Short Paper: On High-Assurance Information-Flow-Secure Programming Languages

We argue that high-assurance systems require high-assurance information-flow-secure programming languages. As a step towards such languages, we present the, to our knowledge, first concurrent theory of information flow security that supports (1) compositional reasoning under dynamic assumptions, and (2) value-dependent classification, to handle the dynamism inherent in modern high-assurance systems. We sketch out our vision and a roadmap for building self-certifying information-flow-secure programming languages.

[1]  David Sands,et al.  Paragon for Practical Programming with Information-Flow Control , 2013, APLAS.

[2]  Arnar Birgisson,et al.  JSFlow: tracking information flow in JavaScript and its APIs , 2014, SAC.

[3]  Sidney Amani,et al.  File systems deserve verification too! , 2013, PLOS '13.

[4]  Luís Caires,et al.  Dependent Information Flow Types , 2015, POPL.

[5]  Gerwin Klein,et al.  seL4 Enforces Integrity , 2011, ITP.

[6]  Andrew C. Myers,et al.  Dynamic security labels and static information flow control , 2007, International Journal of Information Security.

[7]  David von Oheimb Information Flow Control Revisited: Noninfluence = Noninterference + Nonleakage , 2004, ESORICS.

[8]  David Sands,et al.  Assumptions and Guarantees for Compositional Noninterference , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[9]  Gerwin Klein,et al.  Noninterference for Operating System Kernels , 2012, CPP.

[10]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[11]  David Sands,et al.  Probabilistic noninterference for multi-threaded programs , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[12]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[13]  Heiko Mantel,et al.  A Formalization of Assumptions and Guarantees for Compositional Noninterference , 2014, Arch. Formal Proofs.

[14]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[15]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[16]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[17]  Cliff B. Jones,et al.  Developing methods for computer programs including a notion of interference , 1981 .

[18]  Henning Sudbrock,et al.  Compositional and Scheduler-Independent information flow security , 2013 .

[19]  Xinyu Feng,et al.  Rely-Guarantee-Based Simulation for Compositional Verification of Concurrent Program Transformations , 2014, ACM Trans. Program. Lang. Syst..

[20]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[21]  Xin Zheng,et al.  Secure web applications via automatic partitioning , 2007, SOSP.

[22]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[23]  Jeremy L. Jacob,et al.  Security specifications , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[24]  Gernot Heiser,et al.  Comprehensive formal verification of an OS microkernel , 2014, TOCS.

[25]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[26]  Timothy Bourke,et al.  seL4: From General Purpose to a Proof of Information Flow Enforcement , 2013, 2013 IEEE Symposium on Security and Privacy.