Article

Efficient type inference for secure information flow

Authors:

Katia Hristova,

Yanhong A. Liu,

Scott D. StollerAuthors Info & Claims

PLAS '06: Proceedings of the 2006 workshop on Programming languages and analysis for security

Pages 85 - 94

https://doi.org/10.1145/1134744.1134759

Published: 10 June 2006 Publication History

Abstract

This paper describes the design, analysis, and implementation of an efficient algorithm for information flow analysis expressed using a type system. Given a program and an environment of security classes for information accessed by the program, the algorithm checks whether the program is well typed, i.e., there is no information of higher security classes flowing into places of lower security classes according to a lattice of security classes, by inferring the highest or lowest security class as appropriate for each program node. We express the analysis as a set of Datalog-like rules based on the typing and subtyping rules, and we use a systematic method to generate specialized algorithms and data structures directly from the Datalog-like rules. The generated implementation traverses the program multiple times and uses a combination of linked and indexed data structures to represent program nodes, environments, and types. The time complexity of the algorithm is linear in the size of the input program, times the height of the lattice of security classes, plus a small overhead for preprocessing the security classes. This complexity is confirmed through our prototype implementation and experimental evaluation on code generated from high-level specifications for real systems.

References

[1]

M. Abadi. Secrecy by typing in cryptographic protocols. In Theoretical Aspects of Computer Software (TACS'97), Proceedings, volume 1281 of Lecture Notes in Computer Science, pages 611--638, Berlin, Germany, 1997. Springer.]]

Digital Library

[2]

S. Abiteboul, R. Hull, and V. Vianu. Foundations of Databases. Addison-Wesley, 1995.]]

Digital Library

[3]

H. Ait-Kaci, R. S. Boyer, P. Lincoln, and R. Nasr. Efficient implementation of lattice operations. Programming Languages and Systems, 11(1):115--146, 1989.]]

Digital Library

[4]

M. Avvenuti, C. Bernardeschi, and N. D. Francesco. Java bytecode verification for secure information flow. SIGPLAN Not., 38(12):20--27, 2003.]]

Digital Library

[5]

J.-P. Banǎtre, C. Bryce, and D. L. Métayer. (BOB - pls. check both of those -LISA) Compile-time detection of information flow in sequential programs. In ESORICS '94: Proceedings of the Third European Symposium on Research in Computer Security, pages 55--73, London, UK, 1994. Springer-Verlag.]]

Digital Library

[6]

R. Barbuti, C. Bernardeschi, and N. D. Francesco. Checking security of Java bytecode by abstract interpretation. In SAC '02: Proceedings of the 2002 ACM symposium on Applied computing, pages 229--236, New York, NY, USA, 2002. ACM Press.]]

Digital Library

[7]

J. Cai and R. Paige. Program derivation by fixed point computation. Science of Computer Programming, 11(3):197--261, 1989.]]

Digital Library

[8]

S. Ceri, G. Gottlob, and L. Tanca. Logic Programming and Databases. Springer-Verlag New York, Inc., New York, NY, USA, 1990.]]

Digital Library

[9]

Z. Deng and G. Smith. Type inference and informative error reporting for secure information flow. In Proceedings of ACMSE 2006: 44th ACM Southeast Conference, Melbourne, Florida, 2006.]]

Digital Library

[10]

D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236--243, 1976.]]

Digital Library

[11]

D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Communications of the ACM, 20(7):504--513, 1977.]]

Digital Library

[12]

N. D. Francesco, A. Santone, and L. Tesei. Abstract interpretation and model checking for checking secure information flow in concurrent systems. Fundam. Inf., 54(2-3):195--211, 2003.]]

Digital Library

[13]

R. Giacobazzi and I. Mastroeni. Abstract non-interference: parameterizing non-interference by abstract interpretation. In POPL '04: Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 186--197, New York, NY, USA, 2004. ACM Press.]]

Digital Library

[14]

C. Heitmeyer. Using the SCR* toolset to specify software requirements. In WIFT '98: Proceedings of the Second IEEE Workshop on Industrial Strength Formal Specification Techniques, page 12, Washington, DC, USA, 1998. IEEE Computer Society.]]

Digital Library

[15]

Y. A. Liu and S. D. Stoller. From Datalog rules to efficient programs with time and space guarantees. In Proceedings of the 5th ACM SIGPLAN international conference on Principles and practice of declaritive programming, pages 172--183. ACM Press, 2003.]]

Digital Library

[16]

A. C. Myers. JFlow: Practical mostly-static information flow control. In Symposium on Principles of Programming Languages (POPL), pages 228--241, San Antonio, Texas, Jan. 1999.]]

Digital Library

[17]

R. Paige. Real-time simulation of a set machine on a RAM. In Proceedings of the International Conference on Computing and Information, volume 2, pages 68--73, 1989.]]

[18]

R. Paige and S. Koenig. Finite differencing of computable expressions. ACM Transactions on Programming Languages and Systems (TOPLAS), 4(3):402--454, 1982.]]

Digital Library

[19]

J. Palsberg and P. Ørbæk. Trust in the lambda-calculus. In SAS '95: Proceedings of the Second International Symposium on Static Analysis, pages 314--329, London, UK, 1995. Springer-Verlag.]]

Digital Library

[20]

F. Pottier and V. Simonet. Information flow inference for ML. In POPL '02: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 319--330, New York, NY, USA, 2002. ACM Press.]]

Digital Library

[21]

T. Rothamel, C. Heitmeyer, B. Leonard, and Y. A. Liu. Generating optimized code from SCR specifications. To appear in Proceedings of LCTES 2006: ACM SIGPLAN/SIGBED Conference on Languages, Compilers, and Tools for Embedded Systems, 2006.]]

Digital Library

[22]

A.Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal On Selected Areas in Communications, 21(1):5--19, January 2003.]]

Digital Library

[23]

V. Simonet. Flow CAML in a nutshell. In G. Hutton, editor, Proceedings of the first APPSEM-II workshop, pages 152--165, 2003.]]

[24]

G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. In POPL '98: Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 355--364, New York, NY, USA, 1998. ACM Press.]]

Digital Library

[25]

M. Sulzmann. A general type inference framework for Hindley/Milner style systems. In FLOPS '01: Proceedings of the 5th International Symposium on Functional and Logic Programming, pages 248--263, London, UK, 2001. Springer-Verlag.]]

Digital Library

[26]

Q. Sun, A. Banerjee, and D. A. Naumann. Modular and constraint-based information flow inference for an object-oriented language. In Proceedings of the 11th International Static Analysis Symposium, volume 3148 of Lecture Notes in Computer Science, pages 84--99, Aug. 2004.]]

[27]

D. Volpano, C. Irvine, and G. Smith. A sound type system for secure flow analysis. Journal of Computer Security, 4(2-3):167--187, 1996.]]

Digital Library

[28]

D. M. Volpano and G. Smith. A type-based approach to program security. In TAPSOFT '97: Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development, pages 607--621, London, UK, 1997. Springer-Verlag.]]

Digital Library

Cited By

Jaskolka J(2020)Identifying and Analyzing Implicit Interactions in a Wastewater Dechlorination SystemComputer Security10.1007/978-3-030-64330-0_3(34-51)Online publication date: 17-Dec-2020
https://doi.org/10.1007/978-3-030-64330-0_3
Jaskolka JVillasenor J(2017)An Approach for Identifying and Analyzing Implicit Interactions in Distributed SystemsIEEE Transactions on Reliability10.1109/TR.2017.266516466:2(529-546)Online publication date: Jun-2017
https://doi.org/10.1109/TR.2017.2665164
Bollmann DLortz SMantel HStarostin A(2015)An Automatic Inference of Minimal Security TypesProceedings of the 11th International Conference on Information Systems Security - Volume 947810.1007/978-3-319-26961-0_24(395-415)Online publication date: 16-Dec-2015
https://dl.acm.org/doi/10.1007/978-3-319-26961-0_24
Show More Cited By

Recommendations

Polymorphic type inference and abstract data types

Many statically typed programming languages provide an abstract data type construct, such as the module in Modula-2. However, in most of these languages, implementations of abstract data types are not first-class values. Thus, they cannot be assigned to ...
Type inference with simple selftypes is NP-complete

The metavariable self is fundamental in object-oriented languages. Typing self in the presence of inheritance has been studied by Abadi and Cardelli, Bruce, and others. A key concept in these developments is the notion of selftype, which enables ...
A lattice model of secure information flow

This paper investigates mechanisms that guarantee secure information flow in a computer system. These mechanisms are examined within a mathematical framework suitable for formulating the requirements of secure information flow among security classes. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PLAS '06: Proceedings of the 2006 workshop on Programming languages and analysis for security

June 2006

102 pages

ISBN:1595933743

DOI:10.1145/1134744

General Chair:
Vugranam Sreedhar
IBM T.J. Watson Research Center, USA
,
Program Chair:
Steve Zdancewic
University of Pennsylvania, USA

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 June 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

PLAS06

Sponsor:

PLAS06: Programming Languages and Analysis for Security Workshop

June 10, 2006

Ontario, Ottawa, Canada

Acceptance Rates

Overall Acceptance Rate 43 of 77 submissions, 56%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
416
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jaskolka J(2020)Identifying and Analyzing Implicit Interactions in a Wastewater Dechlorination SystemComputer Security10.1007/978-3-030-64330-0_3(34-51)Online publication date: 17-Dec-2020
https://doi.org/10.1007/978-3-030-64330-0_3
Jaskolka JVillasenor J(2017)An Approach for Identifying and Analyzing Implicit Interactions in Distributed SystemsIEEE Transactions on Reliability10.1109/TR.2017.266516466:2(529-546)Online publication date: Jun-2017
https://doi.org/10.1109/TR.2017.2665164
Bollmann DLortz SMantel HStarostin A(2015)An Automatic Inference of Minimal Security TypesProceedings of the 11th International Conference on Information Systems Security - Volume 947810.1007/978-3-319-26961-0_24(395-415)Online publication date: 16-Dec-2015
https://dl.acm.org/doi/10.1007/978-3-319-26961-0_24
Liu YStoller S(2009)From datalog rules to efficient programs with time and space guaranteesACM Transactions on Programming Languages and Systems10.1145/1552309.155231131:6(1-38)Online publication date: 26-Aug-2009
https://dl.acm.org/doi/10.1145/1552309.1552311
Pistoia MErlingsson Ú(2009)Programming languages and program analysis for securityACM SIGPLAN Notices10.1145/1513443.151344943:12(32-39)Online publication date: 28-Feb-2009
https://dl.acm.org/doi/10.1145/1513443.1513449
Kundu A(2009)SN2K Attacks and Honest ServicesProceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference - Volume 0210.1109/COMPSAC.2009.174(445-450)Online publication date: 20-Jul-2009
https://dl.acm.org/doi/10.1109/COMPSAC.2009.174
Schubert AWalukiewicz-Chrząszcz D(2009)The Non-Interference Protection in BMLElectronic Notes in Theoretical Computer Science (ENTCS)10.1016/j.entcs.2009.11.018253:5(113-127)Online publication date: 1-Dec-2009
https://dl.acm.org/doi/10.1016/j.entcs.2009.11.018
Sabri KKhedri RJaskolka J(2009)Verification of Information Flow in Agent-Based SystemsE-Technologies: Innovation in an Open World10.1007/978-3-642-01187-0_22(252-266)Online publication date: 2009
https://doi.org/10.1007/978-3-642-01187-0_22
Willis DPearce DNoble J(2008)Caching and incrementalisation in the java query languageACM SIGPLAN Notices10.1145/1449955.144976643:10(1-18)Online publication date: 19-Oct-2008
https://dl.acm.org/doi/10.1145/1449955.1449766
Willis DPearce DNoble JHarris GKiczales GRiehle DBlack A(2008)Caching and incrementalisation in the java query languageProceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications10.1145/1449764.1449766(1-18)Online publication date: 19-Oct-2008
https://dl.acm.org/doi/10.1145/1449764.1449766
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten