Information flow analysis for a typed assembly language with polymorphic stacks

Authors:
Eduardo Bonelli;Adriana Compagnoni;Ricardo Medel
Affiliations:
LIFIA, Fac. de Informática, Univ. Nac. de La Plata, Argentina;Stevens Institute of Technology, Hoboken, NJ;Stevens Institute of Technology, Hoboken, NJ
Venue:
CASSIS'05 Proceedings of the Second international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Year:
2005

Citing 18
Cited 2

From system F to typed assembly language

POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Certification of programs for secure information flow

Communications of the ACM
A lattice model of secure information flow

Communications of the ACM
Secure Information Flow via Linear Continuations

Higher-Order and Symbolic Computation
Alias Types

ESOP '00 Proceedings of the 9th European Symposium on Programming Languages and Systems
A Type-Based Approach to Program Security

TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
Stack-Based Typed Assembly Language

TIC '98 Proceedings of the Second International Workshop on Types in Compilation
Secure Information Flow and Pointer Confinement in a Java-like Language

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Proving multilevel security of a system design

SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
Software development and proofs of multi-level security

ICSE '76 Proceedings of the 2nd international conference on Software engineering
Robust Declassification

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A Dependently Typed Assembly Language

A Dependently Typed Assembly Language
Compiling with proofs

Compiling with proofs
Heap-Bounded Assembly Language

Journal of Automated Reasoning
Enforcing Robust Declassification

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Timing Aware Information Flow Security for a JavaCard-like Bytecode

Electronic Notes in Theoretical Computer Science (ENTCS)
A typed assembly language for non-interference

ICTCS'05 Proceedings of the 9th Italian conference on Theoretical Computer Science
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

A certified lightweight non-interference java bytecode verifier

ESOP'07 Proceedings of the 16th European conference on Programming
An accurate type system for information flow in presence of arrays

FMOODS'11/FORTE'11 Proceedings of the joint 13th IFIP WG 6.1 and 30th IFIP WG 6.1 international conference on Formal techniques for distributed systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

We study secure information flow in a stack based Typed Assembly Language (TAL). We define a TAL with an execution stack and establish the soundness of its type system by proving non-interference. One of the problems of studying information flow for a low-level language is the absence of high-level control flow constructs that guide information flow analysis in high-level languages. Furthermore, in the presence of an execution stack, code that frees space on the stack must be constrained in order to avoid illegal flows. Finally, in the presence of stack polymorphism, we must ensure that type variables are instantiated without observable differences. These issues are addressed by introducing junction points into the type system, ensuring that they behave as ordered linear continuations, and that they interact safely with the execution stack. We also discuss several limitations of our approach and point out some remaining open issues.