Log In Sign Up

Normalising Lustre Preserves Security

by   Sanjiva Prasad, et al.

The synchronous reactive data flow language LUSTRE is an expressive language, equipped with a suite of tools for modelling, simulating and model-checking a wide variety of safety-critical systems. A critical intermediate step in the formally certified compilation of LUSTRE involves translation to a well-behaved sub-language called "Normalised LUSTRE" (NLUSTRE). Recently, we proposed a simple Denning-style lattice-based secure information flow type system for NLUSTRE, and proved its soundness by establishing that security-typed programs are non-interfering with respect to the co-inductive stream semantics. In this paper, we propose a similar security type system for unrestricted LUSTRE, and show that Bourke et al.'s semantics-preserving normalisation transformations from LUSTRE to NLUSTRE are security-preserving as well. A novelty is the use of refinement security types for node calls. The main result is the preservation of security types by the normalisation transformations. The soundness of our security typing rules is shown by establishing that well-security-typed programs are non-interfering, via a reduction to type-preservation (here), semantics-preservation (Bourke et al.) and our previous result of non-interference for NLUSTRE.


page 1

page 2

page 3

page 4


Secure Information Flow Typing in LUSTRE

Synchronous reactive data flow is a paradigm that provides a high-level ...

Mechanized Noninterference for Gradual Security

This paper presents the first machine-checked proof of noninterference f...

First-order Gradual Information Flow Types with Gradual Guarantees

Gradual type systems seamlessly integrate statically-typed programs with...

Verifying that a compiler preserves concurrent value-dependent information-flow security

It is common to prove by reasoning over source code that programs do not...

A Permission-Dependent Type System for Secure Information Flow Analysis

We introduce a novel type system for enforcing secure information flow i...

Only Connect, Securely

The lattice model proposed by Denning in her seminal work provided secur...

Semantic preservation for a type directed translation scheme of Featherweight Go

Featherweight Go (FG) is a minimal core calculus that includes essential...