Sage Journals: Discover world-class research

Abstract

Information Flow Control (IFC) is a form of dependence analysis that tracks and prohibits dependence of public outputs on secret inputs. Such a dependence analysis is often carried out using a type system. IFC type systems can track dependence (via confidentiality labels) at varying levels of granularity. On one extreme, there are fine-grained type systems that track dependence at the level of individual values. They label individual values. On the other extreme, there are coarse-grained type systems that track dependence at the level of entire computations. These type systems do not label individual values but instead label entire sub-computations.

An important foundational question is one of the relative expressiveness of these two classes of IFC type systems. In this paper we show that, despite the glaring differences in how they track dependence, the two classes of type systems are actually equally expressive. We do this by showing translations from FG, a fine-grained IFC type system derived from SLAM (In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL) (1998)), to ${SLIO}^{*}$ , a coarse-grained IFC type system derived from HLIO (In Proceedings of the ACM SIGPLAN International Conference on Functional Programming (ICFP) (2015)), and vice-versa. The translation from ${SLIO}^{*}$ to FG is straightforward since FG tracks dependence at a granularity finer than ${SLIO}^{*}$ does. However, the translation from FG to ${SLIO}^{*}$ is quite involved and relies extensively on label quantification. We further examine the reason for this complexity using a slight variant of ${SLIO}^{*}$ , called CG, to which FG can be translated more easily.

As a separate, more foundational contribution we show how to extend logical relation models of information flow to languages with higher-order state. Specifically, we build world-indexed (Kripke) logical relations for FG, ${SLIO}^{*}$ and CG, which we use to prove these type systems sound and also to prove the translations between them correct.

Keywords

Information flow control type systems typed translation logical relations type system expressiveness

Get full access to this article

View all access options for this article.

References

Abadi,

Banerjee,

Heintze and

J.G.

Riecke, A core calculus of dependency, in: Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 1999.

Ahmed,

Dreyer and

Rossberg, State-dependent representation independence, in: Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2009.

A.J.

Ahmed, Step-indexed syntactic logical relations for recursive and quantified types, in: Proceedings of the European Symposium on Programming Languages and Systems (ESOP), 2006.

Algehed and

Russo, Encoding DCC in Haskell, in: Proceedings of the ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS), 2017.

T.H.

Austin and

Flanagan, Efficient purely-dynamic information flow analysis, in: Proceedings of the ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS), 2009.

T.H.

Austin and

Flanagan, Permissive dynamic information flow analysis, in: Proceedings of the ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS), 2010.

Barthe,

Rezk and

Basu, Security types preserving compilation, Computer Languages, Systems & Structures (CLSS) 33(2) (2007).

Boudol, Secure information flow as a safety property, in: International Workshop on Formal Aspects in Security and Trust (FAST), 2008.

Broberg,

Delft and

Sands, Paragon for practical programming with information-flow control, in: Proceedings of the Asian Symposium on Programming Languages and Systems (APLAS), 2013.

10.

Buiras,

Vytiniotis and

Russo, HLIO: Mixing static and dynamic typing for information-flow control in Haskell, in: Proceedings of the ACM SIGPLAN International Conference on Functional Programming (ICFP), 2015.

11.

Çiçek,

Paraskevopoulou and

Garg, A type theory for incremental computational complexity with control flow changes, in: Proceedings of the ACM SIGPLAN International Conference on Functional Programming (ICFP), 2016.

12.

Efstathopoulos,

Krohn,

VanDeBogart,

Frey,

Ziegler,

Kohler,

Mazières,

Kaashoek and

Morris, Labels and event processes in the asbestos operating system, in: Proceedings of the ACM Symposium on Operating Systems Principles (SOSP), 2005.

13.

Fournet and

Rezk, Cryptographically sound implementations for typed information-flow security, in: Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2008.

14.

J.A.

Goguen and

Meseguer, Security policies and security models, in: Proceedings of the IEEE Symposium on Security and Privacy, 1982.

15.

Heintze and

J.G.

Riecke, The SLam calculus: Programming with secrecy and integrity, in: Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 1998.

16.

Hunt and

Sands, On flow-sensitive security types, in: Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2006.

17.

Krohn,

Yip,

Brodsky,

Cliffer,

M.F.

Kaashoek,

Kohler and

Morris, Information flow control for standard OS abstractions, in: Proceedings of the ACM Symposium on Operating Systems Principles (SOSP), 2007.

18.

Mantel,

Sands and

Sudbrock, Assumptions and guarantees for compositional noninterference, in: Proceedings of the IEEE Computer Security Foundations Symposium (CSF), 2011.

19.

A.A.

Matos and

Boudol, On declassification and the non-disclosure policy, Journal of Computer Security (JCS) 17(5) (2009).

20.

A.C.

Myers and

Liskov, Protecting privacy using the decentralized label model, ACM Transactions on Software Engineering and Methodology (TOSEM) 9(4) (2000). doi:10.1145/363516.363526.

21.

Nanevski,

Morrisett and

Birkedal, Polymorphism and separation in hoare type theory, in: Proceedings of the ACM SIGPLAN International Conference on Functional Programming (ICFP), 2006.

22.

Pottier and

Simonet, Information flow inference for ML, ACM Transactions on Programming Languages and Systems (TOPLAS) 25(1) (2003). doi:10.1145/596980.596983.

23.

Rajani,

Bastys,

Rafnsson and

Garg, Type systems for information flow control: The question of granularity, SIGLOG News 4(1) (2017).

24.

Rajani and

Garg, Types for information flow control: Labeling granularity and semantic models, in: Proc. of the 31st IEEE Computer Security Foundations Symposium (CSF), 2018.

25.

Sabelfeld and

Sands, A PER model of secure information flow in sequential programs, in: Proceedings of the European Symposium on Programming Languages and Systems (ESOP), 1999.

26.

Stefan,

Russo,

J.C.

Mitchell and

Mazières, Flexible dynamic information flow control in Haskell, in: Proceedings of the ACM Symposium on Haskell (Haskell), 2011.

27.

D.M.

Volpano,

C.E.

Irvine and

Smith, A sound type system for secure flow analysis, Journal of Computer Security (JCS) 4(2–3) (1996).

28.

Zeldovich,

Boyd-Wickizer,

Kohler and

Mazières, Making information flow explicit in HiStar, in: Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2006.

On the expressiveness and semantics of information flow types

Abstract

Keywords

Get full access to this article

References