A novel securitytyped lcc language is proposed to prevent information leakage. Designed by academics for academics, under continuous development since 2003, and used by both individuals and major research institutions worldwide, wikindx is a single or multiuser virtual research environment an enhanced online bibliography manager storing searchable references, notes, files, citations, ideas. Cryptographic enforcement of languagebased erasure. Languagebased informationflow security ieee journal on. Algebraic foundations for information theoretical, probabilistic and guessability measures of information flow. However, none of this languagebased work addresses endtoend security policies. Conventional security mechanisms such as access control and encryption do not directly address the enforcement of information flow policies. You can check if the router has a generic and known wps pin set, if it is vulnerable to a. In this more general context, we derive a proof system that allows us to characterize ani properties inductively on the syntactic structure of programs. Inference of security labels type system generates a set of lattice inequalities equations have the form l ul1 s sl2 constraint of this form can be solved efficiently.
Both static designtime and dynamic runtime security type checking are employed to guarantee no information leakage can occur in annotated agent interaction models. In this paper, we survey the past three decades of research on informationflow security, particularly focusing on work that uses static program analysis to enforce informationflow policies. In proceedings of the conference on programming language design and implementation pldi09. Information erasure is a formal security requirement that stipulates when sensitive data must be removed from computer systems. Jif adds support for security labels to javas type system such that the developer can specify confidentiality and integrity policies to the various variables used in their program. Thus, advance in programming language research can also benefit language based security. Instructionlevel security analysis for information flow in. A labeled io monad, lio, keeps track of a current label and permits restricted access to io functionality. Recently, a promising new approach has been developed. Were upgrading the acm dl, and would like your input.
Preserving the confidentiality of information is a growing concern in software development. Previously, a promising new approach has been developed. The main conclusion is that existing language based information flow mechanisms are inadequate, but that the general approach is quite promising and merits. Security properties of language constructs look like promising candidates to be turned into sos metatheorems and there has already been an attempt in this direction in the context of process calculi security. Languagebased security has been a hot research area of computer security in the last decade. Languagebased informationflow security considers programs that manipulate pieces of data at different sensitivity levels.
Securing information flow in such programs remains an open challenge. The idea is to abstract from languagebased security and consider generically data as distinguished between internal that has to be protected by the program and observable. Proof system for abstract noninterference journal of. In language based security, confidentiality and integrity policies conveniently specify the permitted flows of information between different parts of a program with diverse levels of trust. Cryptographic enforcement of languagebased erasure harvard. We describe a new, dynamic, floatinglabel approach to language based information flow control. Secure information flow is intended to maintain the confidentiality of sensitive information by preventing them from flowing to attackers. Selected areas in communications, ieee journal on 21, 1 2003. Information flow security for imperative languages citeseerx. Cryptographically sound implementations for typed information. The proposed security type system is discussed and then formally evaluated by proving its.
This paper examines the opportunities for applying language based security techniques, in particular information flow tracking, to the sensor network domain. Dec 22, 2017 contextual integrity through the lens of computer science examines computer science literature using contextual integrity and discovers. Secure information sharing in social agent interactions using. We list the main features of jif and discuss the information flow problem that jif helps to solve. Language based information flow security considers programs that manipulate pieces of data at different sensitivity levels. A novel security typed lcc language is proposed to prevent information leakage. The current label floats to exceed the labels of all data observed and restricts what can be modified. These policies enable a simple treatment of security, and they can often be verified by typing.
Higherorder program verification and languagebased security. Information flow security policies are an appealing way of specifying confidentiality and integrity policies in information systems. Languagebased informationflow security andrei sabelfeld and andrew c. Informationflow security policies are an appealing way of specifying confidentiality and integrity policies in information systems.
Secure information sharing in social agent interactions. Unlike other language based work, lio also bounds the current label with a current. Thus, advance in programming language research can also benefit languagebased security. A static analysis for quantifying information flow in a simple imperative language. Proceedings of the 28th ieee computer security foundations symposium csf. In this report, we examine jif, a java extension which augments the language with features related to security. Ieee journal on selected areas in communications, 211. However, their enforcement in concrete systems involves delicate compilation issues. Automatic discovery and quantification of information leaks. Bisimulation for secure information flow analysis of multi.
Reference management, bibliography management, citations and a whole lot more. A library for lightweight informationflow security in haskell. Practical finegrained decentralized information flow control. Secure information flow is a security mechanism for establishing program confidentiality. Most previous work on languagebased security has assumed that programs run in a closed, managed environment and that they use potentially unsafe constructs, such as declassification, to interface to external communication channels, perhaps after encrypting data. Current standard security practices do not provide substantial assurance that the endtoend behavior of a computing system satisfies important security policies such as confidentiality.
In this paper, we survey the past three decades of research on information flow security, particularly focusing on work that uses static program analysis to enforce information flow policies. In languagebased security, confidentiality and integrity policies conveniently specify the permitted flows of information between different parts of a program with diverse levels of trust. Languagebased informationflow security steve zdancewic university of pennsylvania. This paper discusses how to ensure confidentiality for multithreaded programs through a property called observational determinism. Unlike other languagebased work, lio also bounds the current label with a current. Volpano, secure information flow in a multithreaded imperative language, in. Citeseerx document details isaac councill, lee giles, pradeep teregowda. Then, we point out some interesting links between non. Myers abstractcurrent standard security practices do not provide substantial assurance that the endtoend behavior of a computing system satis. To do this, we give a superficial overview of informationflow security and in particular, noninterference as a central notion in this field. Contextual integrity through the lens of computer science examines computer science literature using contextual integrity and discovers.
It addresses various concerns about software security by using programming language techniques such as type systems and program analysistransformation. An endtoend confidentiality policy might assert that secret input data cannot be inferred by an attacker through the attackers. In a system that correctly enforces erasure requirements, an attacker who observes the system after sensitive data is required to have been erased cannot deduce anything about the. Languagebased techniques are also used in other ongoing securityresearch, wherethe goal is to use type safety to protect the machine against subversion by mobile code e. Proceedings of the 25th acm sig plansigact symposium on principles of programming languages, january 1921. Information flow analyses are a way to ensure that a computer system does not release confidential data to the public. Towards sos metatheory for languagebased security core. Openshell improve your productivity and user experience with open shell, a windows start menu alternative for. Zdancewic 2 confidential data networked information systems. It is used to check the security of our wps wireless networks and to detect possible security breaches. The idea is to abstract from language based security and consider generically data as distinguished between internal that has to be protected by the program and observable. Opportunities for language based information flow security. In this paper, we give an exploratory account of this issue in the context of language based security.
Proof system for abstract noninterference journal of logic. The sufficiency of information flow depends on the attacker model. Myers, languagebased informationflow security, ieee journal on selected areas in communications 21 1 2003 519. Instructionlevel security analysis for information flow. Language based security has been a hot research area of computer security in the last decade. The portal can access those files and use them to remember the users data, such as their chosen settings screen view, interface language, etc. A hardware design language for timingsensitive information. However, it requires some learning, to work with bibtex and to choose the right style. This model defines the capabilities of the attacker, such as being able to observe program output, read program code or even inject code in the program. This paper presents a languagebased notion of information flow security known as noninterference, and shows how to prove the property with a type system. We describe a new, dynamic, floatinglabel approach to languagebased information flow control.
609 233 523 1311 658 446 7 27 935 58 1332 936 1540 58 334 711 576 478 1218 124 1344 872 1402 1179 271 753 9 401 407 1013 885 774 83