Abstract
Programmers of cryptographic applications written in C need to avoid common mistakes such as sending private data over public channels or improperly ordering protocol steps. These secrecy, integrity, and sequencing policies can be cumbersome to check with existing general-purpose tools. We have developed a novel means of specifying and uncovering violations of these policies that allows for a much lighter-weight approach than previous tools. We embed the policy annotations in Cās type system via a source-to-source translation and leverage existing C compilers to check for policy violations, achieving high performance and scalability. We show through case studies of recent cryptographic libraries and applications that our work is able to express detailed policies for large bodies of C code and can find subtle policy violations. We show formal connections between the policy annotations and an information flow type system and prove a noninterference guarantee of our design.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kerberos ASN.1 encoder. https://github.com/krb5/krb5/tree/master/src/lib/krb5/asn.1. Accessed 2018
Aldrich, J., Sunshine, J., Saini, D., Sparks, Z.: Typestate-oriented programming. In: Proceedings of OOPSLA (2009)
Almeida, J.B., et al.: Jasmin: high-assurance and high-speed cryptography. In: Proceedings of CCS (2017)
Ball, T., Rajamani, S.K.: The SLAM project: debugging system software via static analysis. In: Proceedings of POPL (2002)
Barany, G., Signoles, J.: Hybrid information flow analysis for real-world C code. In: Gabmeyer, S., Johnsen, E.B. (eds.) TAP 2017. LNCS, vol. 10375, pp. 23ā40. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61467-0_2
Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 547ā557. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_48
Bendersky, E.: pycparser. https://github.com/eliben/pycparser. Accessed 2017
Bengtson, J., Bhargavan, K., Fournet, C., Gordon, A.D., Maffeis, S.: Refinement types for secure implementations. ACM Trans. Program. Lang. Syst. (TOPLAS) 33(2), 8 (2011)
Beringer, L.: End-to-end multilevel hybrid information flow control. In: Jhala, R., Igarashi, A. (eds.) APLAS 2012. LNCS, vol. 7705, pp. 50ā65. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35182-2_5
Beyer, D., Henzinger, T.A., Jhala, R., Majumdar, R.: The software model checker blast. Int. J. Softw. Tools Technol. Transfer 9, 505ā525 (2007)
Beyer, D., Keremoglu, M.E.: CPAchecker: a tool for configurable software verification. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 184ā190. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_16
Bhargavan, K., Fournet, C., Corin, R., Zalinescu, E.: Cryptographically verified implementations for TLS. In: Proceedings of CCS (2008)
Bhargavan, K., Fournet, C., Gordon, A.D.: Modular verification of security protocol code by typing. In: Proceedings of POPL (2010)
Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of CSFW (2001)
Bond, B., et al.: Vale: verifying high-performance cryptographic assembly code. In: Proceedings of USENIX (2017)
Brady, E.: Idris, a general-purpose dependently typed programming language: design and implementation. J. Functional Program. 23, 552ā593 (2013)
Broadwell, P., Harren, M., Sastry, N.: Scrash: a system for generating secure crash information. In: Proceedings of SSYM (2003)
Broberg, N., van Delft, B., Sands, D.: Paragon for practical programming with information-flow control. In: Shan, C. (ed.) APLAS 2013. LNCS, vol. 8301, pp. 217ā232. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03542-0_16
Broberg, N., Sands, D.: Paralocks: role-based information flow control and beyond. In: Proceedings of POPL (2010)
Cadar, C., Dunbar, D., Engler, D.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceedings of OSDI (2008)
Cassel, D., Huang, Y., Jia, L.: FlowNotation technical report. https://arxiv.org/abs/1907.01727 (2019)
Chin, B., Markstrum, S., Millstein, T.: Semantic type qualifiers. In: Proceedings of PLDI (2005)
Chong, S., Myers, A.C.: End-to-end enforcement of erasure and declassification. In: Proceedings of CSF (2008)
Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168ā176. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24730-2_15
Cortier, V., Warinschi, B.: Computationally sound, automated proofs for security protocols. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 157ā171. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31987-0_12
Costanzo, D., Shao, Z., Gu, R.: End-to-end verification of information-flow security for C and assembly programs. In: Proceedings of PLDI (2016)
Cousot, P., et al.: The ASTREĆ analyzer. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 21ā30. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31987-0_3
Cremers, C.J.F.: The scyther tool: verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414ā418. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70545-1_38
Cuoq, P., Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) SEFM 2012. LNCS, vol. 7504, pp. 233ā247. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33826-7_16
DamgƄrd, I., Zakarias, R.: MiniAES repository. https://github.com/AarhusCrypto/MiniAES. Accessed 2017
DamgĆ„rd, I., Zakarias, R.: Fast oblivious AES a dedicated application of the MiniMac protocol. In: Pointcheval, D., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2016. LNCS, vol. 9646, pp. 245ā264. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31517-1_13
DeLine, R., FƤhndrich, M.: Enforcing high-level protocols in low-level software. In: Proceedings of PLDI (2001)
Doerner, J.: Absentminded crypto kit repository. https://bitbucket.org/jackdoerner/absentminded-crypto-kit/. Accessed 2017
Doerner, J., Shelat, A.: Scaling ORAM for secure computation. In: Proceedings of CCS (2017)
Evans, D.: Static detection of dynamic memory errors. In: Proceedings of PLDI (1996)
Foster, J.S., FƤhndrich, M., Aiken, A.: A theory of type qualifiers. In: Proceedings of PLDI (1999)
Foster, J.S., Aiken, A.S.: Type qualifiers: lightweight specifications to improve software quality. Ph.D. thesis, University of California, Berkeley (2002)
Gurfinkel, A., Kahsai, T., Komuravelli, A., Navas, J.A.: The SeaHorn verification framework. In: Kroening, D., PÄsÄreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 343ā361. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_20
Kozyri, E., Arden, O., Myers, A.C., Schneider, F.B.: JRIF: Reactive Information Flow Control for Java (2016). http://hdl.handle.net/1813/41194
Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Clarke, E.M., Voronkov, A. (eds.) LPAR 2010. LNCS (LNAI), vol. 6355, pp. 348ā370. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17511-4_20
Lewis, J.R., Martin, B.: Cryptol: high assurance, retargetable crypto development and validation. In: Proceedings of MILCOM (2003)
Machiry, A., Spensky, C., Corina, J., Stephens, N., Kruegel, C., Vigna, G.: DR. CHECKER: a soundy analysis for Linux kernel drivers. In: Proceedings of USENIX (2017)
McGee, M.: Pantaloons/RSA repository. https://github.com/pantaloons/RSA/. Accessed 2017
Myers, A.C.: JFlow: practical mostly-static information flow control. In: Proceedings of POPL (1999)
Pottier, F., Simonet, V.: Information flow inference for ML. In: Proceedings of POPL (2002)
Saarinen, M.J.O.: Tiny SHA3. https://github.com/mjosaarinen/tiny_sha3. Accessed 2017
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21, 5ā19 (2003)
Strom, R.E., Yemini, S.: Typestate: a programming language concept for enhancing software reliability. IEEE Trans. Softw. Eng. SE-12, 157ā171 (1986)
Swamy, N., Chen, J., Fournet, C., Strub, P., Bhargavan, K., Yang, J.: Secure distributed programming with value-dependent types. In: Proceedings of ICFP (2011)
Vachharajani, N., et al.: RIFLE: an architectural framework for user-centric information-flow security. In: Proceedings of MICRO (2004)
Volpano, D., Smith, G.: A type-based approach to program security. In: Bidoit, M., Dauchet, M. (eds.) CAAP 1997. LNCS, vol. 1214, pp. 607ā621. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0030629
Yao, A.C.C.: How to generate and exchange secrets. In: Proceedings of SFCS (1986)
Yutaka, N.: Gnuk. https://www.fsij.org/category/gnuk.html. Accessed 2018
Zahur, S., David, E.: Obliv-C: a language for extensible data-oblivious computation (2015)
Zahur, S.: Obliv-C repository. https://github.com/samee/obliv-c/. Accessed 2017
Zahur, S., Cassel, D.: SCDtoObliv repository. https://github.com/samee/obliv-c/tree/obliv-c/SCDtoObliv. Accessed 2017
Zhang, X., Edwards, A., Jaeger, T.: Using CQUAL for static analysis of authorization hook placement. In: Proceedings of USENIX (2002)
Zhu, R., Huang, Y., Cassel, D.: Pool framework repository. https://github.com/jimu-pool/PoolFramework/. Accessed 2017
Zhu, R., Huang, Y., Cassel, D.: Pool: Scalable on-demand secure computation service against malicious adversaries. In: Proceedings of CCS (2017)
Acknowledgement
This work is supported in part by the National Science Foundation via grants CNS1704542 and CNS1464113, and by the National Institutes of Health via award 1U01EB023685-01.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Cassel, D., Huang, Y., Jia, L. (2019). Uncovering Information Flow Policy Violations in C Programs (Extended Abstract). In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security ā ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11736. Springer, Cham. https://doi.org/10.1007/978-3-030-29962-0_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-29962-0_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29961-3
Online ISBN: 978-3-030-29962-0
eBook Packages: Computer ScienceComputer Science (R0)