Tracking Insecure Information Flows: A Prototype Evaluator in ASF+SDF

Hassan, Doaa

doi:10.1007/978-3-642-35130-3_22

Doaa Hassan¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7671))

Included in the following conference series:

International Conference on Information Systems Security

990 Accesses

Abstract

In this paper, we describe the implementation of a prototype evaluator for RDRL - a domain-specific security typed programming language that allows dynamically tracking the information flow control and prevents both explicit and implicit insecure flows. The evaluator has been implemented using the ASF+SDF Language Specification Formalism which allows defining the syntax and semantics of a domain specific language (DSL). Using this prototype, we analyze the information flow dynamically and avoid the need for an approximate static analysis of information flow security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Shroff, P., Smith, S., Thober, M.: Securing information Flow via Dynamic Capture of Dependencies. Journal of Computer Security 16, 673–688 (2008)
Google Scholar
Myers, A.C., Liskov, B.: Protecting Privacy Using the Decentralized Label Model. ACM TOSEM 9, 410–442 (2000)
Article Google Scholar
Hassan, D., Mousavi, M., Reniers, M.: Restricted Delegation and Revocation in Language-Based Security (Position Paper). In: Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, PLAS 2010, Toronto, Canada. ACM Press (June 2010)
Google Scholar
Hassan, D., Mousavi, M.: RDR: A Language for Restricted Delegation and Revocation. Technical report, Department of Computer Science, Eindhoven University of Technology (2011), http://www.win.tue.nl/~mousavi/rdr-tech-rep.pdf
van den Brand, M.G.J., Klint, P.: Asf+sdf Meta-Environment User Manual - Revision 1.134. Technical report, CWI Centrum voor Wiskunde en Informatica, Amsterdam (2003), www.cwi.nl/projects/MetaEnv/meta
Denning, D.E.: A Lattice Model of Secure Information Flow. Journal of Commun. ACM 19(5), 236–243 (1976)
Article MathSciNet MATH Google Scholar
Deursen, A.V., Heering, J., Klint, P.: Language Prototyping: An Algebraic Specification Approach. AMAST Series in Computing, vol. V. World Scientific (1996)
Google Scholar
van den Brand, M.G.J., van Deursen, A., Heering, J., de Jong, H.A., de Jonge, M., Kuipers, T., Klint, P., Moonen, L., Olivier, P.A., Scheerder, J., Vinju, J.J., Visser, E., Visser, J.: The ASF+SDF Meta-environment: A Component-Based Language Development Environment. In: Wilhelm, R. (ed.) CC 2001. LNCS, vol. 2027, pp. 365–370. Springer, Heidelberg (2001)
Chapter Google Scholar
van den Brand, M.G.J., Klint, P., Vinju, J.J.: The Language Specification Formalism ASF+SDF (2008)
Google Scholar
Heering, J., Hendriks, P., Klint, P., Rekers, J.: The Syntax Definition Formalism SDF - Reference Manual (1989)
Google Scholar
Chong, S., Myers, A.C., Vikram, K., Zheng, L.: Jif Reference Manual (2006)
Google Scholar
Myers, A.C.: JFlow: Practical Mostly-Static information Flow Control. In: Proceeding of POPL 1999, pp. 228–241. ACM (1999)
Google Scholar
Mosses, P.: Action Semantics and ASF+SDF. Electronic Notes in Theoretical Computer Science 6(3), 2–8 (2002)
Article Google Scholar
Venske, S.M., Musicante, M.A.: Typechecking XQuery: A Prototype in ASF+SDF. Revista Ciěncias Exatas e Naturais 8(2) (July/December 2006)
Google Scholar
Benton, N.: Embedded Interpreters. Journal of Functional Programming 15(4), 503–542 (2005)
Article MathSciNet MATH Google Scholar
Haldar, V., Chandra, D., Franz, M.: Dynamic Taint Propagation for Java. In: Proceedings of the 21st Annual Computer Security Applications Conference, ACSAC 2005, pp. 303–311. IEEE (2005)
Google Scholar
Zheng, L., Myers, A.C.: Dynamic Security Labels and Static Information Flow Control. Int. J. Inf. Secur. 6, 67–84 (2007)
Article Google Scholar
van den Brand, M.G.J., Jong, H.A., Klint, P., Kooiker, A.T.: A language development environment for Eclipse. In: OOPSLA Workshop on Eclipse Technology eXchange (2003)
Google Scholar
Eclipse Platform technical overview. Object Technology International, Inc. (2003)
Google Scholar
Hurst, A.: Analysis of Perl’s taint mode (June 2004), http://hurstdog.org/papers/hurst04taint.pdf
Spivey, J.M.: The Z Notation: A Reference Manual, 2nd edn. Prentice Hall (2001)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computers and Systems, National Telecommunication Institute, 5 Mahmoud El Miligy Street, 6th District, Nasr City, Cairo, Egypt
Doaa Hassan

Authors

Doaa Hassan
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science, University of Illinois at Chicago, 60607-7053, Chicago, IL, USA
Venkat Venkatakrishnan
Department of Computer Science and Engineering, Indian Institute of Technology, 781039, Guwahati, Assam, India
Diganta Goswami

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Hassan, D. (2012). Tracking Insecure Information Flows: A Prototype Evaluator in ASF+SDF. In: Venkatakrishnan, V., Goswami, D. (eds) Information Systems Security. ICISS 2012. Lecture Notes in Computer Science, vol 7671. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35130-3_22

Download citation

DOI: https://doi.org/10.1007/978-3-642-35130-3_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35129-7
Online ISBN: 978-3-642-35130-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics