Skip to main content
SpringerLink
Log in

Modular and Constraint-Based Information Flow Inference for an Object-Oriented Language

  • Conference paper
Static Analysis (SAS 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3148))

Included in the following conference series:

Abstract

This paper addresses the problem of checking programs written in an object-oriented language to ensure that they satisfy the information flow policies, confidentiality and integrity. Policy is specified using security types. An algorithm that infers such security types in a modular manner is presented. The specification of the algorithm involves inference for libraries. Library classes and methods maybe parameterized by security levels. It is shown how modular inference is achieved in the presence of method inheritance and override. Soundness and completeness theorems for the inference algorithm are given.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M.: Secrecy by typing in security protocols. Journal of the ACM 46(5), 749–786 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  2. Agesen, O.: The cartesian product algorithm: Simple and precise type inference of parametric polymorphism. In: Olthoff, W. (ed.) ECOOP 1995. LNCS, vol. 952, pp. 2–26. Springer, Heidelberg (1995)

    Google Scholar 

  3. Banerjee, A., Naumann, D.A.: Secure information flow and pointer confinement in a Java-like language. In: IEEE Computer Security Foundations Workshop (CSFW), pp. 253–270. IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  4. Bracha, G., Odersky, M., Stoutamire, D., Wadler, P.: Making the future safe for the past: Adding genericity to the Java programming language. In: Chambers, C. (ed.) ACM Symposium on Object Oriented Programming: Systems, Languages, and Applications (OOPSLA), Vancouver, BC, pp. 183–200 (1998)

    Google Scholar 

  5. Denning, D., Denning, P.: Certification of programs for secure information flow. Communications of the ACM 20(7), 504–513 (1977)

    Article  MATH  Google Scholar 

  6. Goguen, J., Meseguer, J.: Security policies and security models. In: Proceedings of the 1982 IEEE Symposium on Security and Privacy, pp. 11–20 (1982)

    Google Scholar 

  7. Henglein, F.: Type inference with polymorphic recursion. ACM Transactions on Programming Languages and Systems 15(2), 253–289 (1993)

    Article  Google Scholar 

  8. Mycroft, A.: Polymorphic type schemes and recursive definitions. In: Fontet, M., Mehlhorn, K. (eds.) STACS 1984. LNCS, vol. 166, Springer, Heidelberg (1984)

    Google Scholar 

  9. Myers, A.C.: JFlow: Practical mostly-static information flow control. In: ACM Symposium on Principles of Programming Languages (POPL), pp. 228– 241 (1999)

    Google Scholar 

  10. Myers, A.C.: Mostly-Static Decentralized Information Flow Control. PhD thesis, Laboratory of Computer Science, MIT (1999)

    Google Scholar 

  11. Palsberg, J., Schwartzbach, M.I.: Object-oriented type inference. In: ACM Symposium on Object Oriented Programming: Systems, Languages, and Applications (OOPSLA), ACM Press, New York (1991)

    Google Scholar 

  12. Pottier, F., Simonet, V.: Information flow inference for ML. In: ACM Symposium on Principles of Programming Languages (POPL), pp. 319– 330 (2002)

    Google Scholar 

  13. Rehof, J., Henglein, F.: The complexity of subtype entailment for simple types. In: Proceedings LICS 1997, Twelfth Annual IEEE Symposium on Logic in Computer Science, Warsaw, Poland (June 1997)

    Google Scholar 

  14. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  15. Simonet, V.: Flow Caml in a nutshell. In: Graham Hutton, editor, Proceedings of the first APPSEM-II workshop, March 2003, pp. 152–165 (2003)

    Google Scholar 

  16. Simonet, V.: The Flow Caml System: documentation and user’s manual. Technical Report 0282, Institut National de Recherche en Informatique et en Automatique (INRIA) (July 2003)

    Google Scholar 

  17. Skalka, C., Pottier, F.: Syntactic type soundness for HM(X). In: Proceedings of the Workshop on Types in Programming (TIP 2002), July 2002. Electronic Notes in Theoretical Computer Science, vol. 75 (2002)

    Google Scholar 

  18. Sun, Q., Banerjee, A., Naumann, D.A.: Constraint-based security flow inferencer for a Java-like language. Technical Report KSU CIS TR-2004-2, Kansas State University (2004) (in preparation)

    Google Scholar 

  19. Volpano, D., Smith, G.: A type-based approach to program security. In: Bidoit, M., Dauchet, M. (eds.) CAAP 1997, FASE 1997, and TAPSOFT 1997. LNCS, vol. 1214, pp. 607–621. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  20. Wand, M.: Complete type inference for simple objects. In: Proc. 2nd IEEE Symposium on Logic in Computer Science, pp. 37–44 (1987)

    Google Scholar 

  21. Wang, T., Smith, S.: Precise constraint-based type inference for java. In: Knudsen, J.L. (ed.) ECOOP 2001. LNCS, vol. 2072, p. 99. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Stevens Institute of Technology, USA

    Qi Sun & David A. Naumann

  2. Kansas State University, USA

    Anindya Banerjee

Authors
  1. Qi Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anindya Banerjee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David A. Naumann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università di Verona, Strada Le Grazie, 15, 37134, Verona, Italy

    Roberto Giacobazzi

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sun, Q., Banerjee, A., Naumann, D.A. (2004). Modular and Constraint-Based Information Flow Inference for an Object-Oriented Language. In: Giacobazzi, R. (eds) Static Analysis. SAS 2004. Lecture Notes in Computer Science, vol 3148. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-27864-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-27864-1_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22791-5

  • Online ISBN: 978-3-540-27864-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation