François Pottier
Sylvain Conchon
ABSTRACT
This paper shows how to systematically extend an arbitrary type system with dependency information, and how soundness and non-interference proofs for the new system may rely upon, rather than duplicate, the soundness proof of the original system. This allows enriching virtually any of the type systems known today with information flow analysis, while requiring only a minimal proof effort.Our approach is based on an untyped operational semantics for a labelled calculus akin to core ML. Thus, it is simple, and should be applicable to other computing paradigms, such as object or process calculi.The paper also discusses access control, and shows it may be viewed as entirely independent of information flow control. Letting the two mechanisms coexist, without interacting, yields a simple and expressive type system, which allows, in particular, "selective" declassification.
- 1.M. Abadi, A. Banerjee, N. Heintze, and J. G. Riecke. A core calculus of dependency. InConference Record of the 26th ACM Symposium on Principles of Programming Languages, pages 147-160, San Antonio, Texas, Jan. 1999. Google Scholar
Digital Library
- 2.M. Abadi, B. Lampson, and J.-J. L~vy. Analysis and caching of dependencies. In Proceedings of the 1996 ACM SIGPLAN International Conference on Functional Programming, pages 83-91, Philadelphia, Pennsylvania, May 1996. Google ScholarDigital Library
- 3.A. Aiken, M. F~hndrich, J. S. Foster, and Z. Su. A toolkit for constructing type- and constraint-based program analyses. Lecture Notes in Computer Science, 1473:78, 1998. Google ScholarDigital Library
- 4.G. R. Andrews and R. P. Reitman. Anaxiomatic approach toinformation ?ow in programs. ACM Transactions on Programming Languages and Systems, 2(1):56-76, Jan. 1980. Google ScholarDigital Library
- 5.J.-P. Ban~tre, C. Bryce, and D. Le M~tayer. Compile-time detection of information ?ow in sequential programs. In D. Gollmann, editor, Proceedings of the 3rd European Symposium on Research in Computer Security, volume 875ofLecture Notes in Computer Science, pages 55-74. Springer Verlag, 1994. Google ScholarDigital Library
- 6.D. E. Denning. Cryptography and Data Security. Addison-Wesley, Reading, Massachusetts, 1982. Google ScholarDigital Library
- 7.D. E. Denning and P. J. Denning. Certi?cation of programs for secure information ?ow. Communications of the ACM, 20(7):504-513, July 1977. Google ScholarDigital Library
- 8.J. S. Fenton. Memoryless subsystems. The Computer Journal, 17(2):143-147, May 1974.Google ScholarCross Ref
- 9.C. Fournet, L. Maranget, C. Laneve, and D. R~my. Implicit typing ~ la ML for the join-calculus. In 8th International Conference on Concurrency Theory (CONCUR'97), volume 1243 of Lecture Notes in Computer Science, pages 196-212, Warsaw, Poland, 1997. Springer. Google ScholarDigital Library
- 10.Y.-C. Fuh and P. Mishra. Polymorphic subtype inference: Closing the theory-practice gap. In J. D~az and F. Orejas, editors, Proceedings of the International Joint Conference onTheory and Practice of Software Development : Vol. 2, volume 352 of LNCS, pages 167-183, Berlin, Mar. 1989. Springer. Google ScholarDigital Library
- 11.J. Goguen and J. Meseguer. Security policies and security models. In Proceedings of the 1982 IEEE Symposium on Security and Privacy, pages 11-20, Apr. 1982.Google ScholarCross Ref
- 12.N. Heintze and J. G. Riecke. The SLam calculus: Programming with secrecy and integrity. In Conference Record of the 25th ACM Symposium on Principles of Programming Languages, pages 365-377, San Diego, California, Jan. 1998. Google ScholarDigital Library
- 13.B. W. Lampson. A note on the con?nement problem. Communications of the Association for Computing Machinery, 16(10):613-615, Oct. 1973. Google ScholarDigital Library
- 14.A. C. Myers. Mostly-Static Decentralized Information Flow Control. PhD thesis, Massachusetts Institute of Technology, Jan. 1999.Technical Report MIT/LCS/TR-783. Google ScholarDigital Library
- 15.A. C. Myers and B. Liskov. Complete, safe information ?ow withdecentralized labels. In Proceedings of the 1998 IEEE Symposium on Security and Privacy, pages 186-197, May 1998.Google Scholar
- 16.M. Odersky, M. Sulzmann, and M.Wehr. Type inference with constrained types. Theory and Practice of Object Systems, 5(1), 1999. Google ScholarDigital Library
- 17.P. ~rb~k and J. Palsberg. Trust in the A-calculus. Journal of Functional Programming, 7(6):557-591, Nov. 1997. Google ScholarDigital Library
- 18.J. Palsberg and P. ~rb~k. Trust in the A-calculus. Lecture Notes in Computer Science, 983:314-330, 1995.Google ScholarCross Ref
- 19.F. Pottier. Simplifying subtyping constraints: a theory. Submitted for journal publication, Dec. 1998.Google Scholar
- 20.F. Pottier. Type inference in the presence of subtyping: from theory to practice. Technical Report 3483, INRIA, Sept. 1998.Google Scholar
- 21.D. R~my. Projective ML. In 1992 ACM Conference on Lisp and Functional Programming, pages 66-75, New-York, 1992. ACM Press. Google ScholarDigital Library
- 22.D. R~my andJ.Vouillon. Objective ML: A simple object-oriented extension of ML. In Proceedings of the 24th ACM Symposium on Principles of Programming Languages, pages 40-53, Paris, France, Jan. 1997. Google ScholarDigital Library
- 23.J. L. Ross and M. Sagiv. Building a bridge between pointer aliases and program dependences. Nordic Journal of Computing, 5(4):361-386, 1998. Google ScholarDigital Library
- 24.G. S. Smith. Polymorphic type inference with overloading and subtyping. In M.-C. Gaudel and J.-P. Jouannaud, editors, TAPSOFT'93, volume 668of Lecture Notes in Computer Science, pages 671-685. Springer-Verlag, Apr. 1993. Google ScholarDigital Library
- 25.A. Stoughton. Access ?ow: A protection model which integrates access control and information ?ow. In Proceedings of the 1981 IEEE Symposium on Security and Privacy, pages 9-18, 1981.Google Scholar
- 26.V. Trifonov and S. Smith. Subtyping constrained types. In Proceedings of the Third International Static Analysis Symposium, volume 1145 of LNCS, pages 349-365. SV, Sept. 1996. Google ScholarDigital Library
- 27.D. Volpano and G. Smith. A type-based approach to program security. Lecture Notesin Computer Science, 1214:607-621, Apr. 1997. Google ScholarDigital Library
- 28.A. K. Wright and M. Felleisen. A syntactic approach to type soundness. Information and Computation, 115(1):38-94, Nov. 1994. Google ScholarDigital Library
Index Terms
- Information flow inference for free
Recommendations
Information flow inference for ML
POPL '02: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languagesThis paper presents a type-based information flow analysis for a call-by-value λ-calculus equipped with references, exceptions and let-polymorphism, which we refer to as Core ML. The type system is constraint-based and has decidable type inference. Its ...
Information flow inference for ML
This paper presents a type-based information flow analysis for a call-by-value λ-calculus equipped with references, exceptions and let-polymorphism, which we refer to as ML. The type system is constraint-based and has decidable type inference. Its ...
Information flow inference for free
This paper shows how to systematically extend an arbitrary type system with dependency information, and how soundness and non-interference proofs for the new system may rely upon, rather than duplicate, the soundness proof of the original system. This ...
Comments