Information Flow Analysis for a Typed Assembly Language with Polymorphic Stacks

  • Eduardo Bonelli
  • Adriana Compagnoni
  • Ricardo Medel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3956)


We study secure information flow in a stack based Typed Assembly Language (TAL). We define a TAL with an execution stack and establish the soundness of its type system by proving non-interference. One of the problems of studying information flow for a low-level language is the absence of high-level control flow constructs that guide information flow analysis in high-level languages. Furthermore, in the presence of an execution stack, code that frees space on the stack must be constrained in order to avoid illegal flows. Finally, in the presence of stack polymorphism, we must ensure that type variables are instantiated without observable differences. These issues are addressed by introducing junction points into the type system, ensuring that they behave as ordered linear continuations, and that they interact safely with the execution stack. We also discuss several limitations of our approach and point out some remaining open issues.


Security Level Code Block Operational Semantic Junction Point Register Bank 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aspinall, D., Compagnoni, A.B.: Heap bounded assembly language. Journal of Automated Reasoning, Special Issue on Proof-Carrying Code 31(3-4), 261–302 (2003)CrossRefMATHGoogle Scholar
  2. 2.
    Banerjee, A., Naumann, D.: Secure information flow and pointer confinement in a Java-like language. In: Proceedings of Fifteenth IEEE Computer Security Foundations - CSFW, June 2002, pp. 253–267 (2002)Google Scholar
  3. 3.
    Barthe, G., Basu, A., Rezk, T.: Security types preserving compilation. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 2–15. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Bell, D., LaPadula, L.: Secure computer systems: Mathematical foundations and model. Technical Report MTR 2547 v2, MITRE (November 1973)Google Scholar
  5. 5.
    Biba, K.: Integrity considerations for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, MA (April 1977)Google Scholar
  6. 6.
    Bonelli, E., Compagnoni, A., Medel, R.: Information flow analysis for a typed assembly language with polymorphic stacks (2005),
  7. 7.
    Bonelli, E., Compagnoni, A., Medel, R.: SIFTAL: A typed assembly language for secure information flow analysis (2005),
  8. 8.
    Chothia, T., Duggan, D., Vitek, J.: Type-based distributed access control. In: Proc. of IEEE Computer Security Foundations Workshop, Asilomar, California (2003)Google Scholar
  9. 9.
    Crary, K., Kliger, A., Pfenning, F.: A monadic analysis of information flow security with mutable state. Technical Report CMU-CS-03-164, Carnegie Mellon University (September 2003)Google Scholar
  10. 10.
    Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–242 (1976)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Communications of the ACM 20(7), 504–513 (1977)CrossRefMATHGoogle Scholar
  12. 12.
    Feiertag, R.J., Levitt, K.N., Robinson, L.: Proving multilevel security of a system design. In: 6th ACM Symp. Operating System Principles, November 1977, pp. 57–65 (1977)Google Scholar
  13. 13.
    Goguen, J.A., Meseguer, J.: Security policy and security models. In: Proceedings of the Symposium on Security and Privacy, pp. 11–20. IEEE Press, Los Alamitos (1982)Google Scholar
  14. 14.
    Hedin, D., Sands, D.: Timing aware information flow security for a JavaCard-like bytecode. In: Proceedings of the First Workshop on Bytecode Semantics, Verification, Analysis and Transformation (Bytecode 2005), December 2005. Electronic Notes in Theoretical Computer Science, vol. 141(1), pp. 163–182 (2005)Google Scholar
  15. 15.
    Medel, R., Compagnoni, A., Bonelli, E.: A typed assembly language for non-interference. In: Coppo, M., Lodi, E., Pinna, G.M. (eds.) ICTCS 2005. LNCS, vol. 3701, pp. 360–374. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Morrisett, G., Crary, K., Glew, N., Walker, D.: Stack-based typed assembly language. In: Leroy, X., Ohori, A. (eds.) TIC 1998. LNCS, vol. 1473, pp. 28–52. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Morrisett, G., Walker, D., Crary, K., Glew, N.: From System F to Typed Assembly Language. ACM Transactions on Programming Languages and Systems 21(3), 528–569 (1999); This is the expanded version of a paper that appeared in Twenty-Fifth ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Diego, CA, USA, pp. 85–97 (January 1998)Google Scholar
  18. 18.
    Myers, A., Sabelfeld, A.: A model for delimited information release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Myers, A., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification. In: 7th IEEE Computer Security Foundations Workshop (2004)Google Scholar
  20. 20.
    Necula, G.: Compiling with Proofs. PhD thesis, Carnegie Mellon University (September 1998)Google Scholar
  21. 21.
    Neumman, P.G., Feiertag, R.J., Levitt, K.N., Robinson, L.: Software development and proofs of multi-level security. In: Proceedings of the 2nd International Conference on Software Engineering, pp. 421–428. IEEE Computer Society, Los Alamitos (1976)Google Scholar
  22. 22.
    Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1) (2003)Google Scholar
  23. 23.
    Smith, F., Walker, D., Morrisett, G.: Alias types. In: Smolka, G. (ed.) ESOP 2000. LNCS, vol. 1782, pp. 366–381. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  24. 24.
    Volpano, D.M., Smith, G.: A type-based approach to program security. In: Bidoit, M., Dauchet, M. (eds.) TAPSOFT 1997. LNCS, vol. 1214, pp. 607–621. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  25. 25.
    Xi, H., Harper, R.: A dependently typed assembly language. Technical Report OGI-CSE-99-008, Oregon Graduate Institute of Science and Technology (July 1999)Google Scholar
  26. 26.
    Yu, D., Islam, N.: A typed assembly language for confidentiality. Personal Communication (July 2005)Google Scholar
  27. 27.
    Zdancewic, S., Myers, A.: Robust declassification. In: Proc. of 14th IEEE Computer Security Foundations Workshop, Cape Breton, Canada, June 2001, pp. 15–23 (2001)Google Scholar
  28. 28.
    Zdancewic, S., Myers, A.: Secure information flow via linear continuations. Higher Order and Symbolic Computation 15(2–3) (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Eduardo Bonelli
    • 1
  • Adriana Compagnoni
    • 2
  • Ricardo Medel
    • 2
  1. 1.LIFIA, Fac. de InformáticaUniv. Nac. de La PlataArgentina
  2. 2.Stevens Institute of TechnologyHobokenUSA

Personalised recommendations