Information flow inference for ML

This paper presents a type-based information flow analysis for a call-by-value λ-calculus equipped with references, exceptions and let-polymorphism, which we refer to as ML. The type system is constraint-based and has decidable type inference. Its noninterference proof is reasonably light-weight, thanks to the use of a number of orthogonal techniques. First, a syntactic segregation between values and expressions allows a lighter formulation of the type system. Second, noninterference is reduced to subject reduction for a nonstandard language extension. Lastly, a semi-syntactic approach to type soundness allows dealing with constraint-based polymorphism separately.

[1]  Manuel Fähndrich,et al.  Bane: a library for scalable constraint-based program analysis , 1999 .

[2]  Andrew C. Myers,et al.  Secure Information Flow via Linear Continuations , 2002, High. Order Symb. Comput..

[3]  Alan Mycroft,et al.  Polymorphic Type Schemes and Recursive Definitions , 1984, Symposium on Programming.

[4]  Geoffrey Smith,et al.  Eliminating covert flows with minimum typings , 1997, Proceedings 10th Computer Security Foundations Workshop.

[5]  Andrew C. Myers,et al.  Mostly-static decentralized information flow control , 1999 .

[6]  Philip Wadler,et al.  Comprehending monads , 1990, Mathematical Structures in Computer Science.

[7]  Andrew C. Myers,et al.  Secure Information Flow and CPS , 2001, ESOP.

[8]  François Pottier A Semi-Syntactic Soundness Proof for HM(X) , 2001 .

[9]  Amr Sabry,et al.  The essence of compiling with continuations , 1993, PLDI '93.

[10]  Xavier Leroy The objective caml system release 3 , 2001 .

[11]  Martin Sulzmann,et al.  Hindley/Milner style type systems in constraint form , 1999 .

[12]  Anindya Banerjee,et al.  Secure information flow and pointer con .nement in a java-like language , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[13]  Sylvain Conchon,et al.  Information flow inference for free , 2000, ICFP '00.

[14]  François Pottier A simple view of type-secure information flow in the /spl pi/-calculus , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[15]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[16]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[17]  Philip Wadler,et al.  Comprehending monads , 1990, LISP and Functional Programming.

[18]  Tim Teitelbaum,et al.  Incremental reduction in the lambda calculus , 1990, LISP and Functional Programming.

[19]  Robin Milner,et al.  Definition of standard ML , 1990 .

[20]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[21]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[22]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[23]  Damien Doligez,et al.  The Objective Caml system release 2.04 , 2002 .

[24]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[25]  Geoffrey Smith,et al.  A Type-Based Approach to Program Security , 1997, TAPSOFT.

[26]  Andrew K. Wright Simple imperative polymorphism , 1995, LISP Symb. Comput..

[27]  Vincent Simonet Fine-grained information flow analysis for a /spl lambda/-calculus with sum types , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[28]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[29]  Analysis and caching of dependencies , 1996, ICFP '96.

[30]  François Pottier,et al.  Information flow inference for ML , 2002, POPL '02.

[31]  Didier Rémy,et al.  Type inference for records in natural extension of ML , 1994 .

[32]  Matthias Felleisen,et al.  A Syntactic Approach to Type Soundness , 1994, Inf. Comput..

[33]  Jakob Rehof Minimal typings in atomic subtyping , 1997, POPL '97.

[34]  Martin Odersky,et al.  Type Inference with Constrained Types , 1999, Theory Pract. Object Syst..