A type-based approach to program security

  • Dennis Volpano
  • Geoffrey Smith
III FASE FASE-3: Types and Their Applications
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1214)


This paper presents a type system which guarantees that well-typed programs in a procedural programming language satisfy a noninterference security property. With all program inputs and outputs classified at various security levels, the property basically states that a program output, classified at some level, can never change as a result of modifying only inputs classified at higher levels. Intuitively, this means the program does not “leak” sensitive data. The property is similar to a notion introduced years ago by Goguen and Meseguer to model security in multi-level computer systems [7]. We also give an algorithm for inferring and simplifying principal types, which document the security requirements of programs.


Type System Type Variable Security Level Type Scheme Typing Rule 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abadi, M., Secrecy by Typing in Cryptographic Protocols (Draft), unpublished manuscript, DEC Systems Research Center, December 1996.Google Scholar
  2. 2.
    Andrews, G. and Reitman, R., An Axiomatic Approach to Information Flow in Programs, ACM Trans. on Programming Languages and Systems, 2, 1, pp. 56–76, 1980.CrossRefGoogle Scholar
  3. 3.
    Banâtre, J., Bryce, C., and Le Métayer, D., Compile-time Detection of Information Flow in Sequential Programs, Proc. 3rd ESORICS, LNCS 875, pp. 55–73, 1994.Google Scholar
  4. 4.
    Bell, D. and LaPadula, L., Secure Computer System: Mathematical Foundations and Model, MITRE Corp. Tech Report M74-244, 1973.Google Scholar
  5. 5.
    Denning, D., A Lattice Model of Secure Information Flow, Comm of the ACM, 19, 5, pp. 236–242, 1976.CrossRefGoogle Scholar
  6. 6.
    Denning, D. and Denning, P., Certification of Programs for Secure Information Flow, Comm of the ACM, 20, 7, pp. 504–513, 1977.CrossRefGoogle Scholar
  7. 7.
    Goguen, J. and Meseguer, J., Security Policies and Security Models, Proc. 1982 IEEE Symposium on Security and Privacy, pp. 11–20, 1982.Google Scholar
  8. 8.
    Mizuno, M. and Schmidt, D., A Security Flow Control Algorithm and its Denotational Semantics Correctness Proof, Formal Aspects of Computing, 4:6A, pp. 722–754, 1992.Google Scholar
  9. 9.
    Necula, G., Proof-Carrying Code, to appear in Proc. 24th Symp. on Principles of Programming Languages, January 1997.Google Scholar
  10. 10.
    ØrbÆk, P., Can You Trust Your Data?, Proc. 1995 TAPSOFT, LNCS 915, pp. 575–589, 1995.Google Scholar
  11. 11.
    Palsberg, J. and ØrbÆk, P., Trust in the λ-calculus, Proc. 1995 Static Analysis Symposium, LNCS 983, pp. 314–329, 1995.Google Scholar
  12. 12.
    Reynolds, J. Preliminary Design of the Programming Language Forsythe, Technical Report CMU-CS-88-159, Carnegie Mellon University, June 1988.Google Scholar
  13. 13.
    Smith, G., Principal Type Schemes for Functional Programs with Overloading and Subtypmg, Science of Computer Programming, 23, pp. 197–226, 1994.CrossRefGoogle Scholar
  14. 14.
    Smith, G. and Volpano, D., Polymorphic Typing of Variables and References, ACM Trans. on Programming Languages and Systems, 18, 3, pp. 254–267, 1996.CrossRefGoogle Scholar
  15. 15.
    Tiuryn, J., Subtype Inequalities, Proc. 1992 IEEE Symp. on Logic in Computer Science, pp. 308–315, 1992.Google Scholar
  16. 16.
    Tofte, M., Type Inference for Polymorphic References, Information and Computation, 89, pp. 1–34, 1990.CrossRefMathSciNetGoogle Scholar
  17. 17.
    Volpano, D., Smith, G. and Irvine, C., A Sound Type System for Secure Flow Analysis, J. Computer Security, 4, 3, pp. 1–21, 1996.Google Scholar
  18. 18.
    Wand, M. and O'Keefe, P., On the Complexity of Type Inference with Coercion, Proc. ACM Conf. on Functional Programming Languages and Computer Architecture, pp. 293–298, 1989.Google Scholar
  19. 19.
    Wright, A., Simple Imperative Polymorphism, Journal of Lisp and Symbolic Computing, 8, 4, pp. 343–356, 1995.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • Dennis Volpano
    • 1
  • Geoffrey Smith
    • 2
  1. 1.Department of Computer ScienceNaval Postgraduate SchoolMontereyUSA
  2. 2.School of Computer ScienceFlorida International UniversityMiamiUSA

Personalised recommendations