Abstract
Non-interference is a semantical condition on programs that guarantees the absence of illicit information flow throughout their execution, and that can be enforced by appropriate information flow type systems. Much of previous work on type systems for non-interference has focused on calculi or high-level programming languages, and existing type systems for low-level languages typically omit objects, exceptions, and method calls, and/or do not prove formally the soundness of the type system. We define an information flow type system for a sequential JVM-like language that includes classes, objects, arrays, exceptions and method calls, and prove that it guarantees non-interference. For increased confidence, we have formalized the proof in the proof assistant Coq; an additional benefit of the formalization is that we have extracted from our proof a certified lightweight bytecode verifier for information flow. Our work provides, to our best knowledge, the first sound and implemented information flow type system for such an expressive fragment of the JVM.
Keywords
- Type System
- Security Level
- Security Environment
- Typing Rule
- Proof Assistant
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Work partially supported by IST Project MOBIUS, by the RNTL Castles and by the ACI Sécurité SPOPS.
Chapter PDF
References
Appel, A.W., Felty, A.P.: A semantic model of types and machine instuctions for proof-carrying code. In: Proceedings of POPL’00, pp. 243–253. ACM Press, New York (2000)
Aydemir, B.E., et al.: Mechanized Metatheory for the Masses: The PoplMark Challenge. In: Hurd, J., Melham, T. (eds.) TPHOLs 2005. LNCS, vol. 3603, pp. 50–65. Springer, Heidelberg (2005)
Banerjee, A., Naumann, D.: Stack-based access control for secure information flow. Journal of Functional Programming 15, 131–177 (2005)
Barthe, G., Naumann, D., Rezk, T.: Deriving an Information Flow Checker and Certifying Compiler for Java. In: Symposium on Security and Privacy, 2006, IEEE Computer Society Press, Los Alamitos (2006)
Barthe, G., Pichardie, D., Rezk, T.: Non-interference for low level languages. Technical report, INRIA (2006), http://hal.inria.fr/inria-00106182
Barthe, G., Rezk, T.: Non-interference for a JVM-like language. In: Fähndrich, M. (ed.) Proceedings of TLDI’05, pp. 103–112. ACM Press, New York (2005)
Besson, F., Jensen, T., Pichardie, D.: Proof-Carrying Code from Certified Abstract Interpretation and Fixpoint Compression. Theoretical Computer Science 364(3), 273–291 (2006)
Bieber, P., et al.: Checking Secure Interactions of Smart Card Applets: Extended version. Journal of Computer Security 10, 369–398 (2002)
Bonelli, E., Compagnoni, A.B., Medel, R.: Information flow analysis for a typed assembly language with polymorphic stacks. In: Barthe, G., et al. (eds.) CASSIS 2005. LNCS, vol. 3956, pp. 37–56. Springer, Heidelberg (2006)
Genaim, S., Spoto, F.: Information Flow Analysis for Java Bytecode. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 346–362. Springer, Heidelberg (2005)
Giacobazzi, R., Mastroeni, I.: Abstract non-interference: Parameterizing non-interference by abstract interpretation. In: Proceedings of POPL’04, pp. 186–197. ACM Press, New York (2004)
Hedin, D., Sands, D.: Noninterference in the presence of non-opaque pointers. In: Proceedings of CSFW’06, pp. 255–269. IEEE Computer Society Press, Los Alamitos (2006)
Hunt, S., Sands, D.: On Flow-Sensitive Security Types. In: Proceedings of POPL’06, pp. 79–90. ACM Press, New York (2006)
Leroy, X.: Bytecode verification on Java smart cards. Software–practice and experience 32(4), 319–340 (2002)
Myers, A.C.: Jflow: Practical mostly-static information flow control. In: Proceedings of POPL’99, pp. 228–241. ACM Press, New York (1999)
Naumann, D.: Verifying a secure information flow analyzer. In: Hurd, J., Melham, T. (eds.) TPHOLs 2005. LNCS, vol. 3603, pp. 211–226. Springer, Heidelberg (2005)
Rezk, T.: Verification of confidentiality policies for mobile code. PhD thesis, Université de Nice Sophia-Antipolis (2006)
Russo, A., Sabelfeld, A.: Securing interaction between threads and the scheduler. In: Proceedings of CSFW’06 (2006)
Sabelfeld, A., Myers, A.: Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Comunications 21, 5–19 (2003)
Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: Proceedings of CSFW’05, IEEE Computer Society Press, Los Alamitos (2005)
Volpano, D., Smith, G.: A Type-Based Approach to Program Security. In: Bidoit, M., Dauchet, M. (eds.) CAAP 1997, FASE 1997, and TAPSOFT 1997. LNCS, vol. 1214, pp. 607–621. Springer, Heidelberg (1997)
Yu, D., Islam, N.: A typed assembly language for confidentiality. In: Sestoft, P. (ed.) ESOP 2006 and ETAPS 2006. LNCS, vol. 3924, pp. 162–179. Springer, Heidelberg (2006)
Zanardini, D.: Certified Abstract Non-Interference: Object-Oriented Code Validation for Information Flow Security. PhD thesis, Università di Verona (April 2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Barthe, G., Pichardie, D., Rezk, T. (2007). A Certified Lightweight Non-interference Java Bytecode Verifier. In: De Nicola, R. (eds) Programming Languages and Systems. ESOP 2007. Lecture Notes in Computer Science, vol 4421. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71316-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-71316-6_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71314-2
Online ISBN: 978-3-540-71316-6
eBook Packages: Computer ScienceComputer Science (R0)