Existential Types for Relaxed Noninterference

Cruz, Raimil; Tanter, Éric

doi:10.1007/978-3-030-34175-6_5

Raimil Cruz⁹ &
Éric Tanter⁹

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11893))

Included in the following conference series:

Asian Symposium on Programming Languages and Systems

464 Accesses

Abstract

Information-flow security type systems ensure confidentiality by enforcing noninterference: a program cannot leak private data to public channels. However, in practice, programs need to selectively declassify information about private data. Several approaches have provided a notion of relaxed noninterference supporting selective and expressive declassification while retaining a formal security property. The labels-as-functions approach provides relaxed noninterference by means of declassification policies expressed as functions. The labels-as-types approach expresses declassification policies using type abstraction and faceted types, a pair of types representing the secret and public facets of values. The original proposal of labels-as-types is formulated in an object-oriented setting where type abstraction is realized by subtyping. The object-oriented approach however suffers from limitations due to its receiver-centric paradigm.

In this work, we consider an alternative approach to labels-as-types, applicable in non-object-oriented languages, which allows us to express advanced declassification policies, such as extrinsic policies, based on a different form of type abstraction: existential types. An existential type exposes abstract types and operations on these; we leverage this abstraction mechanism to express secrets that can be declassified using the provided operations. We formalize the approach in a core functional calculus with existential types, define existential relaxed noninterference, and prove that well-typed programs satisfy this form of type-based relaxed noninterference.

This work is partially funded by CONICYT FONDECYT Regular Projects 1150017 and 1190058. Raimil Cruz is partially funded by CONICYT-PCHA/Doctorado Nacional/2014-63140148.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Li and Zdancewic [9] rule out recursive declassification because otherwise the subtyping relation induced by security labels (sets of functions) would be undecidable.
2.
To account for \(n > 2\) observation levels, faceted types can be extended to have n facets.

References

Abadi, M., Banerjee, A., Heintze, N., Riecke, J.G.: A core calculus of dependency. In: Proceedings of the 26th ACM Symposium on Principles of Programming Languages (POPL 1999), pp. 147–160. ACM Press, San Antonio, January 1999
Google Scholar
Ahmed, A.: Step-indexed syntactic logical relations for recursive and quantified types. In: Sestoft, P. (ed.) ESOP 2006. LNCS, vol. 3924, pp. 69–83. Springer, Heidelberg (2006). https://doi.org/10.1007/11693024_6
Chapter Google Scholar
Bowman, W.J., Ahmed, A.: Noninterference for free. In: Proceedings of the 20th ACM SIGPLAN Conference on Functional Programming (ICFP 2015), pp. 101–113. ACM Press, Vancouver, August 2015
Google Scholar
Crary, K.: Modules, abstraction, and parametric polymorphism. In: Proceedings of the 44th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2017), pp. 100–113. ACM Press, Paris, January 2017
Google Scholar
Cruz, R., Rezk, T., Serpette, B., Tanter, É.: Type abstraction for relaxed noninterference. In: Müller, P. (ed.) Proceedings of the 31st European Conference on Object-Oriented Programming (ECOOP 2017). Leibniz International Proceedings in Informatics (LIPIcs), vol. 74, pp. 7:1–7:27. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, Barcelona, Spain, June 2017
Google Scholar
Cruz, R., Tanter, É.: Polymorphic relaxed noninterference. In: Proceedings of the IEEE Secure Development Conference (SecDev 2019). IEEE Computer Society Press, McLean, September 2019 (to appear)
Google Scholar
Damas, L., Milner, R.: Principal type-schemes for functional programs. In: DeMillo, R.A. (ed.) Proceedings of the 16th ACM Symposium on Principles of Programming Languages (POPL 1989), pp. 207–212. ACM Press, Albuquerque, January 1982
Google Scholar
Hicks, B., King, D., McDaniel, P., Hicks, M.: Trusted declassification: high-level policy for a security-typed language. In: Proceedings of the workshop on Programming Languages and Analysis for Security (PLAS 2006), pp. 65–74 (2006)
Google Scholar
Li, P., Zdancewic, S.: Downgrading policies and relaxed noninterference. In: Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2005), pp. 158–170. ACM Press, Long Beach, January 2005
Google Scholar
Mitchell, J.C., Plotkin, G.D.: Abstract types have existential type. ACM Trans. Program. Lang. Syst. 10(3), 470–502 (1988)
Article Google Scholar
Myers, A.C.: Jif homepage. http://www.cs.cornell.edu/jif/. Accessed Mar 2019
Nanevski, A., Banerjee, A., Garg, D.: Verification of information flow and access control policies with dependent types. In: Proceedings of the 32nd IEEE Symposium on Security and Privacy (S&P 2011). pp. 165–179. IEEE Computer Society Press, Berkeley, May 2011
Google Scholar
Ngo, M., Naumann, D.A., Rezk, T.: Typed-based relaxed noninterference for free. CoRR abs/1905.00922 (2019). https://arxiv.org/abs/1905.00922
Pierce, B.C.: Types and Programming Languages. MIT Press, Cambridge (2002)
MATH Google Scholar
Reynolds, J.C.: Types, abstraction, and parametric polymorphism. In: Mason, R.E.A. (ed.) Information Processing 83, pp. 513–523. Elsevier, Amsterdam (1983)
Google Scholar
Sabelfeld, A., Sands, D.: Declassification: dimensions and principles. J. Comput. Secur. 17(5), 517–548 (2009)
Article Google Scholar
Wadler, P.: Theorems for free! In: Proceedings of the Fourth International Conference on Functional Programming Languages and Computer Architecture, FPCA 1989, pp. 347–359. ACM, London (1989)
Google Scholar
Zdancewic, S.: Programming Languages for Information Security. Ph.D. thesis, Cornell University, August 2002
Google Scholar

Download references

Author information

Authors and Affiliations

PLEIAD Lab, Computer Science Department (DCC), University of Chile, Santiago, Chile
Raimil Cruz & Éric Tanter

Authors

Raimil Cruz
View author publications
You can also search for this author in PubMed Google Scholar
Éric Tanter
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Raimil Cruz .

Editor information

Editors and Affiliations

University of Kaiserslautern, Kaiserslautern, Germany
Anthony Widjaja Lin

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Cruz, R., Tanter, É. (2019). Existential Types for Relaxed Noninterference. In: Lin, A. (eds) Programming Languages and Systems. APLAS 2019. Lecture Notes in Computer Science(), vol 11893. Springer, Cham. https://doi.org/10.1007/978-3-030-34175-6_5

Download citation

DOI: https://doi.org/10.1007/978-3-030-34175-6_5
Published: 18 November 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34174-9
Online ISBN: 978-3-030-34175-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics