Abstract
This paper addresses the problem of checking programs written in an object-oriented language to ensure that they satisfy the information flow policies, confidentiality and integrity. Policy is specified using security types. An algorithm that infers such security types in a modular manner is presented. The specification of the algorithm involves inference for libraries. Library classes and methods maybe parameterized by security levels. It is shown how modular inference is achieved in the presence of method inheritance and override. Soundness and completeness theorems for the inference algorithm are given.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M.: Secrecy by typing in security protocols. Journal of the ACM 46(5), 749–786 (1999)
Agesen, O.: The cartesian product algorithm: Simple and precise type inference of parametric polymorphism. In: Olthoff, W. (ed.) ECOOP 1995. LNCS, vol. 952, pp. 2–26. Springer, Heidelberg (1995)
Banerjee, A., Naumann, D.A.: Secure information flow and pointer confinement in a Java-like language. In: IEEE Computer Security Foundations Workshop (CSFW), pp. 253–270. IEEE Computer Society Press, Los Alamitos (2002)
Bracha, G., Odersky, M., Stoutamire, D., Wadler, P.: Making the future safe for the past: Adding genericity to the Java programming language. In: Chambers, C. (ed.) ACM Symposium on Object Oriented Programming: Systems, Languages, and Applications (OOPSLA), Vancouver, BC, pp. 183–200 (1998)
Denning, D., Denning, P.: Certification of programs for secure information flow. Communications of the ACM 20(7), 504–513 (1977)
Goguen, J., Meseguer, J.: Security policies and security models. In: Proceedings of the 1982 IEEE Symposium on Security and Privacy, pp. 11–20 (1982)
Henglein, F.: Type inference with polymorphic recursion. ACM Transactions on Programming Languages and Systems 15(2), 253–289 (1993)
Mycroft, A.: Polymorphic type schemes and recursive definitions. In: Fontet, M., Mehlhorn, K. (eds.) STACS 1984. LNCS, vol. 166, Springer, Heidelberg (1984)
Myers, A.C.: JFlow: Practical mostly-static information flow control. In: ACM Symposium on Principles of Programming Languages (POPL), pp. 228– 241 (1999)
Myers, A.C.: Mostly-Static Decentralized Information Flow Control. PhD thesis, Laboratory of Computer Science, MIT (1999)
Palsberg, J., Schwartzbach, M.I.: Object-oriented type inference. In: ACM Symposium on Object Oriented Programming: Systems, Languages, and Applications (OOPSLA), ACM Press, New York (1991)
Pottier, F., Simonet, V.: Information flow inference for ML. In: ACM Symposium on Principles of Programming Languages (POPL), pp. 319– 330 (2002)
Rehof, J., Henglein, F.: The complexity of subtype entailment for simple types. In: Proceedings LICS 1997, Twelfth Annual IEEE Symposium on Logic in Computer Science, Warsaw, Poland (June 1997)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1), 5–19 (2003)
Simonet, V.: Flow Caml in a nutshell. In: Graham Hutton, editor, Proceedings of the first APPSEM-II workshop, March 2003, pp. 152–165 (2003)
Simonet, V.: The Flow Caml System: documentation and user’s manual. Technical Report 0282, Institut National de Recherche en Informatique et en Automatique (INRIA) (July 2003)
Skalka, C., Pottier, F.: Syntactic type soundness for HM(X). In: Proceedings of the Workshop on Types in Programming (TIP 2002), July 2002. Electronic Notes in Theoretical Computer Science, vol. 75 (2002)
Sun, Q., Banerjee, A., Naumann, D.A.: Constraint-based security flow inferencer for a Java-like language. Technical Report KSU CIS TR-2004-2, Kansas State University (2004) (in preparation)
Volpano, D., Smith, G.: A type-based approach to program security. In: Bidoit, M., Dauchet, M. (eds.) CAAP 1997, FASE 1997, and TAPSOFT 1997. LNCS, vol. 1214, pp. 607–621. Springer, Heidelberg (1997)
Wand, M.: Complete type inference for simple objects. In: Proc. 2nd IEEE Symposium on Logic in Computer Science, pp. 37–44 (1987)
Wang, T., Smith, S.: Precise constraint-based type inference for java. In: Knudsen, J.L. (ed.) ECOOP 2001. LNCS, vol. 2072, p. 99. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sun, Q., Banerjee, A., Naumann, D.A. (2004). Modular and Constraint-Based Information Flow Inference for an Object-Oriented Language. In: Giacobazzi, R. (eds) Static Analysis. SAS 2004. Lecture Notes in Computer Science, vol 3148. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-27864-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-27864-1_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22791-5
Online ISBN: 978-3-540-27864-1
eBook Packages: Springer Book Archive