Abstract
Information-flow security type systems ensure confidentiality by enforcing noninterference: a program cannot leak private data to public channels. However, in practice, programs need to selectively declassify information about private data. Several approaches have provided a notion of relaxed noninterference supporting selective and expressive declassification while retaining a formal security property. The labels-as-functions approach provides relaxed noninterference by means of declassification policies expressed as functions. The labels-as-types approach expresses declassification policies using type abstraction and faceted types, a pair of types representing the secret and public facets of values. The original proposal of labels-as-types is formulated in an object-oriented setting where type abstraction is realized by subtyping. The object-oriented approach however suffers from limitations due to its receiver-centric paradigm.
In this work, we consider an alternative approach to labels-as-types, applicable in non-object-oriented languages, which allows us to express advanced declassification policies, such as extrinsic policies, based on a different form of type abstraction: existential types. An existential type exposes abstract types and operations on these; we leverage this abstraction mechanism to express secrets that can be declassified using the provided operations. We formalize the approach in a core functional calculus with existential types, define existential relaxed noninterference, and prove that well-typed programs satisfy this form of type-based relaxed noninterference.
This work is partially funded by CONICYT FONDECYT Regular Projects 1150017 and 1190058. Raimil Cruz is partially funded by CONICYT-PCHA/Doctorado Nacional/2014-63140148.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Li and Zdancewic [9] rule out recursive declassification because otherwise the subtyping relation induced by security labels (sets of functions) would be undecidable.
- 2.
To account for \(n > 2\) observation levels, faceted types can be extended to have n facets.
References
Abadi, M., Banerjee, A., Heintze, N., Riecke, J.G.: A core calculus of dependency. In: Proceedings of the 26th ACM Symposium on Principles of Programming Languages (POPL 1999), pp. 147–160. ACM Press, San Antonio, January 1999
Ahmed, A.: Step-indexed syntactic logical relations for recursive and quantified types. In: Sestoft, P. (ed.) ESOP 2006. LNCS, vol. 3924, pp. 69–83. Springer, Heidelberg (2006). https://doi.org/10.1007/11693024_6
Bowman, W.J., Ahmed, A.: Noninterference for free. In: Proceedings of the 20th ACM SIGPLAN Conference on Functional Programming (ICFP 2015), pp. 101–113. ACM Press, Vancouver, August 2015
Crary, K.: Modules, abstraction, and parametric polymorphism. In: Proceedings of the 44th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2017), pp. 100–113. ACM Press, Paris, January 2017
Cruz, R., Rezk, T., Serpette, B., Tanter, É.: Type abstraction for relaxed noninterference. In: Müller, P. (ed.) Proceedings of the 31st European Conference on Object-Oriented Programming (ECOOP 2017). Leibniz International Proceedings in Informatics (LIPIcs), vol. 74, pp. 7:1–7:27. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, Barcelona, Spain, June 2017
Cruz, R., Tanter, É.: Polymorphic relaxed noninterference. In: Proceedings of the IEEE Secure Development Conference (SecDev 2019). IEEE Computer Society Press, McLean, September 2019 (to appear)
Damas, L., Milner, R.: Principal type-schemes for functional programs. In: DeMillo, R.A. (ed.) Proceedings of the 16th ACM Symposium on Principles of Programming Languages (POPL 1989), pp. 207–212. ACM Press, Albuquerque, January 1982
Hicks, B., King, D., McDaniel, P., Hicks, M.: Trusted declassification: high-level policy for a security-typed language. In: Proceedings of the workshop on Programming Languages and Analysis for Security (PLAS 2006), pp. 65–74 (2006)
Li, P., Zdancewic, S.: Downgrading policies and relaxed noninterference. In: Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2005), pp. 158–170. ACM Press, Long Beach, January 2005
Mitchell, J.C., Plotkin, G.D.: Abstract types have existential type. ACM Trans. Program. Lang. Syst. 10(3), 470–502 (1988)
Myers, A.C.: Jif homepage. http://www.cs.cornell.edu/jif/. Accessed Mar 2019
Nanevski, A., Banerjee, A., Garg, D.: Verification of information flow and access control policies with dependent types. In: Proceedings of the 32nd IEEE Symposium on Security and Privacy (S&P 2011). pp. 165–179. IEEE Computer Society Press, Berkeley, May 2011
Ngo, M., Naumann, D.A., Rezk, T.: Typed-based relaxed noninterference for free. CoRR abs/1905.00922 (2019). https://arxiv.org/abs/1905.00922
Pierce, B.C.: Types and Programming Languages. MIT Press, Cambridge (2002)
Reynolds, J.C.: Types, abstraction, and parametric polymorphism. In: Mason, R.E.A. (ed.) Information Processing 83, pp. 513–523. Elsevier, Amsterdam (1983)
Sabelfeld, A., Sands, D.: Declassification: dimensions and principles. J. Comput. Secur. 17(5), 517–548 (2009)
Wadler, P.: Theorems for free! In: Proceedings of the Fourth International Conference on Functional Programming Languages and Computer Architecture, FPCA 1989, pp. 347–359. ACM, London (1989)
Zdancewic, S.: Programming Languages for Information Security. Ph.D. thesis, Cornell University, August 2002
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Cruz, R., Tanter, É. (2019). Existential Types for Relaxed Noninterference. In: Lin, A. (eds) Programming Languages and Systems. APLAS 2019. Lecture Notes in Computer Science(), vol 11893. Springer, Cham. https://doi.org/10.1007/978-3-030-34175-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-34175-6_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34174-9
Online ISBN: 978-3-030-34175-6
eBook Packages: Computer ScienceComputer Science (R0)