Securing the Foundations of Practical Information Flow Control

Language-based information flow control (IFC) promises to secure computer programs against malicious or incompetent programmers by addressing key shortcomings of modern programming languages. In spite of showing great promise, the field remains under-utilised in practise. This thesis makes contributions to the theoretical foundations of IFC aimed at making the techniques practically applicable. The paper addresses two primary topics, IFC as a library and IFC without false alarms. The contributions range from foundational observations about soundness and completeness, to practical considerations of efficiency and expressiveness.

[1]  Michael Hicks,et al.  LWeb: information flow security for multi-tier web applications , 2019, Proc. ACM Program. Lang..

[2]  Roberto Giacobazzi,et al.  Abstract non-interference: parameterizing non-interference by abstract interpretation , 2004, POPL.

[3]  Alejandro Russo,et al.  MAC, A Verified Static Information-Flow Control Library , 2017 .

[4]  Michael Pradel,et al.  An Empirical Study of Information Flows in Real-World JavaScript , 2019, PLAS@CCS.

[5]  H. Rice Classes of recursively enumerable sets and their decision problems , 1953 .

[6]  Arnar Birgisson,et al.  JSFlow: tracking information flow in JavaScript and its APIs , 2014, SAC.

[7]  Andrew C. Myers,et al.  Nonmalleable Information Flow Control , 2017, CCS.

[8]  PageKicker Robot Phil OWASP Top 10: The Top 10 Most Critical Web Application Security Threats Enhanced with Text Analytics and Content by PageKicker Robot Phil 73 , 2014 .

[9]  Musard Balliu,et al.  We Are Family: Relating Information-Flow Trackers , 2017, ESORICS.

[10]  Deian Stefan,et al.  Flexible dynamic information flow control in Haskell , 2012, Haskell '11.

[11]  Alejandro Russo,et al.  A Library for Secure Multi-threaded Information Flow in Haskell , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[12]  Frank Piessens,et al.  Let's Face It: Faceted Values for Taint Tracking , 2016, ESORICS.

[13]  Thomas H. Austin,et al.  Multiple facets for dynamic information flow , 2012, POPL '12.

[14]  Alejandro Russo,et al.  Optimising Faceted Secure Multi-Execution , 2019, 2019 IEEE 32nd Computer Security Foundations Symposium (CSF).

[15]  Alexander Aiken,et al.  Saturn: A scalable framework for error detection using Boolean satisfiability , 2007, TOPL.

[16]  Nataliia Bielova,et al.  Spot the Difference: Secure Multi-execution and Multiple Facets , 2016, ESORICS.

[17]  Frank Piessens,et al.  Prudent Design Principles for Information Flow Control , 2018, PLAS@CCS.

[18]  David Sands,et al.  Paragon for Practical Programming with Information-Flow Control , 2013, APLAS.

[19]  Alejandro Russo,et al.  Cryptographically Secure Information Flow Control on Key-Value Stores , 2017, CCS.

[20]  Lars Birkedal,et al.  Iris from the ground up: A modular foundation for higher-order concurrent separation logic , 2018, Journal of Functional Programming.

[21]  Trent Jaeger,et al.  Implicit Flows: Can't Live with 'Em, Can't Live without 'Em , 2008, ICISS.

[22]  Alejandro Russo,et al.  A Better Facet of Dynamic Information Flow Control , 2018, WWW.

[23]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[24]  Reiner Hähnle,et al.  A Theorem Proving Approach to Analysis of Secure Information Flow , 2005, SPC.

[25]  Alejandro Russo,et al.  Faceted Secure Multi Execution , 2018, CCS.

[26]  Deepak Garg,et al.  Dependent Type Theory for Verification of Information Flow and Access Control Policies , 2013, TOPL.

[27]  David Sands,et al.  Termination-Insensitive Noninterference Leaks More Than Just a Bit , 2008, ESORICS.

[28]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[29]  David Brumley,et al.  All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.

[30]  Scott Moore,et al.  Precise enforcement of progress-sensitive security , 2012, CCS '12.

[31]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[32]  Thomas H. Austin,et al.  Permissive dynamic information flow analysis , 2010, PLAS '10.

[33]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[34]  Alejandro Russo,et al.  Secure Multi-execution in Haskell , 2011, Ershov Memorial Conference.

[35]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[36]  Benjamin C. Pierce,et al.  Types and programming languages: the next generation , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[37]  Andrei Sabelfeld,et al.  A Perspective on Information-Flow Control , 2012, Software Safety and Security.

[38]  Leonid Ryzhyk,et al.  Secure serverless computing using dynamic information flow control , 2018, Proc. ACM Program. Lang..

[39]  Benjamin Livshits,et al.  Finding application errors and security flaws using PQL: a program query language , 2005, OOPSLA '05.

[40]  G. A. Kavvos Modalities, cohesion, and information flow , 2018, Proc. ACM Program. Lang..