European Symposium on Programming

ESOP 2010: Programming Languages and Systems pp 529-549

Enforcing Stateful Authorization and Information Flow Policies in Fine

  • Nikhil Swamy
  • Juan Chen
  • Ravi Chugh
Conference paper

DOI: 10.1007/978-3-642-11957-6_28

Volume 6012 of the book series Lecture Notes in Computer Science (LNCS)

Abstract

Proving software free of security bugs is hard. Languages that ensure that programs correctly enforce their security policies would help, but, to date, no security-typed language has the ability to verify the enforcement of the kinds of policies used in practice—dynamic, stateful policies which address a range of concerns including forms of access control and information flow tracking.

This paper presents Fine, a new source-level security-typed language that, through the use of a simple module system and dependent, refinement, and affine types, checks the enforcement of dynamic security policies applied to real software. Fine is proven sound. A prototype implementation of the compiler and several example programs are available from http://research.microsoft.com/fine.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Nikhil Swamy
    • 1
  • Juan Chen
    • 1
  • Ravi Chugh
    • 2
  1. 1.Microsoft ResearchRedmond
  2. 2.University of CaliforniaSan Diego