An accurate type system for information flow in presence of arrays

Authors:
Séverine Fratani;Jean-Marc Talbot
Affiliations:
Laboratoire d'Informatique Fondamentale de Marseille, UMR, CNRS, Université de la Méditerranée, Université de Provence;Laboratoire d'Informatique Fondamentale de Marseille, UMR, CNRS, Université de la Méditerranée, Université de Provence
Venue:
FMOODS'11/FORTE'11 Proceedings of the joint 13th IFIP WG 6.1 and 30th IFIP WG 6.1 international conference on Formal techniques for distributed systems
Year:
2011

Citing 15
Cited 0

JFlow: practical mostly-static information flow control

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound type system for secure flow analysis

Journal of Computer Security
Certification of programs for secure information flow

Communications of the ACM
A lattice model of secure information flow

Communications of the ACM
Information flow inference for ML

ACM Transactions on Programming Languages and Systems (TOPLAS)
TReX: A Tool for Reachability Analysis of Complex Systems

CAV '01 Proceedings of the 13th International Conference on Computer Aided Verification
Lenient Array Operations for Practical Secure Information Flow

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
On flow-sensitive security types

Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Discovering properties about arrays in simple programs

Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Valigator: A Verification Tool with Bound and Invariant Generation

LPAR '08 Proceedings of the 15th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning
Information flow analysis for a typed assembly language with polymorphic stacks

CASSIS'05 Proceedings of the Second international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
An analysis of permutations in arrays

VMCAI'10 Proceedings of the 11th international conference on Verification, Model Checking, and Abstract Interpretation
Information flow analysis for java bytecode

VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Precise and automated contract-based reasoning for verification and certification of information flow properties of programs with arrays

ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Secure information flow analysis aims to check that the execution of a program does not reveal information about secret data manipulated by this program. In this paper, we consider programs dealing with arrays; unlike most of existing works, we will not assume that arrays are homogeneous in terms of security levels. Some part of an array can be declared as secret whereas another part is public. Based on a pre-computed approximation of integer variables (serving as indices for arrays), we devise a type system such that typed programs do not leak unauthorized information. Soundness of our type system is proved by a non-interference theorem.