Information Flow Analysis for a Typed Assembly Language with Polymorphic Stacks

We study secure information flow in a stack based Typed Assembly Language (TAL). We define a TAL with an execution stack and establish the soundness of its type system by proving non-interference. One of the problems of studying information flow for a low-level language is the absence of high-level control flow constructs that guide information flow analysis in high-level languages. Furthermore, in the presence of an execution stack, code that frees space on the stack must be constrained in order to avoid illegal flows. Finally, in the presence of stack polymorphism, we must ensure that type variables are instantiated without observable differences. These issues are addressed by introducing junction points into the type system, ensuring that they behave as ordered linear continuations, and that they interact safely with the execution stack. We also discuss several limitations of our approach and point out some remaining open issues.

[1]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[2]  Robert Harper,et al.  A dependently typed assembly language , 2001, ICFP '01.

[3]  George C. Necula,et al.  Compiling with proofs , 1998 .

[4]  David Sands,et al.  Timing Aware Information Flow Security for a JavaCard-like Bytecode , 2005, Electron. Notes Theor. Comput. Sci..

[5]  Ricardo Medel,et al.  A typed assembly language for secure information flow analysis , 2004 .

[6]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[7]  Frank Pfenning,et al.  A monadic analysis of information flow security with mutable state , 2005, J. Funct. Program..

[8]  David Aspinall,et al.  Heap-Bounded Assembly Language , 2004, Journal of Automated Reasoning.

[9]  Lawrence Robinson,et al.  Proving multilevel security of a system design , 1977, SOSP '77.

[10]  Jan Vitek,et al.  Type-based distributed access control , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[11]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[12]  Ricardo Medel,et al.  Non-Interference for a Typed Assembly Language , 2005 .

[13]  David Walker,et al.  Stack-based typed assembly language , 1998, Journal of Functional Programming.

[14]  Andrew C. Myers,et al.  Robust declassification , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[15]  Andrew C. Myers,et al.  Secure Information Flow via Linear Continuations , 2002, High. Order Symb. Comput..

[16]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[17]  Lawrence Robinson,et al.  Software development and proofs of multi-level security , 1976, ICSE '76.

[18]  David Walker,et al.  Alias Types , 2000, ESOP.

[19]  Eduardo Bonelli,et al.  A Typed Assembly Language for Non-interference , 2005, ICTCS.

[20]  Anindya Banerjee,et al.  Secure information flow and pointer con .nement in a java-like language , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[21]  Andrew C. Myers,et al.  Enforcing robust declassification , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[22]  Andrew C. Myers,et al.  Secure Information Flow and CPS , 2001, ESOP.

[23]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[24]  Geoffrey Smith,et al.  A Type-Based Approach to Program Security , 1997, TAPSOFT.

[25]  Gilles Barthe,et al.  Security types preserving compilation , 2004, Comput. Lang. Syst. Struct..

[26]  Andrew C. Myers,et al.  A Model for Delimited Information Release , 2003, ISSS.

[27]  Dachuan Yu,et al.  A Typed Assembly Language for Confidentiality , 2006, ESOP.

[28]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.