The SLam calculus: programming with secrecy and integrity

The SLam calculus is a typed ¿-calculus that maintains security information as well as type information. The type system propagates security information for each object in four forms: the object's creators and readers, and the object's indirect creators and readers (i.e., those agents who, through flow-of-control or the actions of other agents, can influence or be influenced by the content of the object). We prove that the type system prevents security violations and give some examples of its power.

[1]  Bernard Robinet,et al.  Combinators and functional programming languages : Thirteenth Spring School of the LITP, Val d'Ajol, France, May 6-10, 1985, proceedings , 1986 .

[2]  John C. Reynolds,et al.  Types, Abstraction and Parametric Polymorphism , 1983, IFIP Congress.

[3]  R AndrewsGregory,et al.  An Axiomatic Approach to Information Flow in Programs , 1980 .

[4]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[5]  David B. MacQueen,et al.  The Definition of Standard ML (Revised) , 1997 .

[6]  Catherine A. Meadows,et al.  Applying Formal Methods to the Analysis of a Key Management Protocol , 1992, J. Comput. Secur..

[7]  Catherine A. Meadows,et al.  A logical language for specifying cryptographic protocol requirements , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  Jens Palsberg,et al.  Trust in the λ-calculus , 1995, Journal of Functional Programming.

[9]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[10]  Daniel Le Métayer,et al.  Compile-Time Detection of Information Flow in Sequential Programs , 1994, ESORICS.

[11]  Daryl McCullough,et al.  Noninterference and the composability of security properties , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[12]  VolpanoDennis,et al.  A sound type system for secure flow analysis , 1996 .

[13]  J. Doug Tygar,et al.  A Model for Secure Protocols and Their Compositions , 1996, IEEE Trans. Software Eng..

[14]  Pierre Jouvelot,et al.  Polymorphic type, region and effect inference , 1992, Journal of Functional Programming.

[15]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[16]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[17]  Robin Milner,et al.  Definition of standard ML , 1990 .

[18]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[19]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[20]  Bernard Robinet,et al.  Combinators and Functional Programming Languages , 1986 .

[21]  John C. Mitchell,et al.  Foundations for programming languages , 1996, Foundation of computing series.

[22]  Geoffrey Smith,et al.  A Type-Based Approach to Program Security , 1997, TAPSOFT.

[23]  Matthias Felleisen,et al.  The theory and practice of first-class prompts , 1988, POPL '88.

[24]  Pierre Bieber,et al.  A logic of communication in hostile environment , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[25]  Gregory R. Andrews,et al.  An Axiomatic Approach to Information Flow in Programs , 1980, TOPL.

[26]  Jens Palsberg,et al.  Trust in the lambda-Calculus , 1997, J. Funct. Program..

[27]  Andrew M. Pitts,et al.  Relational Properties of Domains , 1996, Inf. Comput..

[28]  Geoffrey Smith,et al.  Eliminating covert flows with minimum typings , 1997, Proceedings 10th Computer Security Foundations Workshop.

[29]  Dorothy E. Denning,et al.  Secure information flow in computer systems. , 1975 .

[30]  Martín Abadi,et al.  Secrecy by Typing inSecurity Protocols , 1997, TACS.

[31]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.