[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.5555/872752.873517guideproceedingsArticle/Chapter ViewAbstractPublication PagesConference Proceedingsacm-pubtype
Article

A New Type System for Secure Information Flow

Published: 11 June 2001 Publication History

Abstract

Abstract: With the variables of a program classified as L (low, public) or H (high, private), we wish to prevent the program from leaking information about H variables into L variables. Given a multi-threaded imperative language with probabilistic scheduling, the goal can be formalized as a property called probabilistic noninterference. Previous work identified a type system sufficient to guarantee probabilistic noninterference, but at the cost of severe restrictions: to prevent timing leaks, H variables were disallowed from the guards of while loops. Here we present a new type system that gives each command a type of the form \tau_1 cmd \tau_2; this type says that the command assigns only to variables of level \tau_1 (or higher) and has running time that depends only on variables of level \tau_2 (or lower). Also we use types of the form \tau cmd n for commands that terminate in exactly n steps. With these typings, we can prevent timing leaks by demanding that no assignment to an L variable may sequentially follow a command whose running time depends on H variables. As a result, we can use H variables more flexibly; for example, under the new system a thread that involves only H variables is always well typed. The soundness of the type system is proved using the notion of probabilistic bisimulation.

References

[1]
J. Agat. Transforming out timing leaks. In Proceedings 27th Symposium on Principles of Programming Languages, pages 40-53, Boston, MA, Jan. 2000.
[2]
J. Agat. Type Based Techniques for Covert Channel Elimination and Register Allocation. PhD thesis, Chalmers University of Technology, Göteborg, Sweden, Dec. 2000.
[3]
D. Denning and P. Denning. Certification of programs for secure information flow. Commun. ACM, 20(7):504-513, 1977.
[4]
W. Feller. An Introduction to Probability Theory and Its Applications, volume I. John Wiley & Sons, Inc., third edition, 1968.
[5]
H. Hermanns. Interactive Markov Chains. PhD thesis, University of Erlangen-Nürnberg, July 1998.
[6]
K. Honda, V. Vasconcelos, and N. Yoshida. Secure information flow as typed process behaviour. In Proceedings 9th European Symposium on Programming, volume 1782 of Lecture Notes in Computer Science, pages 180-199, Apr. 2000.
[7]
J. Kemeny and J. L. Snell. Finite Markov Chains. D. Van Nostrand, 1960.
[8]
K. G. Larsen and A. Skou. Bisimulation through probabilistic testing. Information and Computation, 94(1):1-28, 1991.
[9]
A. Sabelfeld and D. Sands. Probabilistic noninterference for multi-threaded programs. In Proceedings 13th IEEE Computer Security Foundations Workshop, pages 200-214, Cambridge, UK, July 2000.
[10]
G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. In Proceedings 25th Symposium on Principles of Programming Languages, pages 355-364, San Diego, CA, Jan. 1998.
[11]
D. Volpano. Secure introduction of one-way functions. In Proceedings 13th IEEE Computer Security Foundations Workshop, pages 246-254, Cambridge, UK, June 2000.
[12]
D. Volpano and G. Smith. A type-based approach to program security. In Proc. Theory and Practice of Software Development, volume 1214 of Lecture Notes in Computer Science, pages 607-621, Apr. 1997.
[13]
D. Volpano and G. Smith. Probabilistic noninterference in a concurrent language. Journal of Computer Security, 7(2,3):231-253, 1999.
[14]
D. Volpano and G. Smith. Verifying secrets and relative secrecy. In Proceedings 27th Symposium on Principles of Programming Languages, pages 268-276, Boston, MA, Jan. 2000.
[15]
D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(2,3):167-187, 1996.

Cited By

View all
  • (2021)An axiomatic approach to detect information leaks in concurrent programsProceedings of the 43rd International Conference on Software Engineering: New Ideas and Emerging Results10.1109/ICSE-NIER52604.2021.00015(31-35)Online publication date: 25-May-2021
  • (2016)Formal verification of secure information flow in cloud computingJournal of Information Security and Applications10.1016/j.jisa.2016.03.00227:C(103-116)Online publication date: 1-Apr-2016
  • (2016)Progress-Sensitive Security for SPARKProceedings of the 8th International Symposium on Engineering Secure Software and Systems - Volume 963910.1007/978-3-319-30806-7_2(20-37)Online publication date: 6-Apr-2016
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings
CSFW '01: Proceedings of the 14th IEEE workshop on Computer Security Foundations
June 2001

Publisher

IEEE Computer Society

United States

Publication History

Published: 11 June 2001

Qualifiers

  • Article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2021)An axiomatic approach to detect information leaks in concurrent programsProceedings of the 43rd International Conference on Software Engineering: New Ideas and Emerging Results10.1109/ICSE-NIER52604.2021.00015(31-35)Online publication date: 25-May-2021
  • (2016)Formal verification of secure information flow in cloud computingJournal of Information Security and Applications10.1016/j.jisa.2016.03.00227:C(103-116)Online publication date: 1-Apr-2016
  • (2016)Progress-Sensitive Security for SPARKProceedings of the 8th International Symposium on Engineering Secure Software and Systems - Volume 963910.1007/978-3-319-30806-7_2(20-37)Online publication date: 6-Apr-2016
  • (2015)GuideForceRevised Selected Papers of the SEFM 2015 Collocated Workshops on Software Engineering and Formal Methods - Volume 950910.1007/978-3-662-49224-6_8(75-89)Online publication date: 7-Sep-2015
  • (2013)Fine-Grained and Coarse-Grained Reactive Noninterference8th International Symposium on Trustworthy Global Computing - Volume 835810.1007/978-3-319-05119-2_10(159-179)Online publication date: 30-Aug-2013
  • (2012)Towards a practical secure concurrent languageACM SIGPLAN Notices10.1145/2398857.238462147:10(57-74)Online publication date: 19-Oct-2012
  • (2012)Addressing covert termination and timing channels in concurrent information flow systemsACM SIGPLAN Notices10.1145/2398856.236455747:9(201-214)Online publication date: 9-Sep-2012
  • (2012)Towards a practical secure concurrent languageProceedings of the ACM international conference on Object oriented programming systems languages and applications10.1145/2384616.2384621(57-74)Online publication date: 19-Oct-2012
  • (2012)Precise enforcement of progress-sensitive securityProceedings of the 2012 ACM conference on Computer and communications security10.1145/2382196.2382289(881-893)Online publication date: 16-Oct-2012
  • (2012)Addressing covert termination and timing channels in concurrent information flow systemsProceedings of the 17th ACM SIGPLAN international conference on Functional programming10.1145/2364527.2364557(201-214)Online publication date: 9-Sep-2012
  • Show More Cited By

View Options

View options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media