Information Flow Tracking for Side-Effectful Libraries - Formal Techniques for Distributed Objects, Components, and Systems (FORTE 2018) Access content directly
Conference Papers Year : 2018

Information Flow Tracking for Side-Effectful Libraries

Abstract

Dynamic information flow control is a promising technique for ensuring confidentiality and integrity of applications that manipulate sensitive information. While much progress has been made on increasingly powerful programming languages ranging from low-level machine languages to high-level languages for distributed systems, surprisingly little attention has been devoted to libraries and APIs. The state of the art is largely an all-or-nothing choice: either a shallow or deep library modeling approach. Seeking to break out of this restrictive choice, we formalize a general mechanism that tracks information flow for a language that includes higher-order functions, structured data types and references. A key feature of our approach is the model heap, a part of the memory, where security information is kept to enable the interaction between the labeled program and the unlabeled library. We provide a proof-of-concept implementation and report on experiments with a file system library. The system has been proved correct using Coq.
Fichier principal
Vignette du fichier
469043_1_En_8_Chapter.pdf (370.14 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01824816 , version 1 (27-06-2018)

Licence

Attribution

Identifiers

Cite

Alexander Sjösten, Daniel Hedin, Andrei Sabelfeld. Information Flow Tracking for Side-Effectful Libraries. 38th International Conference on Formal Techniques for Distributed Objects, Components, and Systems (FORTE), Jun 2018, Madrid, Spain. pp.141-160, ⟨10.1007/978-3-319-92612-4_8⟩. ⟨hal-01824816⟩
258 View
66 Download

Altmetric

Share

Gmail Facebook X LinkedIn More