Efficient incremental information flow control with nested control regions

Mobile application platforms like cell phones are ubiquitous today. Even on limited devices, users expect well-performing applications that also respect the privacy of the user's stored data, such as messages, addresses and calendar items. Existing techniques, however, do not provide an adequate solution: Dynamic algorithms incur a significant space and time overhead. Static approaches help a developer in creating secure programs, but previous work requires a whole-program verification. This paper proposes a novel intermediate representation that is designed to be easily analyzed and verified by clients as well as support incremental verification. The IR can be verified with a single-pass, linear time algorithm. The resulting reduction of memory requirements is particularly important for limited mobile devices. Metadata, including security properties, can be reliably transmitted through annotatable type systems, as demonstrated by the adoption of a practical security-enhanced programming language as an input for our intermediate representation. A simplified imperative language with incremental loading is formally proved safe as a foundation for the practical implementation.

[1]  Michael Franz,et al.  Slim VM: optimistic partial program loading for connected embedded Java virtual machines , 2008, PPPJ '08.

[2]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[3]  Geoffrey Smith,et al.  Lenient array operations for practical secure information flow , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[4]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[5]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[6]  Gilles Barthe,et al.  A Certified Lightweight Non-interference Java Bytecode Verifier , 2007, ESOP.

[7]  Sorin Lerner,et al.  Staged information flow for javascript , 2009, PLDI '09.

[8]  Thomas H. Austin,et al.  Efficient purely-dynamic information flow analysis , 2009, PLAS '09.

[9]  Jeffery von Ronne,et al.  SafeTSA: a type safe and referentially secure mobile-code representation based on static single assignment form , 2001, PLDI '01.

[10]  Michael R. Clarkson,et al.  Polyglot: An Extensible Compiler Framework for Java , 2003, CC.

[11]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[12]  Mahmut T. Kandemir,et al.  Verifiable annotations for embedded java environments , 2005, CASES '05.

[13]  Vivek Haldar Verifying data flow optimizations for just-in-time compilation , 2002 .

[14]  Michael Hicks,et al.  Fable: A Language for Enforcing User-defined Security Policies , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[15]  Andrew C. Myers,et al.  Secure Information Flow and CPS , 2001, ESOP.

[16]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[17]  Thomas M. Conte,et al.  Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems , 2003 .

[18]  Xin Qi,et al.  Fabric: a platform for secure distributed computation and storage , 2009, SOSP '09.

[19]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[20]  Anindya Banerjee,et al.  Secure information flow and pointer con .nement in a java-like language , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[21]  Wolfram Amme,et al.  Data Flow Analysis as a General Concept for the Transport of Verifiable Program Annotations , 2007, Electron. Notes Theor. Comput. Sci..

[22]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[23]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[24]  Xin Zheng,et al.  Secure web applications via automatic partitioning , 2007, SOSP.