Dynamics and Secure Information Flow for a Higher-Order Pi-Calculus

  • Martin Pettai
  • Peeter Laud
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8208)

Abstract

We show how a type system for secure information flow for a π-calculus with higher-order λ-abstractions can be extended with dynamics without weakening the non-interference guarantees. The type system for the π-calculus ensures that the traffic on high channels does not influence the traffic on low channels. λ-abstractions make it possible to send processes over channels. Dynamics make it possible to send processes and other data of different types over the same channel, making communication between processes easier. If dynamics are used, the types of some expressions or channels may depend on type variables that are instantiated at run time. To make it still possible to statically check secure information flow, we ensure that instantiating a type variable in an expression also instantiates it in the type of the expression.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M., Banerjee, A., Heintze, N., Riecke, J.G.: A core calculus of dependency. In: Appel, Aiken (eds.) [3], pp. 147–160Google Scholar
  2. 2.
    Abadi, M., Cardelli, L., Pierce, B.C., Plotkin, G.D.: Dynamic Typing in a Statically-Typed Language. In: POPL, pp. 213–227. ACM Press (1989)Google Scholar
  3. 3.
    Appel, A.W., Aiken, A. (eds.): POPL 1999, Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Antonio, TX, USA, January 20-22. ACM (1999)Google Scholar
  4. 4.
    Askarov, A., Sabelfeld, A.: Tight enforcement of information-release policies for dynamic languages. In: CSF, pp. 43–59. IEEE Computer Society (2009)Google Scholar
  5. 5.
    Barthe, G., D’Argenio, P.R., Rezk, T.: Secure information flow by self-composition. In: CSFW, pp. 100–114. IEEE Computer Society (2004)Google Scholar
  6. 6.
    Boreale, M., De Nicola, R.: Testing equivalence for mobile processes. Inf. Comput. 120(2), 279–303 (1995)CrossRefMATHGoogle Scholar
  7. 7.
    de Boer, F.S., Clarke, D., Johnsen, E.B.: A Complete Guide to the Future. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 316–330. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    De Nicola, R., Hennessy, M.: Testing equivalences for processes. Theor. Comput. Sci. 34, 83–133 (1984)CrossRefMATHGoogle Scholar
  9. 9.
    Denning, D.E.: A Lattice Model of Secure Information Flow. Commun. ACM 19(5), 236–243 (1976)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Goguen, J.A., Meseguer, J.: Security Policies and Security Models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)Google Scholar
  11. 11.
    Heintze, N., Riecke, J.G.: The slam calculus: Programming with secrecy and integrity. In: MacQueen, D.B., Cardelli, L. (eds.) POPL, pp. 365–377. ACM (1998)Google Scholar
  12. 12.
    Honda, K., Vasconcelos, V.T., Yoshida, N.: Secure Information Flow as Typed Process Behaviour. In: Smolka, G. (ed.) ESOP 2000. LNCS, vol. 1782, pp. 180–199. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Myers, A.C.: JFlow: Practical Mostly-Static Information Flow Control. In: Appel, Aiken (eds.) [3], pp. 228–241Google Scholar
  14. 14.
    Parrow, J.: An Introduction to the π-Calculus. In: Bergstra, J., Ponse, A., Smolka, S. (eds.) Handbook of Process Algebra, pp. 479–543. Elsevier (2001)Google Scholar
  15. 15.
    Pottier, F.: A Simple View of Type-Secure Information Flow in the π-Calculus. In: CSFW, pp. 320–330. IEEE Computer Society (2002)Google Scholar
  16. 16.
    Pottier, F., Simonet, V.: Information Flow Inference for ML. In: Launchbury, J., Mitchell, J.C. (eds.) POPL, pp. 319–330. ACM (2002)Google Scholar
  17. 17.
    Russo, A., Sabelfeld, A.: Dynamic vs. static flow-sensitive security analysis. In: CSF, pp. 186–199. IEEE Computer Society (2010)Google Scholar
  18. 18.
    Terauchi, T., Aiken, A.: Secure information flow as a safety problem. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 352–367. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    van Noort, T., Achten, P., Plasmeijer, R.: Ad-hoc Polymorphism and Dynamic Typing in a Statically Typed Functional Language. In: Proceedings of the 6th ACM SIGPLAN Workshop on Generic Programming, WGP 2010, pp. 73–84. ACM, New York (2010)Google Scholar
  20. 20.
    Volpano, D.M., Irvine, C.E., Smith, G.: A Sound Type System for Secure Flow Analysis. Journal of Computer Security 4(2/3), 167–188 (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Martin Pettai
    • 1
    • 2
  • Peeter Laud
    • 2
  1. 1.University of TartuEstonia
  2. 2.Cybernetica ASEstonia

Personalised recommendations