DeepAI AI Chat
Log In Sign Up

Static Information Flow Control Made Simpler

by   Hemant Gouni, et al.
University of Minnesota
Carnegie Mellon University

Static information flow control (IFC) systems provide the ability to restrict data flows within a program, enabling vulnerable functionality or confidential data to be statically isolated from unsecured data or program logic. Despite the wide applicability of IFC as a mechanism for guaranteeing confidentiality and integrity – the fundamental properties on which computer security relies – existing IFC systems have seen little use, requiring users to reason about complicated mechanisms such as lattices of security labels and dual notions of confidentiality and integrity within these lattices. We propose a system that diverges significantly from previous work on information flow control, opting to reason directly about the data that programmers already work with. In doing so, we naturally and seamlessly combine the clasically separate notions of confidentiality and integrity into one unified framework, further simplifying reasoning. We motivate and showcase our work through two case studies on TLS private key management: one for Rocket, a popular Rust web framework, and another for Conduit, a server implementation for the Matrix messaging service written in Rust.


page 1

page 2

page 3

page 4


Nonmalleable Information Flow: Technical Report

Noninterference is a popular semantic security condition because it offe...

Information Flow Control-by-Construction for an Object-Oriented Language Using Type Modifiers

In security-critical software applications, confidential information mus...

Graded Modal Types for Integrity and Confidentiality

Graded type systems, such as the one underlying the Granule programming ...

A Calculus for Flow-Limited Authorization

Real-world applications routinely make authorization decisions based on ...

Language-Based Web Session Integrity

Session management is a fundamental component of web applications: despi...

Bridging Static and Dynamic Program Analysis using Fuzzy Logic

Static program analysis is used to summarize properties over all dynamic...

Giving Semantics to Program-Counter Labels via Secure Effects

Type systems designed for information-flow control commonly use a progra...