Abstract
Non-interference is a desirable property of systems in a multilevel security architecture, stating that confidential information is not disclosed in public output. The challenge of studying information flow for assembly languages is that the control flow constructs that guide the analysis in high-level languages are not present. To address this problem, we define a typed assembly language that uses pseudo-instructions to impose a stack discipline on the control flow of programs. We develop a type system for checking that assembly programs enjoy non-interference and its proof of soundness.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Aspinall, D., Compagnoni, A.B.: Heap bounded assembly language. Journal of Automated Reasoning, Special Issue on Proof-Carrying Code 31(3-4), 261–302 (2003)
Banerjee, A., Naumann, D.: Secure information flow and pointer confinement in a java-like language. In: Proceedings of Fifteenth IEEE Computer Security Foundations - CSFW, June 2002, pp. 253–267 (2002)
Barthe, G., Basu, A., Rezk, T.: Security types preserving compilation. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 2–15. Springer, Heidelberg (2004)
Bell, D., LaPadula, L.: Secure computer systems: Mathematical foundations and model. Technical Report Technical Report MTR 2547 v2, MITRE (November 1973)
Biba, K.: Integrity considerations for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, MA (April 1977)
Crary, K., Kliger, A., Pfenning, F.: A monadic analysis of information flow security with mutable state. Technical Report CMU-CS-03-164, Carnegie Mellon University (September 2003)
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Communications of the ACM 20(7), 504–513 (1977)
Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–242 (1976)
Feiertag, R.J., Levitt, K.N., Robinson, L.: Proving multilevel security of a system design. In: 6th ACM Symp. Operating System Principles, November 1977, pp. 57–65 (1977)
Goguen, J.A., Meseguer, J.: Security policy and security models. In: Proceedings of the Symposium on Security and Privacy, pp. 11–20. IEEE Press, Los Alamitos (1982)
Hedin, D., Sands, D.: Timing aware information flow security for a javacard-like bytecode. In: Proceedings of BYTECODE, ETAPS 2005 (2005) (to appear)
Leroy, X.: Java bytecode verification: an overview. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 265–285. Springer, Heidelberg (2001)
Medel, R., Compagnoni, A., Bonelli, E.: A typed assembly language for secure information flow analysis (2005), http://www.cs.stevens.edu/~rmedel/hbal/publications/sifTechReport.ps
Morrisett, G., Walker, D., Crary, K., Glew, N.: From System F to Typed Assembly Language. ACM Transactions on Programming Languages and Systems 21(3), 528–569 (1999)
Morrisett, G., Crary, K., Glew, N., Walker, D.: Stack-based typed assembly language. In: Leroy, X., Ohori, A. (eds.) TIC 1998. LNCS, vol. 1473, pp. 28–52. Springer, Heidelberg (1998)
Necula, G.: Compiling with Proofs. PhD thesis, Carnegie Mellon University (September 1998)
Neumman, P.G., Feiertag, R.J., Levitt, K.N., Robinson, L.: Software development and proofs of multi-level security. In: Proceedings of the 2nd International Conference on Software Engineering, pp. 421–428. IEEE Computer Society Press, Los Alamitos (1976)
Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1) (2003)
Smith, F., Walker, D., Morrisett, G.: Alias types. In: Smolka, G. (ed.) ESOP 2000. LNCS, vol. 1782, pp. 366–381. Springer, Heidelberg (2000)
Volpano, D.M., Smith, G.: A type-based approach to program security. In: TAPSOFT, pp. 607–621 (1997)
Xi, H., Harper, R.: A dependently typed assembly language. Technical Report OGI-CSE-99-008, Oregon Graduate Institute of Science and Technology (July 1999)
Zdancewic, S., Myers, A.: Secure information flow via linear continuations. Higher Order and Symbolic Computation 15(2–3) (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Medel, R., Compagnoni, A., Bonelli, E. (2005). A Typed Assembly Language for Non-interference. In: Coppo, M., Lodi, E., Pinna, G.M. (eds) Theoretical Computer Science. ICTCS 2005. Lecture Notes in Computer Science, vol 3701. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11560586_29
Download citation
DOI: https://doi.org/10.1007/11560586_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29106-0
Online ISBN: 978-3-540-32024-1
eBook Packages: Computer ScienceComputer Science (R0)