Secure information flow and pointer con .nement in a java-like language

  title={Secure information flow and pointer con .nement in a java-like language},
  author={Anindya Banerjee and David A. Naumann},
  journal={Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15},
  • A. BanerjeeD. Naumann
  • Published 24 June 2002
  • Computer Science
  • Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15
We consider a sequential object-oriented language with pointers and mutable state, private fields and class-based visibility, dynamic binding and inheritance, recursive classes, casts and type tests, and recursive methods. Programs are annotated with security levels, constrainedby security typing rules. A noninterference theorem shows how the rules ensure pointer confinement and secure information flow. 

Tables from this paper

Constraint-based secure information flow inference for a Java-like language

This paper addresses the problem of checking programs written in a Java-like language to ensure that they satisfy information flow policies like confidentiality and integrity in the presence of dynamic access control mechanisms like stack inspection, and presents an inference algorithm that infers such security types in a modular manner.

Modular and Constraint-Based Information Flow Inference for an Object-Oriented Language

This paper addresses the problem of checking programs written in an object-oriented language to ensure that they satisfy the information flow policies, confidentiality and integrity by presenting an algorithm that infers such security types in a modular manner.

A Design for a Security-Typed Language with Certificate-Based Declassification

A conditioned version of the noninterference theorem such that authorization for declassification is justified by digital certificates from public-key infrastructures is proved.

Constraint-based modular secure information flow inference for object-oriented programs

This thesis presents a constraint-based inference system for secure information flow for a Java-like language with method inheritance and override, which is inter-procedural and modular: incremental inference can be performed on individual program components, and result used as libraries for other components.

Observational determinism for concurrent program security

  • S. ZdancewicA. Myers
  • Computer Science
    16th IEEE Computer Security Foundations Workshop, 2003. Proceedings.
  • 2003
This paper presents a relatively expressive secure concurrent calculi, provides first-class channels, high-order functions, and an unbounded number of threads.

Program-level Specification and Deductive Verification of Security Properties

This thesis shows how highly precise specification and deductive verification of language-based secure information flow can be made feasible by using the precision provided by the underlying calculus for Java Dynamic Logic.

Stack-based access control and secure information flow

A design pattern by which this mechanism can be used to achieve confidentiality and integrity goals: a single interface serves callers of more than one security level and dynamic access control prevents release of high information to low callers is investigated.

Type-based information flow analysis for bytecode languages with variable object field policies

A flow-sensitive type system for statically detecting illegal flows of information in a JVM-like language that allows the level of a field to vary at different object creation points is presented and a noninterference result is proved.

Verifying a Secure Information Flow Analyzer

Denotational semantics for a substantial fragment of Java is formalized by deep embedding in PVS, making extensive use of dependent types. A static analyzer for secure information flow for this

Formally verifying information flow type systems for concurrent and thread systems

Using the proof assistant Isabelle/HOL, a recent work of Boudol and Castellani cite BC02:tcs is machine-checked, which defines an information flow type system for a concurrent language with scheduling, and shows that typable programs are non-interferent.



A Sound Type System for Secure Flow Analysis

This work forms Denning’s approach as a type system and presents a notion of soundness for the system that can be viewed as a form of noninterference.

Certification of programs for secure information flow

This paper presents a mechanism for verifying the secure flow of information through a program that exploits the properties of a lattice structure among security classes and proves that a program cannot cause supposedly nonconfidential results to depend on confidential input data.

Secure information flow in a multi-threaded imperative language

By modifying the sequential type system, the analysis is extended to deal with a multithreaded language and shows how a more restrictive type system can guarantee noninterference, given a more deterministic scheduling policy, such as round-robin time slicing.

Confined types in Java

The sharing and transfer of references in object‐oriented languages is difficult to control. Without any constraint, practical experience has shown that even carefully engineered object‐oriented code

Confinement Properties for Multi-Threaded Programs

A Type-Based Approach to Program Security

A type system which guarantees that well-typed programs in a procedural programming language satisfy a noninterference security property, which basically states that a program output can never change as a result of modifying only inputs classified at higher levels.

JFlow: practical mostly-static information flow control

The new language JFlow is described, an extension to the Java language that adds statically-checked information flow annotations and provides several new features that make information flow checking more flexible and convenient than in previous models.

A core calculus of dependency

It is argued that there is a central notion of dependency common to these settings that can be captured within a single calculus, the Dependency Core Calculus (DCC), a small extension of Moggi's computational lambda calculus.

A new type system for secure information flow

  • Geoffrey Smith
  • Computer Science
    Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001.
  • 2001
A new type system is presented that gives each command a type that ensures that no assignment to an L variable may sequentially follow a command whose running time depends on H variables, and can use H variables more flexibly.

A Per Model of Secure Information Flow in Sequential Programs

The approach is inspired by (and in the deterministic case equivalent to) the use of partial equivalence relations in specifying binding-time analysis, and is thus able to specify security properties of higher-order functions and “partially confidential data”.