Advertisement

JRIF: Reactive Information Flow Control for Java

  • Elisavet KozyriEmail author
  • Owen Arden
  • Andrew C. Myers
  • Fred B. Schneider
Chapter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11565)

Abstract

A reactive information flow (RIF) automaton for a value v specifies (i) restrictions on uses for v and (ii) the RIF automaton for any value that might be derived from v. RIF automata thus specify how transforming a value alters restrictions for the result. As labels, RIF automata are both expressive and intuitive vehicles for describing allowed information flows. JRIF is a dialect of Java that uses RIF automata for specifying information flow control policies. The implementation of JRIF involved replacing the information flow type system of the Jif language by a RIF-based type system. JRIF demonstrates (i) the practicality and utility of RIF automata, and (ii) the ease with which an existing information flow control system can be modified to support the expressive power of RIF automata.

Keywords

Information flow control Reclassification Automata 

References

  1. 1.
    Askarov, A., Sabelfeld, A.: Gradual release: unifying declassification, encryption and key release policies. In: IEEE Symposium on Security and Privacy, pp. 207–221 (2007).  https://doi.org/10.1109/SP.2007.22
  2. 2.
    Banerjee, A., Naumann, D., Rosenberg, S.: Expressive declassification policies and modular static enforcement. In: IEEE Symposium on Security and Privacy, pp. 339–353 (2008).  https://doi.org/10.1109/SP.2008.20
  3. 3.
    Bell, E.D., LaPadula, J.L.: Secure computer systems: mathematical foundations (1973)Google Scholar
  4. 4.
    Broberg, N., van Delft, B., Sands, D.: Paragon for practical programming with information-flow control. In: Shan, C. (ed.) APLAS 2013. LNCS, vol. 8301, pp. 217–232. Springer, Cham (2013).  https://doi.org/10.1007/978-3-319-03542-0_16CrossRefzbMATHGoogle Scholar
  5. 5.
    Broberg, N., Sands, D.: Flow locks: towards a core calculus for dynamic flow policies. In: Sestoft, P. (ed.) ESOP 2006. LNCS, vol. 3924, pp. 180–196. Springer, Heidelberg (2006).  https://doi.org/10.1007/11693024_13CrossRefGoogle Scholar
  6. 6.
    Cheng, W., et al.: Abstractions for usable information flow control in Aeolus. In: Proceedings of the 2012 USENIX Conference on Annual Technical Conference, USENIX ATC 2012, p. 12. USENIX Association, Berkeley (2012). http://dl.acm.org/citation.cfm?id=2342821.2342833
  7. 7.
    Chong, S., Myers, A.: End-to-end enforcement of erasure and declassification. In: 2008 IEEE 21st Computer Security Foundations Symposium, CSF 2008, pp. 98–111 (2008).  https://doi.org/10.1109/CSF.2008.12
  8. 8.
    Denning, D.E.R.: Secure information flow in computer systems. Ph.D. thesis, West Lafayette, IN, USA (1975)Google Scholar
  9. 9.
    Efstathopoulos, P., et al.: Labels and event processes in the Asbestos operating system. In: Proceedings of the Twentieth ACM Symposium on Operating Systems Principles, SOSP 2005, pp. 17–30. ACM, New York (2005).  https://doi.org/10.1145/1095810.1095813
  10. 10.
    Elnikety, E., Garg, D., Druschel, P.: SHAI: enforcing data-specific policies with near-zero runtime overhead. Technical report, Max Planck Institute for Software Systems, Saarland Informatics Campus, Germany, January 2018Google Scholar
  11. 11.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)Google Scholar
  12. 12.
    Hammer, C., Snelting, G.: Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. Int. J. Inf. Secur. 8(6), 399–422 (2009).  https://doi.org/10.1007/s10207-009-0086-1CrossRefGoogle Scholar
  13. 13.
    Hicks, B., King, D., McDaniel, P., Hicks, M.: Trusted declassification: high-level policy for a security-typed language. In: Proceedings of the 2006 Workshop on Programming Languages and Analysis for Security, PLAS 2006, pp. 65–74. ACM, New York (2006).  https://doi.org/10.1145/1134744.1134757
  14. 14.
    Johnson, A., Waye, L., Moore, S., Chong, S.: Exploring and enforcing security guarantees via program dependence graphs. In: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2015, pp. 291–302. ACM, New York (2015).  https://doi.org/10.1145/2737924.2737957
  15. 15.
    Kanav, S., Lammich, P., Popescu, A.: A conference management system with verified document confidentiality. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 167–183. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-08867-9_11CrossRefGoogle Scholar
  16. 16.
    Kozyri, E.: Enhancing expressiveness of information flow labels: reclassification and permissiveness. Ph.D. thesis, Ithaca, NY, USA (2018)Google Scholar
  17. 17.
    Kozyri, E., Arden, O., Myers, A.C., Schneider, F.B.: JRIF: Java with Reactive Information Flow, February 2016. Software release http://www.cs.cornell.edu/jrif/
  18. 18.
    Krohn, M., et al.: Information flow control for standard OS abstractions. In: Proceedings of Twenty-First ACM SIGOPS Symposium on Operating Systems Principles, SOSP 2007, pp. 321–334. ACM, New York (2007).  https://doi.org/10.1145/1294261.1294293
  19. 19.
    Li, P., Zdancewic, S.: Downgrading policies and relaxed noninterference. In: Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005, pp. 158–170. ACM, New York (2005).  https://doi.org/10.1145/1040305.1040319
  20. 20.
    Li, P., Zdancewic, S.: Practical information-flow control in web-based information systems. In: Proceedings of the 18th IEEE Workshop on Computer Security Foundations, CSFW 2005, pp. 2–15. IEEE Computer Society, Washington, DC (2005).  https://doi.org/10.1109/CSFW.2005.23
  21. 21.
    Myers, A.C., Zheng, L., Zdancewic, S., Chong, S., Nystrom, N.: JIF 3.0: Java Information Flow. Software release http://www.cs.cornell.edu/jif, July 2006
  22. 22.
    Myers, A.C.: JFlow: Practical mostly-static information flow control. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1999, pp. 228–241. ACM, New York (1999).  https://doi.org/10.1145/292540.292561
  23. 23.
    Myers, A.C., Liskov, B.: A decentralized model for information flow control. In: Proceedings of the Sixteenth ACM Symposium on Operating Systems Principles, SOSP 1997, pp. 129–142. ACM, New York (1997).  https://doi.org/10.1145/268998.266669
  24. 24.
    Pottier, F., Conchon, S.: Information flow inference for free. In: Proceedings of the Fifth ACM SIGPLAN International Conference on Functional Programming, ICFP 2000, pp. 46–57. ACM, New York (2000).  https://doi.org/10.1145/351240.351245
  25. 25.
    Rocha, B., Bandhakavi, S., den Hartog, J., Winsborough, W., Etalle, S.: Towards static flow-based declassification for legacy and untrusted programs. In: IEEE Symposium on Security and Privacy, pp. 93–108 (2010).  https://doi.org/10.1109/SP.2010.14
  26. 26.
    Rocha, B., Conti, M., Etalle, S., Crispo, B.: Hybrid static-runtime information flow and declassification enforcement. IEEE Trans. Inf. Forensics Secur. 8(8), 1294–1305 (2013).  https://doi.org/10.1109/TIFS.2013.2267798CrossRefGoogle Scholar
  27. 27.
    Roy, I., Porter, D.E., Bond, M.D., McKinley, K.S., Witchel, E.: Laminar: practical fine-grained decentralized information flow control. In: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2009, pp. 63–74. ACM, New York (2009).  https://doi.org/10.1145/1542476.1542484
  28. 28.
    Rushby, J.: Noninterference, transitivity and channel-control security policies. Technical report (1992)Google Scholar
  29. 29.
    Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2003).  https://doi.org/10.1109/JSAC.2002.806121CrossRefGoogle Scholar
  30. 30.
    Sabelfeld, A., Myers, A.C.: A model for delimited information release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-37621-7_9CrossRefGoogle Scholar
  31. 31.
    Sabelfeld, A., Sands, D.: Declassification: dimensions and principles. J. Comput. Secur. 17(5), 517–548 (2009). http://dl.acm.org/citation.cfm?id=1662658.1662659
  32. 32.
    Schneider, F.B., Walsh, K., Sirer, E.G.: Nexus Authorization Logic (NAL): design rationale and applications. ACM Trans. Inf. Syst. Secur. 14(1), 8:1–8:28 (2011).  https://doi.org/10.1145/1952982.1952990CrossRefGoogle Scholar
  33. 33.
    Stefan, D., Russo, A., Mitchell, J.C., Mazières, D.: Flexible dynamic information flow control in Haskell. In: Proceedings of the 4th ACM Symposium on Haskell, Haskell 2011, pp. 95–106. ACM, New York (2011).  https://doi.org/10.1145/2034675.2034688
  34. 34.
    Volpano, D., Irvine, C., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2–3), 167–187 (1996). http://dl.acm.org/citation.cfm?id=353629.353648
  35. 35.
    Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making information flow explicit in HiStar. In: Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation-Volume 7, OSDI 2006, p. 19. USENIX Association, Berkeley (2006). http://dl.acm.org/citation.cfm?id=1267308.1267327
  36. 36.
    Zheng, L., Myers, A.C.: Dynamic security labels and static information flow control. Int. J. Inf. Secur. 6(2), 67–84 (2007).  https://doi.org/10.1007/s10207-007-0019-9CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Elisavet Kozyri
    • 1
    Email author
  • Owen Arden
    • 2
  • Andrew C. Myers
    • 1
  • Fred B. Schneider
    • 1
  1. 1.Cornell UniversityIthacaUSA
  2. 2.University of CaliforniaSanta CruzUSA

Personalised recommendations