JRIF: Reactive Information Flow Control for Java

  • Elisavet KozyriEmail author
  • Owen Arden
  • Andrew C. Myers
  • Fred B. Schneider
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11565)


A reactive information flow (RIF) automaton for a value v specifies (i) restrictions on uses for v and (ii) the RIF automaton for any value that might be derived from v. RIF automata thus specify how transforming a value alters restrictions for the result. As labels, RIF automata are both expressive and intuitive vehicles for describing allowed information flows. JRIF is a dialect of Java that uses RIF automata for specifying information flow control policies. The implementation of JRIF involved replacing the information flow type system of the Jif language by a RIF-based type system. JRIF demonstrates (i) the practicality and utility of RIF automata, and (ii) the ease with which an existing information flow control system can be modified to support the expressive power of RIF automata.


Information flow control Reclassification Automata 


  1. 1.
    Askarov, A., Sabelfeld, A.: Gradual release: unifying declassification, encryption and key release policies. In: IEEE Symposium on Security and Privacy, pp. 207–221 (2007).
  2. 2.
    Banerjee, A., Naumann, D., Rosenberg, S.: Expressive declassification policies and modular static enforcement. In: IEEE Symposium on Security and Privacy, pp. 339–353 (2008).
  3. 3.
    Bell, E.D., LaPadula, J.L.: Secure computer systems: mathematical foundations (1973)Google Scholar
  4. 4.
    Broberg, N., van Delft, B., Sands, D.: Paragon for practical programming with information-flow control. In: Shan, C. (ed.) APLAS 2013. LNCS, vol. 8301, pp. 217–232. Springer, Cham (2013). Scholar
  5. 5.
    Broberg, N., Sands, D.: Flow locks: towards a core calculus for dynamic flow policies. In: Sestoft, P. (ed.) ESOP 2006. LNCS, vol. 3924, pp. 180–196. Springer, Heidelberg (2006). Scholar
  6. 6.
    Cheng, W., et al.: Abstractions for usable information flow control in Aeolus. In: Proceedings of the 2012 USENIX Conference on Annual Technical Conference, USENIX ATC 2012, p. 12. USENIX Association, Berkeley (2012).
  7. 7.
    Chong, S., Myers, A.: End-to-end enforcement of erasure and declassification. In: 2008 IEEE 21st Computer Security Foundations Symposium, CSF 2008, pp. 98–111 (2008).
  8. 8.
    Denning, D.E.R.: Secure information flow in computer systems. Ph.D. thesis, West Lafayette, IN, USA (1975)Google Scholar
  9. 9.
    Efstathopoulos, P., et al.: Labels and event processes in the Asbestos operating system. In: Proceedings of the Twentieth ACM Symposium on Operating Systems Principles, SOSP 2005, pp. 17–30. ACM, New York (2005).
  10. 10.
    Elnikety, E., Garg, D., Druschel, P.: SHAI: enforcing data-specific policies with near-zero runtime overhead. Technical report, Max Planck Institute for Software Systems, Saarland Informatics Campus, Germany, January 2018Google Scholar
  11. 11.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)Google Scholar
  12. 12.
    Hammer, C., Snelting, G.: Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. Int. J. Inf. Secur. 8(6), 399–422 (2009). Scholar
  13. 13.
    Hicks, B., King, D., McDaniel, P., Hicks, M.: Trusted declassification: high-level policy for a security-typed language. In: Proceedings of the 2006 Workshop on Programming Languages and Analysis for Security, PLAS 2006, pp. 65–74. ACM, New York (2006).
  14. 14.
    Johnson, A., Waye, L., Moore, S., Chong, S.: Exploring and enforcing security guarantees via program dependence graphs. In: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2015, pp. 291–302. ACM, New York (2015).
  15. 15.
    Kanav, S., Lammich, P., Popescu, A.: A conference management system with verified document confidentiality. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 167–183. Springer, Cham (2014). Scholar
  16. 16.
    Kozyri, E.: Enhancing expressiveness of information flow labels: reclassification and permissiveness. Ph.D. thesis, Ithaca, NY, USA (2018)Google Scholar
  17. 17.
    Kozyri, E., Arden, O., Myers, A.C., Schneider, F.B.: JRIF: Java with Reactive Information Flow, February 2016. Software release
  18. 18.
    Krohn, M., et al.: Information flow control for standard OS abstractions. In: Proceedings of Twenty-First ACM SIGOPS Symposium on Operating Systems Principles, SOSP 2007, pp. 321–334. ACM, New York (2007).
  19. 19.
    Li, P., Zdancewic, S.: Downgrading policies and relaxed noninterference. In: Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005, pp. 158–170. ACM, New York (2005).
  20. 20.
    Li, P., Zdancewic, S.: Practical information-flow control in web-based information systems. In: Proceedings of the 18th IEEE Workshop on Computer Security Foundations, CSFW 2005, pp. 2–15. IEEE Computer Society, Washington, DC (2005).
  21. 21.
    Myers, A.C., Zheng, L., Zdancewic, S., Chong, S., Nystrom, N.: JIF 3.0: Java Information Flow. Software release, July 2006
  22. 22.
    Myers, A.C.: JFlow: Practical mostly-static information flow control. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1999, pp. 228–241. ACM, New York (1999).
  23. 23.
    Myers, A.C., Liskov, B.: A decentralized model for information flow control. In: Proceedings of the Sixteenth ACM Symposium on Operating Systems Principles, SOSP 1997, pp. 129–142. ACM, New York (1997).
  24. 24.
    Pottier, F., Conchon, S.: Information flow inference for free. In: Proceedings of the Fifth ACM SIGPLAN International Conference on Functional Programming, ICFP 2000, pp. 46–57. ACM, New York (2000).
  25. 25.
    Rocha, B., Bandhakavi, S., den Hartog, J., Winsborough, W., Etalle, S.: Towards static flow-based declassification for legacy and untrusted programs. In: IEEE Symposium on Security and Privacy, pp. 93–108 (2010).
  26. 26.
    Rocha, B., Conti, M., Etalle, S., Crispo, B.: Hybrid static-runtime information flow and declassification enforcement. IEEE Trans. Inf. Forensics Secur. 8(8), 1294–1305 (2013). Scholar
  27. 27.
    Roy, I., Porter, D.E., Bond, M.D., McKinley, K.S., Witchel, E.: Laminar: practical fine-grained decentralized information flow control. In: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2009, pp. 63–74. ACM, New York (2009).
  28. 28.
    Rushby, J.: Noninterference, transitivity and channel-control security policies. Technical report (1992)Google Scholar
  29. 29.
    Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2003). Scholar
  30. 30.
    Sabelfeld, A., Myers, A.C.: A model for delimited information release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004). Scholar
  31. 31.
    Sabelfeld, A., Sands, D.: Declassification: dimensions and principles. J. Comput. Secur. 17(5), 517–548 (2009).
  32. 32.
    Schneider, F.B., Walsh, K., Sirer, E.G.: Nexus Authorization Logic (NAL): design rationale and applications. ACM Trans. Inf. Syst. Secur. 14(1), 8:1–8:28 (2011). Scholar
  33. 33.
    Stefan, D., Russo, A., Mitchell, J.C., Mazières, D.: Flexible dynamic information flow control in Haskell. In: Proceedings of the 4th ACM Symposium on Haskell, Haskell 2011, pp. 95–106. ACM, New York (2011).
  34. 34.
    Volpano, D., Irvine, C., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2–3), 167–187 (1996).
  35. 35.
    Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making information flow explicit in HiStar. In: Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation-Volume 7, OSDI 2006, p. 19. USENIX Association, Berkeley (2006).
  36. 36.
    Zheng, L., Myers, A.C.: Dynamic security labels and static information flow control. Int. J. Inf. Secur. 6(2), 67–84 (2007). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Elisavet Kozyri
    • 1
    Email author
  • Owen Arden
    • 2
  • Andrew C. Myers
    • 1
  • Fred B. Schneider
    • 1
  1. 1.Cornell UniversityIthacaUSA
  2. 2.University of CaliforniaSanta CruzUSA

Personalised recommendations