Abstract
We study secure information flow in a stack based Typed Assembly Language (TAL). We define a TAL with an execution stack and establish the soundness of its type system by proving non-interference. One of the problems of studying information flow for a low-level language is the absence of high-level control flow constructs that guide information flow analysis in high-level languages. Furthermore, in the presence of an execution stack, code that frees space on the stack must be constrained in order to avoid illegal flows. Finally, in the presence of stack polymorphism, we must ensure that type variables are instantiated without observable differences. These issues are addressed by introducing junction points into the type system, ensuring that they behave as ordered linear continuations, and that they interact safely with the execution stack. We also discuss several limitations of our approach and point out some remaining open issues.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Aspinall, D., Compagnoni, A.B.: Heap bounded assembly language. Journal of Automated Reasoning, Special Issue on Proof-Carrying Code 31(3-4), 261–302 (2003)
Banerjee, A., Naumann, D.: Secure information flow and pointer confinement in a Java-like language. In: Proceedings of Fifteenth IEEE Computer Security Foundations - CSFW, June 2002, pp. 253–267 (2002)
Barthe, G., Basu, A., Rezk, T.: Security types preserving compilation. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 2–15. Springer, Heidelberg (2004)
Bell, D., LaPadula, L.: Secure computer systems: Mathematical foundations and model. Technical Report MTR 2547 v2, MITRE (November 1973)
Biba, K.: Integrity considerations for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, MA (April 1977)
Bonelli, E., Compagnoni, A., Medel, R.: Information flow analysis for a typed assembly language with polymorphic stacks (2005), http://www.cs.stevens.edu/~rmedel/siftalTechReport.ps
Bonelli, E., Compagnoni, A., Medel, R.: SIFTAL: A typed assembly language for secure information flow analysis (2005), http://www.cs.stevens.edu/~rmedel/techReport.ps
Chothia, T., Duggan, D., Vitek, J.: Type-based distributed access control. In: Proc. of IEEE Computer Security Foundations Workshop, Asilomar, California (2003)
Crary, K., Kliger, A., Pfenning, F.: A monadic analysis of information flow security with mutable state. Technical Report CMU-CS-03-164, Carnegie Mellon University (September 2003)
Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–242 (1976)
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Communications of the ACM 20(7), 504–513 (1977)
Feiertag, R.J., Levitt, K.N., Robinson, L.: Proving multilevel security of a system design. In: 6th ACM Symp. Operating System Principles, November 1977, pp. 57–65 (1977)
Goguen, J.A., Meseguer, J.: Security policy and security models. In: Proceedings of the Symposium on Security and Privacy, pp. 11–20. IEEE Press, Los Alamitos (1982)
Hedin, D., Sands, D.: Timing aware information flow security for a JavaCard-like bytecode. In: Proceedings of the First Workshop on Bytecode Semantics, Verification, Analysis and Transformation (Bytecode 2005), December 2005. Electronic Notes in Theoretical Computer Science, vol. 141(1), pp. 163–182 (2005)
Medel, R., Compagnoni, A., Bonelli, E.: A typed assembly language for non-interference. In: Coppo, M., Lodi, E., Pinna, G.M. (eds.) ICTCS 2005. LNCS, vol. 3701, pp. 360–374. Springer, Heidelberg (2005)
Morrisett, G., Crary, K., Glew, N., Walker, D.: Stack-based typed assembly language. In: Leroy, X., Ohori, A. (eds.) TIC 1998. LNCS, vol. 1473, pp. 28–52. Springer, Heidelberg (1998)
Morrisett, G., Walker, D., Crary, K., Glew, N.: From System F to Typed Assembly Language. ACM Transactions on Programming Languages and Systems 21(3), 528–569 (1999); This is the expanded version of a paper that appeared in Twenty-Fifth ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Diego, CA, USA, pp. 85–97 (January 1998)
Myers, A., Sabelfeld, A.: A model for delimited information release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004)
Myers, A., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification. In: 7th IEEE Computer Security Foundations Workshop (2004)
Necula, G.: Compiling with Proofs. PhD thesis, Carnegie Mellon University (September 1998)
Neumman, P.G., Feiertag, R.J., Levitt, K.N., Robinson, L.: Software development and proofs of multi-level security. In: Proceedings of the 2nd International Conference on Software Engineering, pp. 421–428. IEEE Computer Society, Los Alamitos (1976)
Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1) (2003)
Smith, F., Walker, D., Morrisett, G.: Alias types. In: Smolka, G. (ed.) ESOP 2000. LNCS, vol. 1782, pp. 366–381. Springer, Heidelberg (2000)
Volpano, D.M., Smith, G.: A type-based approach to program security. In: Bidoit, M., Dauchet, M. (eds.) TAPSOFT 1997. LNCS, vol. 1214, pp. 607–621. Springer, Heidelberg (1997)
Xi, H., Harper, R.: A dependently typed assembly language. Technical Report OGI-CSE-99-008, Oregon Graduate Institute of Science and Technology (July 1999)
Yu, D., Islam, N.: A typed assembly language for confidentiality. Personal Communication (July 2005)
Zdancewic, S., Myers, A.: Robust declassification. In: Proc. of 14th IEEE Computer Security Foundations Workshop, Cape Breton, Canada, June 2001, pp. 15–23 (2001)
Zdancewic, S., Myers, A.: Secure information flow via linear continuations. Higher Order and Symbolic Computation 15(2–3) (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bonelli, E., Compagnoni, A., Medel, R. (2006). Information Flow Analysis for a Typed Assembly Language with Polymorphic Stacks. In: Barthe, G., Grégoire, B., Huisman, M., Lanet, JL. (eds) Construction and Analysis of Safe, Secure, and Interoperable Smart Devices. CASSIS 2005. Lecture Notes in Computer Science, vol 3956. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11741060_3
Download citation
DOI: https://doi.org/10.1007/11741060_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33689-1
Online ISBN: 978-3-540-33691-4
eBook Packages: Computer ScienceComputer Science (R0)