Advertisement

Robust Declassification by Incremental Typing

  • Matteo Busi
  • Pierpaolo DeganoEmail author
  • Letterio Galletta
Chapter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11565)

Abstract

Security of software systems has to be preserved while they grow and change incrementally. The problem is to make the analysis of their security properties adhere to such a development. In particular we concentrate here on static type systems. Given a non-incremental type system, the algorithm we propose permits using it incrementally, so avoiding to develop new incremental versions of it. As a proof-of-concept we show how our technique permits an incremental checking of non-interference with robust declassification, starting from the classical type system by Myers, Sabelfeld and Zdancewic.

References

  1. 1.
    Abadi, M.: Secrecy by typing in security protocols. In: Abadi, M., Ito, T. (eds.) TACS 1997. LNCS, vol. 1281, pp. 611–638. Springer, Heidelberg (1997).  https://doi.org/10.1007/BFb0014571CrossRefGoogle Scholar
  2. 2.
    Abadi, M.: Secrecy by typing in security protocols. J. ACM 46(5), 749–786 (1999)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Bartoletti, M., Degano, P., Ferrari, G.L., Zunino, R.: Local policies for resource usage analysis. ACM Trans. Program. Lang. Syst. 31(6), 23:1–23:43 (2009)CrossRefGoogle Scholar
  4. 4.
    Busi, M., Degano, P., Galletta, L.: Using standard typing algorithms incrementally. In: 11th NASA Formal Methods, Proceedings. To appear in LNCS. Springer (2019). https://arxiv.org/abs/1808.00225
  5. 5.
    Calcagno, C., et al.: Moving fast with software verification. In: Havelund, K., Holzmann, G., Joshi, R. (eds.) NFM 2015. LNCS, vol. 9058, pp. 3–11. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-17524-9_1CrossRefGoogle Scholar
  6. 6.
    Flanagan, C., Abadi, M.: Types for safe locking. In: Swierstra, S.D. (ed.) ESOP 1999. LNCS, vol. 1576, pp. 91–108. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-49099-X_7CrossRefGoogle Scholar
  7. 7.
    Grossman, D., Morrisett, G., Jim, T., Hicks, M., Wang, Y., Cheney, J.: Region-based memory management in cyclone. SIGPLAN Not. 37(5), 282–293 (2002).  https://doi.org/10.1145/543552.512563CrossRefGoogle Scholar
  8. 8.
    Harman, M., O’Hearn, P.: From start-ups to scale-ups: opportunities and open problems for static and dynamic program analysis. In: IEEE International Working Conference on Source Code Analysis and Manipulation (2018)Google Scholar
  9. 9.
    Higuchi, T., Ohori, A.: A static type system for JVM access control. ACM Trans. Program. Lang. Syst. 29(1), 4 (2007)CrossRefGoogle Scholar
  10. 10.
    Leroy, X., Pessaux, F.: Type-based analysis of uncaught exceptions. ACM Trans. Program. Lang. Syst. 22(2), 340–377 (2000)CrossRefGoogle Scholar
  11. 11.
    Meadows, C.A.: Formal methods for cryptographic protocol analysis: emerging issues and trends. IEEE J. Sel. Areas Commun. 21(1), 44–54 (2003)CrossRefGoogle Scholar
  12. 12.
    Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification and qualified robustness. J. Comput. Secur. 14(2), 157–196 (2006)CrossRefGoogle Scholar
  13. 13.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2003).  https://doi.org/10.1109/JSAC.2002.806121CrossRefGoogle Scholar
  14. 14.
    Smith, G.: Principles of secure information flow analysis. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. (eds.) Malware Detection, pp. 291–307. Springer, Boston (2007).  https://doi.org/10.1007/978-0-387-44599-1_13CrossRefGoogle Scholar
  15. 15.
    Volpano, D.M., Irvine, C.E., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2/3), 167–188 (1996)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Dipartimento di InformaticaUniversità di PisaPisaItaly
  2. 2.IMT School for Advanced StudiesLuccaItaly

Personalised recommendations