research-article

Open access

A derivation framework for dependent security label inference

Authors:

Danfeng ZhangAuthors Info & Claims

Proceedings of the ACM on Programming Languages, Volume 2, Issue OOPSLA

Article No.: 115, Pages 1 - 26

https://doi.org/10.1145/3276485

Published: 24 October 2018 Publication History

Abstract

Dependent security labels (security labels that depend on program states) in various forms have been introduced to express rich information flow policies. They are shown to be essential in the verification of real-world software and hardware systems such as conference management systems, Android Apps, a MIPS processor and a TrustZone-like architecture. However, most work assumes that all (complex) labels are provided manually, which can both be error-prone and time-consuming.

In this paper, we tackle the problem of automatic label inference for static information flow analyses with dependent security labels. In particular, we propose the first general framework to facilitate the design and validation (in terms of soundness and/or completeness) of inference algorithms. The framework models label inference as constraint solving and offers guidelines for sound and/or complete constraint solving. Under the framework, we propose novel constraint solving algorithms that are both sound and complete. Evaluation result on sets of constraints generated from secure and insecure variants of a MIPS processor suggests that the novel algorithms improve the performance of an existing algorithm by orders of magnitude and offers better scalability.

References

[1]

Alexander Aiken. 1999. Introduction to set constraint-based program analysis. Science of Computer Programming 35, 2-3 (1999), 79–111.

Digital Library

[2]

Alexander Aiken, Edward L Wimmers, and TK Lakshman. 1994. Soft typing with conditional types. In Proceedings of the 21st ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM, 163–173.

Digital Library

[3]

Owen Arden, Michael D. George, Jed Liu, K. Vikram, Aslan Askarov, and Andrew C. Myers. 2012. Sharing Mobile Code Securely With Information Flow Control. In Proc. IEEE Symp. on Security and Privacy (S&P). 191–205.

Digital Library

[4]

Lennart Augustsson. 1998. Cayenne—a language with dependent types. In Proc. 3 rd ACM SIGPLAN Int’l Conf. on Functional Programming (ICFP). 239–250.

Digital Library

[5]

D Elliott Bell and Leonard J LaPadula. 1973. Secure Computer Systems: mathematical foundations and model. Technical Report M74-244. MITRE Corp., Bedford, MA.

[6]

Hongxu Chen, Alwen Tiu, Zhiwu Xu, and Yang Liu. 2018. A permission-dependent type system for secure information flow analysis. In 2018 IEEE 31st Computer Security Foundations Symposium (CSF). IEEE, 218–232.

[7]

Juan Chen, Ravi Chugh, and Nikhil Swamy. 2010. Type-preserving Compilation of End-to-end Verification of Security Enforcement. In Proc. ACM SIGPLAN Conf. on Programming Language Design and Implementation (PLDI). 412–423.

Digital Library

[8]

Jeremy Condit, Matthew Harren, Zachary Anderson, David Gay, and George C. Necula. 2007. Dependent types for low-level programming. In Proc. European Symposium on Programming (ESOP). 520–535.

Digital Library

[9]

Jeffrey S Fenton. 1974. Memoryless subsystems. Comput. J. 17, 2 (1974), 143–147.

[10]

Andrew Ferraiuolo, Rui Xu, Danfeng Zhang, Andrew C. Myers, and G. Edward Suh. 2017. Verification of a Practical Hardware Security Architecture Through Static Information Flow Analysis. In Proc. Int’l Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 555–568.

Digital Library

[11]

Joseph A. Goguen and Jose Meseguer. 1982. Security Policies and Security Models. In Proc. IEEE Symp. on Security and Privacy (S&P). 11–20.

[12]

Robert Grabowski and Lennart Beringer. 2009. Noninterference with Dynamic Security Domains and Policies. In Advances in Computer Science – ASIAN 2009. Information Security and Privacy. 54–68. LNCS 5913.

Digital Library

[13]

Sebastian Hunt and David Sands. 2006. On Flow-sensitive Security Types. In Conference Record of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’06). ACM, New York, NY, USA, 79–90.

Digital Library

[14]

Limin Jia, Jeffrey A. Vaughan, Karl Mazurak, Jianzhou Zhao, Luke Zarko, Joseph Schorr, and Steve Zdancewic. 2008. AURA: A Programming Language for Authorization and Audit. In Proc. 13 th ACM SIGPLAN Int’l Conf. on Functional Programming (ICFP). 27–38.

Digital Library

[15]

Gurvan Le Guernic and Thomas Jensen. 2005. Monitoring Information Flow. In Workshop on Foundations of Computer Security - FCS’05. 19–30.

[16]

Peixuan Li and Danfeng Zhang. 2017. Towards a Flow- and Path-Sensitive Information Flow Analysis. In Proceedings of the 30th IEEE Computer Security Foundations Symposium (CSF). 53–67.

[17]

Jed Liu, Michael D. George, K. Vikram, Xin Qi, Lucas Waye, and Andrew C. Myers. 2009. Fabric: A Platform For Secure Distributed Computation and Storage. In Symp. on Operating Systems Principles (SOSP). 321–334.

Digital Library

[18]

Luísa Lourenço and Luís Caires. 2015. Dependent Information Flow Types. In Proceedings of the 42Nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. 317–328.

Digital Library

[19]

Per Martin-Löf. 1982. Constructive mathematics and computer programming. Studies in Logic and the Foundations of Mathematics 104 (1982), 153–175.

[20]

Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In Proc. Conf. on Tools and Algorithms for the Construction and Analysis of Systems (TACAS).

Digital Library

[21]

Toby Murray, Robert Sison, Edward Pierzchalski, and Christine Rizkallah. 2016. Compositional verification and refinement of concurrent value-dependent noninterference. In Computer Security Foundations Symposium (CSF), 2016 IEEE 29th. IEEE, 417–431.

[22]

Andrew C. Myers. 1999. JFlow: Practical Mostly-Static Information Flow Control. In Proc. 26 th ACM Symposium on Principles of Programming Languages (POPL). 228–241. http://www.cs.cornell.edu/andru/papers/popl99/popl99.pdf

Digital Library

[23]

Andrew C. Myers, G. Edward Suh, Danfeng Zhang, Yao Wang, Andrew Ferraiuolo, Rui Xu, and Ian Thompson. 2015. SecVerilog 1.0: Verilog + Information Flow. (2015). Software release, http://www.cs.cornell.edu/projects/secverilog .

[24]

Andrew C. Myers, Lantian Zheng, Steve Zdancewic, Stephen Chong, and Nathaniel Nystrom. 2006. Jif 3.0: Java Information Flow. (July 2006). Software release, http://www.cs.cornell.edu/jif .

[25]

Nadia Polikarpova, Jean Yang, Shachar Itzhaky, Travis Hance, and Armando Solar-Lezama. 2018. Enforcing Information Flow Policies with Type-Targeted Program Synthesis. arXiv preprint arXiv:1607.03445v2 (2018).

[26]

François Pottier and Vincent Simonet. 2002. Information flow inference for ML. In Proc. 29 th ACM Symposium on Principles of Programming Languages (POPL). 319–330.

Digital Library

[27]

Jakob Rehof et al. 1999. Tractable constraints in finite semilattices. Science of Computer Programming 35, 2-3 (1999), 191–221.

Digital Library

[28]

Patrick M. Rondon, Ming Kawaguci, and Ranjit Jhala. 2008. Liquid Types. In Proc. ACM SIGPLAN Conf. on Programming Language Design and Implementation (PLDI). 159–169.

Digital Library

[29]

Andrei Sabelfeld and Alejandro Russo. 2010. From dynamic to static and back: Riding the roller coaster of information-flow control research. Perspectives of Systems Informatics (2010), 352–365.

Digital Library

[30]

Paritosh Shroff, Scott Smith, and Mark Thober. 2007. Dynamic dependency monitoring to secure information flow. In Computer Security Foundations Symposium, 2007. CSF’07. 20th IEEE. IEEE, 203–217.

Digital Library

[31]

Vincent Simonet. 2003. The Flow Caml System: documentation and user’s manual. Technical Report 0282. Institut National de Recherche en Informatique et en Automatique (INRIA).

[32]

Nikhil Swamy, Juan Chen, Cédric Fournet, Pierre-Yves Strub, Karthikeyan Bhargavan, and Jean Yang. 2011. Secure Distributed Programming with Value-dependent Types. In Proc. 16 th ACM SIGPLAN Int’l Conf. on Functional Programming (ICFP). 266–278.

Digital Library

[33]

Nikhil Swamy, Brian J. Corcoran, and Michael Hicks. 2008. Fable: A Language for Enforcing User-defined Security Policies. In Proc. IEEE Symp. on Security and Privacy (S&P). 369–383.

Digital Library

[34]

Stephen Tse and Steve Zdancewic. 2007. Run-Time Principals in Information-Flow Type Systems. ACM Trans. on Programming Languages and Systems 30, 1 (2007), 6.

Digital Library

[35]

Jeffrey A Vaughan and Stephen Chong. 2011. Inference of expressive declassification policies. In Security and Privacy (SP), 2011 IEEE Symposium on. IEEE, 180–195.

Digital Library

[36]

Niki Vazou, Eric L Seidel, Ranjit Jhala, Dimitrios Vytiniotis, and Simon Peyton-Jones. 2014. Refinement types for Haskell. In ACM SIGPLAN Notices, Vol. 49. ACM, 269–282.

Digital Library

[37]

Dennis Volpano, Geoffrey Smith, and Cynthia Irvine. 1996. A Sound Type System for Secure Flow Analysis. Journal of Computer Security 4, 3 (1996), 167–187.

Digital Library

[38]

Hongwei Xi. 2000. Imperative programming with dependent types. In Proc. IEEE Symposium on Logic in Computer Science. 375–387.

Digital Library

[39]

Hongwei Xi and Frank Pfenning. 1999. Dependent Types in Practical Programming. In Proc. ACM Symp. on Principles of Programming Languages (POPL). 214–227.

Digital Library

[40]

Danfeng Zhang and Andrew C. Myers. 2014. Toward General Diagnosis of Static Errors. In Proc. 14 th ACM Symposium on Principles of Programming Languages (POPL). 569–581. http://www.cs.cornell.edu/andru/papers/diagnostic

Digital Library

[41]

Danfeng Zhang, Yao Wang, G. Edward Suh, and Andrew C. Myers. 2015. A Hardware Design Language for Timing-Sensitive Information-Flow Security. In Proc. 20 th Int’l Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 503–516.

Digital Library

[42]

Lantian Zheng and Andrew C. Myers. 2007. Dynamic Security Labels and Static Information Flow Control. Intl’ J. of Information Security 6, 2–3 (March 2007).

Digital Library

Cited By

Smith G(2023)A Dafny-based approach to thread-local information flow analysis2023 IEEE/ACM 11th International Conference on Formal Methods in Software Engineering (FormaliSE)10.1109/FormaliSE58978.2023.00017(86-96)Online publication date: May-2023
https://doi.org/10.1109/FormaliSE58978.2023.00017
Wang YLu ZCao PChu JWang HWattenhofer R(2022)How Live Streaming Changes Shopping Decisions in E-commerce: A Study of Live Streaming CommerceComputer Supported Cooperative Work10.1007/s10606-022-09439-231:4(701-729)Online publication date: 1-Dec-2022
https://dl.acm.org/doi/10.1007/s10606-022-09439-2
Xu ZChen HTiu ALiu YSareen K(2021)A permission-dependent type system for secure information flow analysisJournal of Computer Security10.3233/JCS-200036(1-68)Online publication date: 17-Feb-2021
https://doi.org/10.3233/JCS-200036

Index Terms

A derivation framework for dependent security label inference
1. Security and privacy
  1. Systems security
    1. Information flow control
2. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language features
        Constraints
      2. Language types
        Constraint and logic languages
  2. Software organization and properties
    1. Software functional properties
      1. Formal methods
        Automated static analysis

Recommendations

Instance-dependent partial label learning
NIPS '21: Proceedings of the 35th International Conference on Neural Information Processing Systems

Partial label learning (PLL) is a typical weakly supervised learning problem, where each training example is associated with a set of candidate labels among which only one is true. Most existing PLL approaches assume that the incorrect labels in each ...
Transductive Multilabel Learning via Label Set Propagation

The problem of multilabel classification has attracted great interest in the last decade, where each instance can be assigned with a set of multiple class labels simultaneously. It has a wide variety of real-world applications, e.g., automatic image ...
Learning Label-Specific Features and Class-Dependent Labels for Multi-Label Classification

Binary Relevance is a well-known framework for multi-label classification, which considers each class label as a binary classification problem. Many existing multi-label algorithms are constructed within this framework, and utilize identical data ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Programming Languages

Proceedings of the ACM on Programming Languages Volume 2, Issue OOPSLA

November 2018

1656 pages

EISSN:2475-1421

DOI:10.1145/3288538

Issue’s Table of Contents

Copyright © 2018 Owner/Author.

This work is licensed under a Creative Commons Attribution-NoDerivs International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2018

Published in PACMPL Volume 2, Issue OOPSLA

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

NSF

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
457
Total Downloads

Downloads (Last 12 months)74
Downloads (Last 6 weeks)12

Reflects downloads up to 18 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Smith G(2023)A Dafny-based approach to thread-local information flow analysis2023 IEEE/ACM 11th International Conference on Formal Methods in Software Engineering (FormaliSE)10.1109/FormaliSE58978.2023.00017(86-96)Online publication date: May-2023
https://doi.org/10.1109/FormaliSE58978.2023.00017
Wang YLu ZCao PChu JWang HWattenhofer R(2022)How Live Streaming Changes Shopping Decisions in E-commerce: A Study of Live Streaming CommerceComputer Supported Cooperative Work10.1007/s10606-022-09439-231:4(701-729)Online publication date: 1-Dec-2022
https://dl.acm.org/doi/10.1007/s10606-022-09439-2
Xu ZChen HTiu ALiu YSareen K(2021)A permission-dependent type system for secure information flow analysisJournal of Computer Security10.3233/JCS-200036(1-68)Online publication date: 17-Feb-2021
https://doi.org/10.3233/JCS-200036

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents