Abstract
In this paper we argue that, in the perspective of developing “security-minded” programming languages, the secure information flow property should be defined (as well as disciplined access) as a standard safety property, based on a notion of a security error, namely that one should not put in a public location a value elaborated using confidential information. We show that this is the property guaranteed by a standard security type system, and that, for a simple language, it is strictly stronger than non-interference. Moreover, we show that this notion of secure information flow allows us to give natural semantics to various security-minded programming constructs, including declassification.
Work partially supported by the CRE FT-R&D no 46136511, and by the ANR-SETI-06-010 grant.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Almeida Matos, A., Boudol, G.: On declassification and the non-disclosure pol- icy. In: CSFW 2005, pp. 226–240 (2005); revised version accepted for publication in the J. of Computer Security, available from the authors web page
Amtoft, T., Banerjee, A.: Information flow analysis in logical form. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 100–115. Springer, Heidelberg (2004)
Banerjee, A., Naumann, D.A.: Stack-based access control for secure information flow. J. of Functional Programming 15, 131–177 (2005); special issue on Language-Based Security
Barthe, G., D’Argenio, P., Rezk, T.: Secure information flow by self- composition. In: CSFW 2004 (2004)
Barthe, G., Rezk, T.: Non-interference for a JVM-like language. In: ACM SIGPLAN Workshop on Types in Language Design and Implementation, pp. 103–112 (2005)
Boudol, G.: On typing information flow. In: Van Hung, D., Wirsing, M. (eds.) ICTAC 2005. LNCS, vol. 3722, pp. 366–380. Springer, Heidelberg (2005)
Boudol, G., Kolundžija, M.: Access control and declassification. In: MMM- ACNS 2007. Communications in Computers and Information Science, vol. 1 (2007)
Cohen, E.: Information transmission in computational systems. In: 6th ACM Symp. on Operating Systems Principles, pp. 133–139 (1977)
Crary, K., Kliger, A., Pfenning, F.: A monadic analysis of information flow se- curity with mutable state. J. of Functional Programming 15(2), 249–291 (2005)
Denning, D.E.: A lattice model of secure information flow. CACM 19(5), 236–243 (1976)
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. CACM 20(7), 504–513 (1977)
Fenton, J.S.: Memoryless subsystems. Computer Journal 17(2), 143–147 (1974)
Fournet, C., Gordon, A.: Stack inspection: theory and variants. In: POPL 2002, pp. 307–318 (2002)
Heintze, N., Riecke, J.: The SLam calculus: programming with secrecy and in- tegrity. In: POPL 1998, pp. 365–377 (1998)
Myers, A.: JFlow: practical mostly-static information flow control. In: POPL 1999 (1999)
Pottier, F., Simonet, V.: Information flow inference for ML. ACM TOPLAS 25(1), 117–158 (2003)
Pottier, F., Skalka, C., Smith, S.: A systematic approach to static access control. ACM TOPLAS 27(2), 344–382 (2005)
Ryan, P., McLean, J., Millen, J., Gligor, V.: Non-interference, who needs it? In: CSFW 2001 (2001)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. on Selected Areas in Communications 21(1), 5–19 (2003)
Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: CSFW 2005, pp. 255–269 (2005); revised version accepted for publication in the J. of Computer Security, available from the authors web page
Simonet, V.: The Flow Caml system: documentation and user’s manual, INRIA Tech. Rep. 0282 (2003)
Skalka, C., Smith, S.: Static enforcement of security with types. In: ICFP 2000, pp. 34–45 (2000)
Terauchi, T., Aiken, A.: Secure information flow as a safety problem. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 352–367. Springer, Heidelberg (2005)
Unno, H., Kobayashi, N., Yonezawa, A.: Combining type-based analysis and model checking for finding counterexamples against non-interference. In: PLAS 2006 (2006)
Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. J. of Computer Security 4(3), 167–187 (1996)
Zdancewic, S.: Programming Languages for Information Security, PhD Thesis, Cornell University (2002)
Zdancewic, S., Myers, A.C.: Secure information flow via linear continuations. HOSC 15(2-3), 209–234 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Boudol, G. (2009). Secure Information Flow as a Safety Property. In: Degano, P., Guttman, J., Martinelli, F. (eds) Formal Aspects in Security and Trust. FAST 2008. Lecture Notes in Computer Science, vol 5491. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01465-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-01465-9_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01464-2
Online ISBN: 978-3-642-01465-9
eBook Packages: Computer ScienceComputer Science (R0)