Abstract
Language-based information flow analysis is used to statically examine a program for information flows between objects of different security domains, and to verify these flows follow a given policy.
When the program is distributed as mobile code, it may access resources whose domains depend on the client environment, or may face different security policies. In proof-carrying code scenarios, it is desirable to give a single proof that the program executes securely in any of these situations.
This paper presents an object-oriented, Java-like language with runtime security types that can be inspected to ensure that flows between accessed objects are actually allowed before operations inducing these flows are performed. A type system is used to statically prove that the flow tests included in the program are sufficient, such that a noninterference property for the program is ensured regardless of the domains of objects and the effective security policy. Also, the paper outlines how the concepts of the type system are transferred to a bytecode language.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proceedings of the 1982 Symposium on Security and Privacy, pp. 11–20. IEEE Computer Society Press, Los Alamitos (1982)
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications – special issue on Formal Methods for Security 21(1), 5–19 (2003)
Necula, G.C.: Proof-carrying code. In: Proceedings of the 24th ACM Symposium on Principles of Programming Languages, pp. 106–119. ACM Press, New York (1997)
Myers, A.C.: JFlow: Practical Mostly-Static Information Flow Control. In: Proceedings of the 26th ACM Symposium on Principles of Programming Languages (POPL), pp. 228–241. ACM Press, New York (1999)
Zheng, L., Myers, A.C.: Dynamic security labels and static information flow control. Int. J. Inf. Secur. 6(2), 67–84 (2007)
Bandhakavi, S., Winsborough, W., Winslett, M.: A trust management approach for flexible policy management in security-typed languages. In: Proceedings of 21st IEEE Computer Security Foundations Symposium, pp. 33–47. IEEE Computer Society, Los Alamitos (2008)
Shroff, P., Smith, S., Thober, M.: Dynamic dependency monitoring to secure information flow. In: Proceedings of the 20th IEEE Computer Security Foundations Symposium, Washington, DC, USA, pp. 203–217. IEEE Computer Society, Los Alamitos (2007)
Barthe, G., Pichardie, D., Rezk, T.: A certified lightweight non-interference java bytecode verifier. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 125–140. Springer, Heidelberg (2007)
Barthe, G., Rezk, T.: Non-interference for a JVM-like language. In: TLDI 2005: Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation, pp. 103–112 (2005)
Barthe, G., Rezk, T., Naumann, D.A.: Deriving an Information Flow Checker and Certifying Compiler for Java. In: S&P, pp. 230–242. IEEE Computer Society, Los Alamitos (2006)
Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. J. Computer Security 4(3), 167–187 (1996)
Banerjee, A., Naumann, D.A.: Stack-based access control and secure information flow. J. Funct. Program. 15(2), 131–177 (2005)
Grabowski, R.: Noninterference for Mobile Code with Dynamic Security Domains. In: International Workshop on Proof-Carrying Code, Pittsburgh, USA (Post-proceedings to appear, 2008)
Lasinger, F., Grabowski, R.: DSecCheck: Implementation of the DSD type system as an Eclipse plug-in (2009), http://www.tcs.ifi.lmu.de/~grabow/dsd
Grabowski, R.: Proofs for the soundness of the DSD type system (2009), http://www.tcs.ifi.lmu.de/~grabow/dsd
Ball, T.: What’s in a region? or computing control dependence regions in near-linear time for reducible control flow. LOPLAS 2(1-4), 1–16 (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Grabowski, R., Beringer, L. (2009). Noninterference with Dynamic Security Domains and Policies. In: Datta, A. (eds) Advances in Computer Science - ASIAN 2009. Information Security and Privacy. ASIAN 2009. Lecture Notes in Computer Science, vol 5913. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10622-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-10622-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10621-7
Online ISBN: 978-3-642-10622-4
eBook Packages: Computer ScienceComputer Science (R0)