Skip to main content
SpringerLink
Log in

Secure Information Flow via Linear Continuations

  • Published:
Higher-Order and Symbolic Computation

Abstract

Security-typed languages enforce secrecy or integrity policies by type-checking. This paper investigates continuation-passing style (CPS) as a means of proving that such languages enforce noninterference and as a first step towards understanding their compilation. We present a low-level, secure calculus with higher-order, imperative features and linear continuations.

Linear continuations impose a stack discipline on the control flow of programs. This additional structure in the type system lets us establish a strong information-flow security property called noninterference. We prove that our CPS target language enjoys the noninterference property and we show how to translate secure high-level programs to this low-level language. This noninterference proof is the first of its kind for a language with higher-order functions and state.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi, M., Banerjee, A., Heintze, N., and Riecke, J. A core calculus of dependency. In Proc. 26th ACMSymp. on Principles of Programming Languages (POPL), San Antonio, TX, 1999, pp. 147–160.

  2. Abramsky, S. Computational interpretations of linear logic. Theoretical Computer Science, 111 (1993) 3–57.

    Google Scholar 

  3. Agat, J. Transforming out timing leaks. In Proc. 27th ACM Symp. on Principles of Programming Languages (POPL), Boston, MA, 2000, pp. 40–53.

  4. Appel, A. Compiling with Continuations. Cambridge University Press, 1992.

  5. Berdine, J., O'Hearn, P.W., Reddy, U.S., and Thielecke, H. Linearly used continuations. In Proceedings of the Continuations Workshop, 2001.

  6. Bierman, G. A classical linear lambda calculus. Theoretical Computer Science, 227(1/2) (1999) 43–78.

    Google Scholar 

  7. Consel, C. and Danvy,O. For a better support of static data flow. In Proceedings of the Fifth ACMConference on Functional Programming and Computer Architecture, J. Hughes (Ed.), Cambridge, MA, 1991, pp. 496–519.

  8. Crary, K., Walker, D., and Morrisett, G. Typed memory management in a calculus of capabilities. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), 1999, pp. 262–275.

  9. Damian, D. and Danvy, O. Syntactic accidents in program analysis:Onthe impact of the CPS transformation. In Proc. 5nd ACMSIGPLAN International Conference on Functional Programming (ICFP), 2000, pp. 209–220.

  10. Damian, D. and Danvy, O. Syntactic accidents in program analysis: On the impact of the CPS transformation. Journal of Functional Programming, to appear. Extended version available as the technical report BRICSRS-01-54.

  11. Danvy,O. Semantics-directed compilation of non-linear patterns. Information Processing Letters, 37(6) (1991) 315–322.

    Google Scholar 

  12. Danvy, O. Formalizing implementation strategies for first-class continuations. In Proc. 9th European Symposium on Programming, Lecture Notes in Computer Science, Vol. 1792, 2000, pp. 88–103.

  13. Danvy, O., Dzafic, B., and Pfenning, F. On proving syntactic properties of CPS programs. In Proceedings of the Third International Workshop on Higher Order Operational Techniques in Semantics, A. Gordon and A. Pitts (Eds.). Electronic Notes in Theoretical Computer Science, Vol. 20, 1999, pp. 19–31.

  14. Danvy, O. and Filinski, A. Representing control: A study of the CPS transformation. Mathematical Structures in Computer Science, 2 (1992) 361–391.

    Google Scholar 

  15. Denning, D.E. A lattice model of secure information flow. Comm. of the ACM, 19(5) (1976) 236–243.

    Google Scholar 

  16. Denning, D.E. and Denning, P.J. Certification of programs for secure information flow. Comm. of the ACM, 20(7) (1977) 504–513.

    Google Scholar 

  17. Filinski, A. Linear continuations. In Proc. 19th ACMSymp. on Principles of Programming Languages (POPL), 1992, pp. 27–38.

  18. Flanagan, C., Sabry, A., Duba, B.F., and Felleisen, M. The essence of compiling with continuations. In Proc. of the '93 SIGPLAN Conference on Programming Language Design, 1993, pp. 237–247.

  19. Girard, J.-Y. Linear logic. Theoretical Computer Science, 50 (1987) 1–102.

    Google Scholar 

  20. Goguen, J.A. and Meseguer, J. Security policies and security models. In Proc. IEEE Symposium on Security and Privacy, 1982, pp. 11–20.

  21. Harper, B. and Lillibridge, M. Polymorphic type assignment and CPS conversion. LISP and Symbolic Computation, 6(3/4) (1993) 361–380.

    Google Scholar 

  22. Heintze, N. and Riecke, J.G. The SLam calculus: Programming with secrecy and integrity. In Proc. 25th ACM Symp. on Principles of Programming Languages (POPL), San Diego, California, 1998, pp. 365–377.

  23. Honda, K., Vasconcelos, V., and Yoshida, N. Secure information flow as typed process behaviour. In Proc. 9th European Symposium on Programming, Lecture Notes in Computer Science, Vol. 1782, 2000, pp. 180–199.

    Google Scholar 

  24. Honda, K. and Yoshida, N. A uniform type structure for secure information flow. In Proc. 29th ACM Symp. on Principles of Programming Languages (POPL), 2002, pp. 81–92.

  25. Jones, N.D., Gomard, C.K., and Sestoft, P. Partial Evaluation and Automatic Program Generation. Prentice-Hall International, London, UK, 1993. Available online at http://www.dina.kvl.dk/ sestoft/ pebook/.

    Google Scholar 

  26. Morrisett, G., Walker, D., Crary, K., and Glew, N. From system F to typed assembly language. ACM Transactions on Programming Languages and Systems, 21(3) (1999) 528–569.

    Google Scholar 

  27. Muchnick, S.S. Advanced Compiler Design and Implementation. Morgan Kaufmann Publishers, San Mateo, CA, 1997.

    Google Scholar 

  28. Muylaert-Filho, J.A. and Burn, G.L. Continuation passing transformation and abstract interpretation. In Theory and Formal Methods 1993: Proceedings of the First Imperial College Department of Computing Workshop on Theory and Formal Methods, G.L. Burn, S.J. Gay, and M.D. Ryan (Eds.), Isle of Thorns, Sussex, 1993, pp. 247–259.

  29. Myers, A.C. JFlow: Practical mostly-static information flow control. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), San Antonio, TX, 1999, pp. 228–241.

  30. Myers, A.C. and Liskov, B. A decentralized model for information flow control. In Proc. 17th ACM Symp. on Operating System Principles (SOSP), Saint-Malo, France, 1997, pp. 129–142.

  31. Necula, G.C. Proof-carrying code. In Proc. 24th ACM Symp. on Principles of Programming Languages (POPL), 1997, pp. 106–119.

  32. Palsberg, J. and Wand, M. CPS transformation of flow information. Journal of Functional Programming, to appear.

  33. Plotkin, G.D. Call-by-name, call-by-value and the ?-calculus. Theoretical Computer Science, 1 (1975) 125–159.

    Google Scholar 

  34. Polakow, J. and Pfenning, F. Properties of terms in continuation-passing style in an ordered logical framework. In 2ndWorkshop on Logical Frameworks and Meta-languages, J. Despeyroux (Ed.), Santa Barbara, California, 2000.

  35. Pottier, F. and Conchon, S. Information flow inference for free. In Proc. 5nd ACM SIGPLAN International Conference on Functional Programming (ICFP), 2000, pp. 46–57.

  36. Sabelfeld, A. and Sands, D. Probabilistic noninterference for multi-threaded programs. In Proc. 13th IEEE Computer Security Foundations Workshop, 2000, pp. 200–214.

  37. Sabelfeld, A. and Sands, D. A PER model of secure information flow in sequential programs. Higher-Order and Symbolic Computation, 14(1) (2001) 59–91.

    Google Scholar 

  38. Sabry, A. and Felleisen, M. Reasoning about programs in continuation-passing style. Lisp and Symbolic Computation, 6(3/4) (1993) 289–360.

    Google Scholar 

  39. Sabry, A. and Felleisen, M. Is continuation-passing useful for data flow analysis? In Proc. SIGPLAN '94 Conference on Programming Language Design and Implementation, 1994, pp. 1–12.

  40. Smith, G. and Volpano, D. Secure information flow in a multi-threaded imperative language. In Proc. 25th ACM Symp. on Principles of Programming Languages (POPL), San Diego, California, 1998, pp. 355–364.

  41. Turner, D.N. and Wadler, P. Operational interpretations of linear logic. Theoretical Computer Science, 227 (1/2) (1999) 231–248.

    Google Scholar 

  42. Volpano, D., Smith, G., and Irvine, C. A sound type system for secure flow analysis. Journal of Computer Security,4(3) (1996) 167–187.

    Google Scholar 

  43. Wadler, P. Linear types can change the world!. In Programming Concepts and Methods,M. Broy and C. Jones (Eds.). 1990.

  44. Wadler, P. A taste of linear logic. In Mathematical Foundations of Computer Science, Lecture Notes in Computer Science, Vol. 711. Springer-Verlag, Berlin, 1993, pp. 185–210.

    Google Scholar 

  45. Wright, A.K. and Felleisen, M. A syntactic approach to type soundness. Information and Computation, 115(1) (1994) 38–94.

    Google Scholar 

  46. Zdancewic, S. and Myers, A.C. Secure information flow and CPS In c. 10th European Symposium on Programming, Lecture Notes in Computer Science, Vol. 2028, 2001, pp. 46–61.

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Cornell University, Ithaca, NY, 14853, USA

    Steve Zdancewic & Andrew C. Myers

Authors
  1. Steve Zdancewic
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrew C. Myers
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zdancewic, S., Myers, A.C. Secure Information Flow via Linear Continuations. Higher-Order and Symbolic Computation 15, 209–234 (2002). https://doi.org/10.1023/A:1020843229247

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/A:1020843229247

Search

Navigation