Abstract
We present an expressive information-flow control type system with recursive types, existential types, label polymorphism, and impredicative type polymorphism for a higher-order programming language with higher-order state. We give a novel semantic model of this type system and show that well-typed programs satisfy termination-insensitive noninterference. Our semantic approach supports compositional integration of syntactically well-typed and syntactically ill-typed---but semantically sound---components, which we demonstrate through several interesting examples. We define our model using logical relations on top of the Iris program logic framework; to capture termination-insensitivity, we develop a novel language-agnostic theory of Modal Weakest Preconditions. We formalize all of our theory and examples in the Coq proof assistant.
- Martín Abadi. 2006. Access control in a core calculus of dependency. In Proceedings of the 11th ACM SIGPLAN International Conference on Functional Programming, ICFP 2006, Portland, Oregon, USA, September 16-21, 2006. 263-273. https: //doi.org/10.1145/1159803.1159839 Google ScholarDigital Library
- Martín Abadi, Anindya Banerjee, Nevin Heintze, and Jon G. Riecke. 1999. A Core Calculus of Dependency. In POPL '99, Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Antonio, TX, USA, January 20-22, 1999. 147-160. https://doi.org/10.1145/292540.292555 Google ScholarDigital Library
- Amal Ahmed. 2004. Semantics of Types for Mutable State. Ph.D. Dissertation. Princeton University.Google ScholarDigital Library
- Amal J. Ahmed, Andrew W. Appel, and Roberto Virga. 2002. A Stratified Semantics of General References A Stratified Semantics of General References. In 17th IEEE Symposium on Logic in Computer Science (LICS 2002 ), 22-25 July 2002, Copenhagen, Denmark, Proceedings. 75. https://doi.org/10.1109/LICS. 2002.1029818 Google ScholarCross Ref
- Maximilian Algehed and Jean-Philippe Bernardy. 2019. Simple noninterference from parametricity. Proc. ACM Program. Lang. 3, ICFP ( 2019 ), 89 : 1-89 : 22. https://doi.org/10.1145/3341693 Google ScholarDigital Library
- Maximilian Algehed, Jean-Philippe Bernardy, and Catalin Hritcu. 2020. Dynamic IFC Theorems for Free! CoRR abs/ 2005.04722 ( 2020 ). arXiv: 2005.04722 https://arxiv.org/abs/ 2005.04722Google Scholar
- Maximilian Algehed and Alejandro Russo. 2017. Encoding DCC in Haskell. In Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security, PLAS@CCS 2017, Dallas, TX, USA, October 30, 2017. 77-89. https: //doi.org/10.1145/3139337.3139338 Google ScholarDigital Library
- Owen Arden and Andrew C. Myers. 2016. A Calculus for Flow-Limited Authorization. In IEEE 29th Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal, June 27-July 1, 2016. 135-149. https://doi.org/10.1109/CSF. 2016.17 Google ScholarCross Ref
- Lars Birkedal and Aleš Bizjak. 2017. Lecture Notes on Iris: Higher-Order Concurrent Separation Log. http://iris-project. org/ tutorial-pdfs/iris-lecture-notes.pdf. ( 2017 ).Google Scholar
- Lars Birkedal, Bernhard Reus, Jan Schwinghammer, Kristian Støvring, Jacob Thamsborg, and Hongseok Yang. 2011. Stepindexed kripke models over recursive worlds. In Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, Austin, TX, USA, January 26-28, 2011. 119-132. https://doi.org/10.1145/1926385. 1926401 Google ScholarDigital Library
- William J. Bowman and Amal Ahmed. 2015. Noninterference for free. In Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming, ICFP 2015, Vancouver, BC, Canada, September 1-3, 2015. 101-113. https://doi.org/ 10.1145/2784731.2784733 Google ScholarDigital Library
- Derek Dreyer, Amal Ahmed, and Lars Birkedal. 2009. Logical Step-Indexed Logical Relations. In Proceedings of the 24th Annual IEEE Symposium on Logic in Computer Science, LICS 2009, 11-14 August 2009, Los Angeles, CA, USA. 71-80. https://doi.org/10.1109/LICS. 2009.34 Google ScholarDigital Library
- Luminous Fennell and Peter Thiemann. 2013. Gradual Security Typing with References. In 2013 IEEE 26th Computer Security Foundations Symposium, New Orleans, LA, USA, June 26-28, 2013. 224-239. https://doi.org/10.1109/CSF. 2013.22 Google ScholarDigital Library
- Dan Frumin, Robbert Krebbers, and Lars Birkedal. 2019. Compositional Non-Interference for Fine-Grained Concurrent Programs. CoRR abs/ 1910.00905 ( 2019 ). arXiv: 1910.00905 http://arxiv.org/abs/ 1910.00905Google Scholar
- J. A. Goguen and J. Meseguer. 1982. Security Policies and Security Models. 1982 IEEE Symposium on Security and Privacy (Apr 1982 ). https://doi.org/10.1109/sp. 1982.10014 Google ScholarCross Ref
- Simon Gregersen, Søren Eller Thomsen, and Aslan Askarov. 2019. A Dependently Typed Library for Static Information-Flow Control in Idris. In Principles of Security and Trust-8th International Conference, POST 2019, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2019, Prague, Czech Republic, April 6-11, 2019, Proceedings. 51-75. https://doi.org/10.1007/978-3-030-17138-4_3 Google ScholarCross Ref
- Nevin Heintze and Jon G. Riecke. 1998. The SLam Calculus: Programming with Secrecy and Integrity. In POPL '98, Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Diego, CA, USA, January 19-21, 1998. 365-377. https://doi.org/10.1145/268946.268976 Google ScholarDigital Library
- Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2018a. RustBelt: securing the foundations of the rust programming language. Proc. ACM Program. Lang. 2, POPL ( 2018 ), 66 : 1-66 : 34. https://doi.org/10.1145/3158154 Google ScholarDigital Library
- Ralf Jung, Robbert Krebbers, Lars Birkedal, and Derek Dreyer. 2016. Higher-order ghost state. In Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming, ICFP 2016, Nara, Japan, September 18-22, 2016. 256-269. https://doi.org/10.1145/2951913.2951943 Google ScholarDigital Library
- Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Ales Bizjak, Lars Birkedal, and Derek Dreyer. 2018b. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. J. Funct. Program. 28 ( 2018 ), e20. https://doi.org/10.1017/S0956796818000151 Google ScholarCross Ref
- Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2015, Mumbai, India, January 15-17, 2015. 637-650. https://doi.org/10.1145/2676726.2676980 Google ScholarDigital Library
- Robbert Krebbers, Jacques-Henri Jourdan, Ralf Jung, Joseph Tassarotti, Jan-Oliver Kaiser, Amin Timany, Arthur Charguéraud, and Derek Dreyer. 2018. MoSeL: a general, extensible modal framework for interactive proofs in separation logic. PACMPL 2, ICFP ( 2018 ), 77 : 1-77 : 30. https://doi.org/10.1145/3236772 Google ScholarDigital Library
- Robbert Krebbers, Ralf Jung, Ales Bizjak, Jacques-Henri Jourdan, Derek Dreyer, and Lars Birkedal. 2017a. The Essence of Higher-Order Concurrent Separation Logic. In Programming Languages and Systems-26th European Symposium on Programming, ESOP 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings. 696-723. https://doi.org/10.1007/978-3-662-54434-1_26 Google ScholarDigital Library
- Robbert Krebbers, Amin Timany, and Lars Birkedal. 2017b. Interactive Proofs in Higher-Order Concurrent Separation Logic. In Principles of Programming Languages (POPL).Google Scholar
- Peng Li and Steve Zdancewic. 2006. Encoding Information Flow in Haskell. In 19th IEEE Computer Security Foundations Workshop, (CSFW-19 2006 ), 5-7 July 2006, Venice, Italy. 16. https://doi.org/10.1109/CSFW. 2006.13 Google ScholarDigital Library
- Luísa Lourenço and Luís Caires. 2015. Dependent Information Flow Types. In Proceedings of the 42nd Annual ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, POPL 2015, Mumbai, India, January 15-17, 2015. 317-328. https://doi.org/10.1145/2676726.2676994 Google ScholarDigital Library
- Toby C. Murray, Robert Sison, Edward Pierzchalski, and Christine Rizkallah. 2016. Compositional Verification and Refinement of Concurrent Value-Dependent Noninterference. In IEEE 29th Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal, June 27-July 1, 2016. 417-431. https://doi.org/10.1109/CSF. 2016.36 Google ScholarCross Ref
- Andrew C. Myers. 1999. JFlow: Practical Mostly-Static Information Flow Control. In POPL '99, Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Antonio, TX, USA, January 20-22, 1999. 228-241. https://doi.org/10.1145/292540.292561 Google ScholarDigital Library
- Aleksandar Nanevski, Anindya Banerjee, and Deepak Garg. 2011. Verification of Information Flow and Access Control Policies with Dependent Types. In 32nd IEEE Symposium on Security and Privacy, S&P 2011, 22-25 May 2011, Berkeley, California, USA. 165-179. https://doi.org/10.1109/SP. 2011.12 Google ScholarDigital Library
- Andrew M. Pitts and Ian D. B. Stark. 1998. Operational Reasoning for Functions with Local State. In Higher Order Operational Techniques in Semantics, A. D. Gordon and A. M. Pitts (Eds.). Cambridge University Press, 227-273.Google Scholar
- Gordon D. Plotkin and Martín Abadi. 1993. A Logic for Parametric Polymorphism. In Typed Lambda Calculi and Applications, International Conference on Typed Lambda Calculi and Applications, TLCA '93, Utrecht, The Netherlands, March 16-18, 1993, Proceedings. 361-375. https://doi.org/10.1007/BFb0037118 Google ScholarCross Ref
- François Pottier and Sylvain Conchon. 2000. Information flow inference for free. In Proceedings of the Fifth ACM SIGPLAN International Conference on Functional Programming (ICFP '00), Montreal, Canada, September 18-21, 2000. 46-57. https: //doi.org/10.1145/351240.351245 Google ScholarDigital Library
- François Pottier and Vincent Simonet. 2003. Information flow inference for ML. ACM Trans. Program. Lang. Syst. 25, 1 ( 2003 ), 117-158. https://doi.org/10.1145/596980.596983 Google ScholarDigital Library
- Vineet Rajani and Deepak Garg. 2020. On the expressiveness and semantics of information flow types. Journal of Computer Security 28, 1 ( 2020 ), 129-156. https://doi.org/10.3233/JCS-191382 Google ScholarCross Ref
- Alejandro Russo. 2015. Functional pearl: two can keep a secret, if one of them uses Haskell. In Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming, ICFP 2015, Vancouver, BC, Canada, September 1-3, 2015. 280-288. https://doi.org/10.1145/2784731.2784756 Google ScholarDigital Library
- Alejandro Russo, Koen Claessen, and John Hughes. 2008. A library for light-weight information-flow security in haskell. In Proceedings of the 1st ACM SIGPLAN Symposium on Haskell, Haskell 2008, Victoria, BC, Canada, 25 September 2008. 13-24. https://doi.org/10.1145/1411286.1411289 Google ScholarDigital Library
- Andrei Sabelfeld and David Sands. 1999. A PER Model of Secure Information Flow in Sequential Programs. In Programming Languages and Systems, 8th European Symposium on Programming, ESOP'99, Held as Part of the European Joint Conferences on the Theory and Practice of Software, ETAPS'99, Amsterdam, The Netherlands, 22-28 March, 1999, Proceedings. 40-58. https://doi.org/10.1007/3-540-49099-X_4 Google ScholarCross Ref
- Andrei Sabelfeld and David Sands. 2001. A Per Model of Secure Information Flow in Sequential Programs. High. Order Symb. Comput. 14, 1 ( 2001 ), 59-91. https://doi.org/10.1023/A:1011553200337 Google ScholarDigital Library
- Vincent Simonet. 2003a. Flow Caml in a Nutshell. In Proc. of the first APPSEM-II workshop, Graham Hutton (Ed.). Nottingham, United Kingdom.Google Scholar
- Vincnet Simonet. 2003b. The Flow Caml system. http://cristal.inria.fr/~simonet/soft/flowcamlGoogle Scholar
- Amin Timany and Lars Birkedal. 2019. Mechanized relational verification of concurrent programs with continuations. Proc. ACM Program. Lang. 3, ICFP ( 2019 ), 105 : 1-105 : 28. https://doi.org/10.1145/3341709 Google ScholarDigital Library
- Amin Timany, Léo Stefanesco, Morten Krogh-Jespersen, and Lars Birkedal. 2018. A logical relation for monadic encapsulation of state: proving contextual equivalences in the presence of runST. Proc. ACM Program. Lang. 2, POPL ( 2018 ), 64 : 1-64 : 28. https://doi.org/10.1145/3158152 Google ScholarDigital Library
- Stephen Tse and Steve Zdancewic. 2004. Translating dependency into parametricity. In Proceedings of the Ninth ACM SIGPLAN International Conference on Functional Programming, ICFP 2004, Snow Bird, UT, USA, September 19-21, 2004. 115-125. https://doi.org/10.1145/1016850.1016868 Google ScholarDigital Library
- Aaron Turon, Derek Dreyer, and Lars Birkedal. 2013. Unifying refinement and hoare-style reasoning in a logic for higherorder concurrency. In ACM SIGPLAN International Conference on Functional Programming, ICFP'13, Boston, MA, USA-September 25-27, 2013. 377-390. https://doi.org/10.1145/2500365.2500600 Google ScholarDigital Library
- Marco Vassena, Alejandro Russo, Pablo Buiras, and Lucas Waye. 2018. MAC A verified static information-flow control library. Journal of Logical and Algebraic Methods in Programming 95 ( 2018 ), 148-180. https://doi.org/10.1016/j.jlamp. 2017. 12.003 Google ScholarCross Ref
- Marco Vassena, Alejandro Russo, Deepak Garg, Vineet Rajani, and Deian Stefan. 2019. From fine-to coarse-grained dynamic information flow control and back. Proc. ACM Program. Lang. 3, POPL ( 2019 ), 76 : 1-76 : 31. https://doi.org/10.1145/3290389 Google ScholarDigital Library
- Stephan Arthur Zdancewic. 2002. Programming Languages for Information Security. Ph.D. Dissertation. Cornell University, USA.Google ScholarDigital Library
- Lantian Zheng and Andrew C. Myers. 2007. Dynamic security labels and static information flow control. Int. J. Inf. Sec. 6, 2-3 ( 2007 ), 67-84. https://doi.org/10.1007/s10207-007-0019-9 Google ScholarCross Ref
Index Terms
- Mechanized logical relations for termination-insensitive noninterference
Recommendations
Structural Logical Relations
LICS '08: Proceedings of the 2008 23rd Annual IEEE Symposium on Logic in Computer ScienceTait's method (a.k.a. proof by logical relations) is a powerful proof technique frequently used for showing foundational properties of languages based on typed lambda-calculi. Historically, these proofs have been extremely difficult to formalize in ...
A logical relation for monadic encapsulation of state: proving contextual equivalences in the presence of runST
We present a logical relations model of a higher-order functional programming language with impredicative polymorphism, recursive types, and a Haskell-style ST monad type with runST. We use our logical relations model to show that runST provides proper ...
Structural logical relations with case analysis and equality reasoning
LFMTP '13: Proceedings of the Eighth ACM SIGPLAN international workshop on Logical frameworks & meta-languages: theory & practiceFormalizing proofs by logical relations in the Twelf proof assistant is known to be notoriously difficult. However, as demonstrated by Schürmann and Sarnat [In Proc. of 23rd Symp. on Logic in Computer Science, 2008] such proofs can be represented and ...
Comments