Enforcing Stateful Authorization and Information Flow Policies in Fine

  • Nikhil Swamy
  • Juan Chen
  • Ravi Chugh
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6012)


Proving software free of security bugs is hard. Languages that ensure that programs correctly enforce their security policies would help, but, to date, no security-typed language has the ability to verify the enforcement of the kinds of policies used in practice—dynamic, stateful policies which address a range of concerns including forms of access control and information flow tracking.

This paper presents Fine, a new source-level security-typed language that, through the use of a simple module system and dependent, refinement, and affine types, checks the enforcement of dynamic security policies applied to real software. Fine is proven sound. A prototype implementation of the compiler and several example programs are available from .


Security Policy Dependent Type Stateful Authorization Proof Obligation Type Check 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bengtson, J., Bhargavan, K., Fournet, C., Gordon, A.D., Maffeis, S.: Refinement types for secure implementations. In: CSF (2008)Google Scholar
  2. 2.
    Bertot, Y., Castéran, P.: Coq’Art: Interactive Theorem Proving and Program Development. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  3. 3.
    Borgstroem, J., Gordon, A., Pucella, R.: Roles, stacks, histories: A triple for hoare. Technical Report MSR-TR-2009-97, Microsoft Research (2009)Google Scholar
  4. 4.
    Chlipala, A., Malecha, G., Morrisett, G., Shinnar, A., Wisnesky, R.: Effective interactive proofs for higher-order imperative programs. In: ICFP (2009)Google Scholar
  5. 5.
    Chong, S., Myers, A.C., Nystrom, N., Zheng, L., Zdancewic, S.: Jif: Java + information flow (July 2006); Software releaseGoogle Scholar
  6. 6.
    de Moura, L., Bjørner, N.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Dougherty, D.J., Fisler, K., Krishnamurthi, S.: Specifying and reasoning about dynamic access-control policies. LNCS. Springer, Heidelberg (2006)Google Scholar
  8. 8.
    ECMA. Standard ECMA-335: Common language infrastructure (2006)Google Scholar
  9. 9.
    Flanagan, C.: Hybrid type checking. In: POPL. ACM, New York (2006)Google Scholar
  10. 10.
    Flanagan, C., Sabry, A., Duba, B.F., Felleisen, M.: The essence of compiling with continuations. In: PLDI. ACM, New York (1993)Google Scholar
  11. 11.
    Grossman, D., Morrisett, G., Zdancewic, S.: Syntactic type abstraction. ACM TOPLAS 22(6) (2000)Google Scholar
  12. 12.
    Jackson, D.: Alloy: a lightweight object modelling notation. TOSEM 11(2) (2002)Google Scholar
  13. 13.
    Jia, L., Vaughan, J., Mazurak, K., Zhao, J., Zarko, L., Schorr, J., Zdancewic, S.: Aura: A programming language for authorization and audit. In: ICFP (2008)Google Scholar
  14. 14.
    Krishnamurthi, S., Hopkins, P.W., Mccarthy, J., Graunke, P.T., Pettyjohn, G., Felleisen, M.: Implementation and use of the PLT Scheme web server. HOSC 20(4) (2007)Google Scholar
  15. 15.
    Levy, H.M.: Capability-Based Computer Systems. Butterworth-Heinemann, Butterworths (1984)Google Scholar
  16. 16.
    McBride, C., McKinna, J.: The view from the left. JFP 14(1) (2004)Google Scholar
  17. 17.
    Norell, U.: Towards a practical programming language based on dependent type theory. PhD thesis, Chalmers Institute of Technology (2007)Google Scholar
  18. 18.
    Simonet, V.: FlowCaml in a nutshell. In: Hutton, G. (ed.) APPSEM-II, pp. 152–165 (2003)Google Scholar
  19. 19.
    Stump, A., Deters, M., Petcher, A., Schiller, T., Simpson, T.: Verified programming in Guru. In: PLPV (2008)Google Scholar
  20. 20.
    Swamy, N., Chen, J., Chugh, R.: Enforcing stateful authorization and information flow policies in Fine. Technical Report MSR-TR-2009-164, Microsoft Research (2009)Google Scholar
  21. 21.
    Swamy, N., Corcoran, B.J., Hicks, M.: Fable: A language for enforcing user-defined security policies. In: S&P (2008)Google Scholar
  22. 22.
    Swamy, N., Hicks, M.: Verified enforcement of stateful information release policies. In: PLAS (2008)Google Scholar
  23. 23.
    Syme, D., Granicz, A., Cisternino, A.: Expert F#. Apress (2007)Google Scholar
  24. 24.
    Wadler, P.: Linear types can change the world. In: Prog. Concepts and Methods (1990)Google Scholar
  25. 25.
    Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. In: SOSP (1993)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Nikhil Swamy
    • 1
  • Juan Chen
    • 1
  • Ravi Chugh
    • 2
  1. 1.Microsoft ResearchRedmond
  2. 2.University of CaliforniaSan Diego

Personalised recommendations