Transformational typing and unification for automatically correcting insecure programs

Special Issue Paper

Abstract

Before starting a rigorous security analysis of a given software system, the most likely outcome is often already clear, namely that the system is not entirely secure. Modifying a program such that it passes the analysis is a difficult problem and usually left entirely to the programmer. In this article, we show that and how unification can be used to compute such program transformations. This opens a new perspective on the problem of correcting insecure programs. We also demonstrate that integrating our approach into an existing transforming type system can improve the precision of the analysis and the quality of the resulting programs.

Keywords

Language-based security Information flow control Security type system Unification 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Agat, J.: Transforming out timing leaks. In: Proceedings of the 27th ACM Symposium on Principles of Programming Languages, pp. 40–53 (2000)Google Scholar
  2. 2.
    Barthe, G., Rezk, T., Warnier, M.: Preventing timing leaks through transactional branching instructions. In: Proceedings of 3rd Workshop on Quantitative Aspects of Programming Languages (QAPL’05). ENTCS, (2005)Google Scholar
  3. 3.
    Baader, F., Snyder, W.: Unification theory. In: Robinson, A., Voronkov, A. (eds.), Handbook of Automated Reasoning, vol. I, chap. 8, pp. 445–532. Elsevier Science, Amsterdam (2001)Google Scholar
  4. 4.
    Dam, M.: Decidability and proof systems for language-based noninterference relations. In: Proceedings of the 33rd ACM Symposium on Principles of Programming Languages, pp. 67–78 (2006)Google Scholar
  5. 5.
    Denning D.E. (1982). Cryptography and Data Security. Addison-Wesley, New York MATHGoogle Scholar
  6. 6.
    Hedin D. and Sands D. (2005). Timing aware information flow security for a javacard-like bytecode. Electr. Notes Theor. Comput. Sci. 141(1): 163–182 CrossRefGoogle Scholar
  7. 7.
    Herold A. and Siekmann J. (1987). Unification in Abelian semigroups. J. Autom. Reason. 3: 247–283 MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Köpf, B., Mantel, H.: Eliminating implicit information leaks by transformational typing and unification. In: Proceedings of FAST’05: 3rd International Workshop on Formal Aspects in Security and Trust. LNCS, vol. 3866, pp. 47–62. Springer, Heidelberg (2006)Google Scholar
  9. 9.
    Mantel, H., Sands, D.: Controlled declassification based on intransitive noninterference. In: Proceedings of the 2nd ASIAN Symposium on Programming Languages and Systems, APLAS 2004. LNCS, vol. 3303, pp. 129–145, Taipei, Taiwan, 4–6 November 2004. Springer, Heidelberg (2004)Google Scholar
  10. 10.
    McLean, J.D.: A general theory of composition for trace sets closed under selective interleaving functions. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 79–93, Oakland, CA, USA (1994)Google Scholar
  11. 11.
    Sabelfeld, A.: The impact of synchronisation on secure information flow in concurrent programs. In: Proceedings of Andrei Ershov 4th International Conference on Perspectives of System Informatics. vol. 2244, pp. 225–239 (2001)Google Scholar
  12. 12.
    Sabelfeld A. and Myers A.C. (2003). Language-based information-flow security. IEEE J. Selected Areas in Communication 21(1): 5–19 CrossRefGoogle Scholar
  13. 13.
    Sabelfeld, A., Sands, D.: A per model of secure information flow in sequential programs. In: Proceedings of the 8th European Symposium on Programming, LNCS, pp. 50–59 (1999)Google Scholar
  14. 14.
    Sabelfeld, A., Sands, D.: Probabilistic noninterference for multi-threaded programs. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop, pp. 200–215, Cambridge, UK (2000)Google Scholar
  15. 15.
    Schneider B.F. (2000). Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1): 30–50 CrossRefGoogle Scholar
  16. 16.
    Volpano, D., Smith, G.: Probabilistic noninterference in a concurrent language. In: Proceedings of the 11th IEEE Computer Security Foundations Workshop, pp. 34–43, Rockport, Massachusetts (1998)Google Scholar

Copyright information

© Springer-Verlag 2007

Authors and Affiliations

  1. 1.Information SecurityETH ZurichZurichSwitzerland
  2. 2.Department of Computer ScienceRWTH Aachen UniversityAachenGermany

Personalised recommendations