Abstract
In this paper, we describe the implementation of a prototype evaluator for RDRL - a domain-specific security typed programming language that allows dynamically tracking the information flow control and prevents both explicit and implicit insecure flows. The evaluator has been implemented using the ASF+SDF Language Specification Formalism which allows defining the syntax and semantics of a domain specific language (DSL). Using this prototype, we analyze the information flow dynamically and avoid the need for an approximate static analysis of information flow security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Shroff, P., Smith, S., Thober, M.: Securing information Flow via Dynamic Capture of Dependencies. Journal of Computer Security 16, 673–688 (2008)
Myers, A.C., Liskov, B.: Protecting Privacy Using the Decentralized Label Model. ACM TOSEM 9, 410–442 (2000)
Hassan, D., Mousavi, M., Reniers, M.: Restricted Delegation and Revocation in Language-Based Security (Position Paper). In: Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, PLAS 2010, Toronto, Canada. ACM Press (June 2010)
Hassan, D., Mousavi, M.: RDR: A Language for Restricted Delegation and Revocation. Technical report, Department of Computer Science, Eindhoven University of Technology (2011), http://www.win.tue.nl/~mousavi/rdr-tech-rep.pdf
van den Brand, M.G.J., Klint, P.: Asf+sdf Meta-Environment User Manual - Revision 1.134. Technical report, CWI Centrum voor Wiskunde en Informatica, Amsterdam (2003), www.cwi.nl/projects/MetaEnv/meta
Denning, D.E.: A Lattice Model of Secure Information Flow. Journal of Commun. ACM 19(5), 236–243 (1976)
Deursen, A.V., Heering, J., Klint, P.: Language Prototyping: An Algebraic Specification Approach. AMAST Series in Computing, vol. V. World Scientific (1996)
van den Brand, M.G.J., van Deursen, A., Heering, J., de Jong, H.A., de Jonge, M., Kuipers, T., Klint, P., Moonen, L., Olivier, P.A., Scheerder, J., Vinju, J.J., Visser, E., Visser, J.: The ASF+SDF Meta-environment: A Component-Based Language Development Environment. In: Wilhelm, R. (ed.) CC 2001. LNCS, vol. 2027, pp. 365–370. Springer, Heidelberg (2001)
van den Brand, M.G.J., Klint, P., Vinju, J.J.: The Language Specification Formalism ASF+SDF (2008)
Heering, J., Hendriks, P., Klint, P., Rekers, J.: The Syntax Definition Formalism SDF - Reference Manual (1989)
Chong, S., Myers, A.C., Vikram, K., Zheng, L.: Jif Reference Manual (2006)
Myers, A.C.: JFlow: Practical Mostly-Static information Flow Control. In: Proceeding of POPL 1999, pp. 228–241. ACM (1999)
Mosses, P.: Action Semantics and ASF+SDF. Electronic Notes in Theoretical Computer Science 6(3), 2–8 (2002)
Venske, S.M., Musicante, M.A.: Typechecking XQuery: A Prototype in ASF+SDF. Revista Ciěncias Exatas e Naturais 8(2) (July/December 2006)
Benton, N.: Embedded Interpreters. Journal of Functional Programming 15(4), 503–542 (2005)
Haldar, V., Chandra, D., Franz, M.: Dynamic Taint Propagation for Java. In: Proceedings of the 21st Annual Computer Security Applications Conference, ACSAC 2005, pp. 303–311. IEEE (2005)
Zheng, L., Myers, A.C.: Dynamic Security Labels and Static Information Flow Control. Int. J. Inf. Secur. 6, 67–84 (2007)
van den Brand, M.G.J., Jong, H.A., Klint, P., Kooiker, A.T.: A language development environment for Eclipse. In: OOPSLA Workshop on Eclipse Technology eXchange (2003)
Eclipse Platform technical overview. Object Technology International, Inc. (2003)
Hurst, A.: Analysis of Perl’s taint mode (June 2004), http://hurstdog.org/papers/hurst04taint.pdf
Spivey, J.M.: The Z Notation: A Reference Manual, 2nd edn. Prentice Hall (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hassan, D. (2012). Tracking Insecure Information Flows: A Prototype Evaluator in ASF+SDF. In: Venkatakrishnan, V., Goswami, D. (eds) Information Systems Security. ICISS 2012. Lecture Notes in Computer Science, vol 7671. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35130-3_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-35130-3_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35129-7
Online ISBN: 978-3-642-35130-3
eBook Packages: Computer ScienceComputer Science (R0)