

[21]  Peter J. Stuckey,et al.  Programming with Constraints: An Introduction , 1998 .

[22]  Jakob Rehof,et al.  Tractable Constraints in Finite Semilattices , 1999, Sci. Comput. Program..

[23]  Gregory F. Johnson,et al.  A maximum-flow approach to anomaly isolation in unification-based incremental type inference , 1986, POPL '86.

[24]  Matthias Felleisen,et al.  Catching bugs in the web of program invariants , 1996, PLDI '96.

[25]  Boniface Hicks,et al.  From Languages to Systems: Understanding Practical Application Development in Security-typed Languages , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[26]  Shing Sheung Tse,et al.  Cryptographic programming in jif , 2004 .

[27]  Geoffrey Smith,et al.  Type inference and informative error reporting for secure information flow , 2006, ACM-SE 44.

[28]  Olaf Chitil,et al.  Compositional explanation of types and algorithmic debugging of type errors , 2001, ICFP '01.

[29]  Pierre-Etienne Moreau,et al.  An Integrated Development Environment for Pattern Matching Programming , 2004, Electron. Notes Theor. Comput. Sci..