Skip to main content
SpringerLink
Log in

Uncovering Information Flow Policy Violations in C Programs (Extended Abstract)

  • Conference paper
  • First Online:
Computer Security ā€“ ESORICS 2019 (ESORICS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11736))

Included in the following conference series:

Abstract

Programmers of cryptographic applications written in C need to avoid common mistakes such as sending private data over public channels or improperly ordering protocol steps. These secrecy, integrity, and sequencing policies can be cumbersome to check with existing general-purpose tools. We have developed a novel means of specifying and uncovering violations of these policies that allows for a much lighter-weight approach than previous tools. We embed the policy annotations in Cā€™s type system via a source-to-source translation and leverage existing C compilers to check for policy violations, achieving high performance and scalability. We show through case studies of recent cryptographic libraries and applications that our work is able to express detailed policies for large bodies of C code and can find subtle policy violations. We show formal connections between the policy annotations and an information flow type system and prove a noninterference guarantee of our design.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Kerberos ASN.1 encoder. https://github.com/krb5/krb5/tree/master/src/lib/krb5/asn.1. Accessed 2018

  2. Aldrich, J., Sunshine, J., Saini, D., Sparks, Z.: Typestate-oriented programming. In: Proceedings of OOPSLA (2009)

    Google ScholarĀ 

  3. Almeida, J.B., et al.: Jasmin: high-assurance and high-speed cryptography. In: Proceedings of CCS (2017)

    Google ScholarĀ 

  4. Ball, T., Rajamani, S.K.: The SLAM project: debugging system software via static analysis. In: Proceedings of POPL (2002)

    ArticleĀ  Google ScholarĀ 

  5. Barany, G., Signoles, J.: Hybrid information flow analysis for real-world C code. In: Gabmeyer, S., Johnsen, E.B. (eds.) TAP 2017. LNCS, vol. 10375, pp. 23ā€“40. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61467-0_2

    ChapterĀ  Google ScholarĀ 

  6. Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 547ā€“557. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_48

    ChapterĀ  Google ScholarĀ 

  7. Bendersky, E.: pycparser. https://github.com/eliben/pycparser. Accessed 2017

  8. Bengtson, J., Bhargavan, K., Fournet, C., Gordon, A.D., Maffeis, S.: Refinement types for secure implementations. ACM Trans. Program. Lang. Syst. (TOPLAS) 33(2), 8 (2011)

    ArticleĀ  Google ScholarĀ 

  9. Beringer, L.: End-to-end multilevel hybrid information flow control. In: Jhala, R., Igarashi, A. (eds.) APLAS 2012. LNCS, vol. 7705, pp. 50ā€“65. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35182-2_5

    ChapterĀ  Google ScholarĀ 

  10. Beyer, D., Henzinger, T.A., Jhala, R., Majumdar, R.: The software model checker blast. Int. J. Softw. Tools Technol. Transfer 9, 505ā€“525 (2007)

    ArticleĀ  Google ScholarĀ 

  11. Beyer, D., Keremoglu, M.E.: CPAchecker: a tool for configurable software verification. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 184ā€“190. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_16

    ChapterĀ  Google ScholarĀ 

  12. Bhargavan, K., Fournet, C., Corin, R., Zalinescu, E.: Cryptographically verified implementations for TLS. In: Proceedings of CCS (2008)

    Google ScholarĀ 

  13. Bhargavan, K., Fournet, C., Gordon, A.D.: Modular verification of security protocol code by typing. In: Proceedings of POPL (2010)

    ArticleĀ  Google ScholarĀ 

  14. Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of CSFW (2001)

    Google ScholarĀ 

  15. Bond, B., et al.: Vale: verifying high-performance cryptographic assembly code. In: Proceedings of USENIX (2017)

    Google ScholarĀ 

  16. Brady, E.: Idris, a general-purpose dependently typed programming language: design and implementation. J. Functional Program. 23, 552ā€“593 (2013)

    ArticleĀ  MathSciNetĀ  Google ScholarĀ 

  17. Broadwell, P., Harren, M., Sastry, N.: Scrash: a system for generating secure crash information. In: Proceedings of SSYM (2003)

    Google ScholarĀ 

  18. Broberg, N., van Delft, B., Sands, D.: Paragon for practical programming with information-flow control. In: Shan, C. (ed.) APLAS 2013. LNCS, vol. 8301, pp. 217ā€“232. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03542-0_16

    ChapterĀ  MATHĀ  Google ScholarĀ 

  19. Broberg, N., Sands, D.: Paralocks: role-based information flow control and beyond. In: Proceedings of POPL (2010)

    ArticleĀ  Google ScholarĀ 

  20. Cadar, C., Dunbar, D., Engler, D.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceedings of OSDI (2008)

    Google ScholarĀ 

  21. Cassel, D., Huang, Y., Jia, L.: FlowNotation technical report. https://arxiv.org/abs/1907.01727 (2019)

  22. Chin, B., Markstrum, S., Millstein, T.: Semantic type qualifiers. In: Proceedings of PLDI (2005)

    Google ScholarĀ 

  23. Chong, S., Myers, A.C.: End-to-end enforcement of erasure and declassification. In: Proceedings of CSF (2008)

    Google ScholarĀ 

  24. Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168ā€“176. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24730-2_15

    ChapterĀ  MATHĀ  Google ScholarĀ 

  25. Cortier, V., Warinschi, B.: Computationally sound, automated proofs for security protocols. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 157ā€“171. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31987-0_12

    ChapterĀ  Google ScholarĀ 

  26. Costanzo, D., Shao, Z., Gu, R.: End-to-end verification of information-flow security for C and assembly programs. In: Proceedings of PLDI (2016)

    Google ScholarĀ 

  27. Cousot, P., et al.: The ASTREƉ analyzer. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 21ā€“30. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31987-0_3

    ChapterĀ  Google ScholarĀ 

  28. Cremers, C.J.F.: The scyther tool: verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414ā€“418. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70545-1_38

    ChapterĀ  Google ScholarĀ 

  29. Cuoq, P., Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) SEFM 2012. LNCS, vol. 7504, pp. 233ā€“247. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33826-7_16

    ChapterĀ  Google ScholarĀ 

  30. DamgƄrd, I., Zakarias, R.: MiniAES repository. https://github.com/AarhusCrypto/MiniAES. Accessed 2017

  31. DamgĆ„rd, I., Zakarias, R.: Fast oblivious AES a dedicated application of the MiniMac protocol. In: Pointcheval, D., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2016. LNCS, vol. 9646, pp. 245ā€“264. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31517-1_13

    ChapterĀ  Google ScholarĀ 

  32. DeLine, R., FƤhndrich, M.: Enforcing high-level protocols in low-level software. In: Proceedings of PLDI (2001)

    Google ScholarĀ 

  33. Doerner, J.: Absentminded crypto kit repository. https://bitbucket.org/jackdoerner/absentminded-crypto-kit/. Accessed 2017

  34. Doerner, J., Shelat, A.: Scaling ORAM for secure computation. In: Proceedings of CCS (2017)

    Google ScholarĀ 

  35. Evans, D.: Static detection of dynamic memory errors. In: Proceedings of PLDI (1996)

    Google ScholarĀ 

  36. Foster, J.S., FƤhndrich, M., Aiken, A.: A theory of type qualifiers. In: Proceedings of PLDI (1999)

    Google ScholarĀ 

  37. Foster, J.S., Aiken, A.S.: Type qualifiers: lightweight specifications to improve software quality. Ph.D. thesis, University of California, Berkeley (2002)

    Google ScholarĀ 

  38. Gurfinkel, A., Kahsai, T., Komuravelli, A., Navas, J.A.: The SeaHorn verification framework. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 343ā€“361. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_20

    ChapterĀ  Google ScholarĀ 

  39. Kozyri, E., Arden, O., Myers, A.C., Schneider, F.B.: JRIF: Reactive Information Flow Control for Java (2016). http://hdl.handle.net/1813/41194

  40. Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Clarke, E.M., Voronkov, A. (eds.) LPAR 2010. LNCS (LNAI), vol. 6355, pp. 348ā€“370. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17511-4_20

    ChapterĀ  MATHĀ  Google ScholarĀ 

  41. Lewis, J.R., Martin, B.: Cryptol: high assurance, retargetable crypto development and validation. In: Proceedings of MILCOM (2003)

    Google ScholarĀ 

  42. Machiry, A., Spensky, C., Corina, J., Stephens, N., Kruegel, C., Vigna, G.: DR. CHECKER: a soundy analysis for Linux kernel drivers. In: Proceedings of USENIX (2017)

    Google ScholarĀ 

  43. McGee, M.: Pantaloons/RSA repository. https://github.com/pantaloons/RSA/. Accessed 2017

  44. Myers, A.C.: JFlow: practical mostly-static information flow control. In: Proceedings of POPL (1999)

    Google ScholarĀ 

  45. Pottier, F., Simonet, V.: Information flow inference for ML. In: Proceedings of POPL (2002)

    Google ScholarĀ 

  46. Saarinen, M.J.O.: Tiny SHA3. https://github.com/mjosaarinen/tiny_sha3. Accessed 2017

  47. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21, 5ā€“19 (2003)

    ArticleĀ  Google ScholarĀ 

  48. Strom, R.E., Yemini, S.: Typestate: a programming language concept for enhancing software reliability. IEEE Trans. Softw. Eng. SE-12, 157ā€“171 (1986)

    ArticleĀ  Google ScholarĀ 

  49. Swamy, N., Chen, J., Fournet, C., Strub, P., Bhargavan, K., Yang, J.: Secure distributed programming with value-dependent types. In: Proceedings of ICFP (2011)

    Google ScholarĀ 

  50. Vachharajani, N., et al.: RIFLE: an architectural framework for user-centric information-flow security. In: Proceedings of MICRO (2004)

    Google ScholarĀ 

  51. Volpano, D., Smith, G.: A type-based approach to program security. In: Bidoit, M., Dauchet, M. (eds.) CAAP 1997. LNCS, vol. 1214, pp. 607ā€“621. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0030629

    ChapterĀ  Google ScholarĀ 

  52. Yao, A.C.C.: How to generate and exchange secrets. In: Proceedings of SFCS (1986)

    Google ScholarĀ 

  53. Yutaka, N.: Gnuk. https://www.fsij.org/category/gnuk.html. Accessed 2018

  54. Zahur, S., David, E.: Obliv-C: a language for extensible data-oblivious computation (2015)

    Google ScholarĀ 

  55. Zahur, S.: Obliv-C repository. https://github.com/samee/obliv-c/. Accessed 2017

  56. Zahur, S., Cassel, D.: SCDtoObliv repository. https://github.com/samee/obliv-c/tree/obliv-c/SCDtoObliv. Accessed 2017

  57. Zhang, X., Edwards, A., Jaeger, T.: Using CQUAL for static analysis of authorization hook placement. In: Proceedings of USENIX (2002)

    Google ScholarĀ 

  58. Zhu, R., Huang, Y., Cassel, D.: Pool framework repository. https://github.com/jimu-pool/PoolFramework/. Accessed 2017

  59. Zhu, R., Huang, Y., Cassel, D.: Pool: Scalable on-demand secure computation service against malicious adversaries. In: Proceedings of CCS (2017)

    Google ScholarĀ 

Download references

Acknowledgement

This work is supported in part by the National Science Foundation via grants CNS1704542 and CNS1464113, and by the National Institutes of Health via award 1U01EB023685-01.

Author information

Authors and Affiliations

  1. Carnegie Mellon University, Pittsburgh, PA, 15213, USA

    Darion CasselĀ &Ā Limin Jia

  2. Indiana University, Bloomington, IN, 47405, USA

    Yan Huang

Authors
  1. Darion Cassel
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  2. Yan Huang
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  3. Limin Jia
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

Corresponding author

Correspondence to Darion Cassel .

Editor information

Editors and Affiliations

  1. NEC Corporation, Kawasaki, Japan

    Kazue Sako

  2. University of Surrey, Guildford, UK

    Steve Schneider

  3. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Peter Y. A. Ryan

Rights and permissions

Reprints and permissions

Copyright information

Ā© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cassel, D., Huang, Y., Jia, L. (2019). Uncovering Information Flow Policy Violations in C Programs (Extended Abstract). In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security ā€“ ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11736. Springer, Cham. https://doi.org/10.1007/978-3-030-29962-0_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29962-0_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29961-3

  • Online ISBN: 978-3-030-29962-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation