A Simple View of Type-Secure Information Flow in the p-Calculus.

We give a structured view of recent work in the area and identify some important open challenges. ... In this article we survey the past three decades of research on information-flow security, particularly focusing on work that uses static program analysis to enforce information-flow policies. ... ACKNOWLEDGMENT The authors would like to thank M. Hicks for helpful comments and the anonymous reviewers for useful feedback. ...

doi:10.1109/jsac.2002.806121 fatcat:elktqhzkyfcqhb7kcghzi4j3pe

The idea is to view channels as information carriers rather than as "events", so that emitting a secret on output channel can be considered safe, while inputting a secret may lead to some kind of leakage ... This is in contrast with the standard notion of noninterference for the process calculi where any causal dependency of low-level action from any high-level action is forbidden. ... She also observed that the P-BNDC is not closed under general contexts and provided the example reported in this paper. We gratefully acknowledge the Group MIMOSA at INRIA Sophia-Antipolis ...

arXiv:1109.4843v1 fatcat:5jmdxlyr25hcpbn7egoowhwuda

We propose an extension of the asynchronous π -calculus in which a variety of security properties may be captured using types. ... These are an extension of the input/output types for the π-calculus in which I/O capabilities are assigned specific security levels. ... ACKNOWLEDGMENTS The authors would like to thank I. Castellani for a careful reading of a draft version of the article and the referees for their many suggestions for improvement. ...

doi:10.1145/570886.570890 fatcat:4v5ru7f43bbf3pfmlqpdr4jsye

This paper proposes an extensional semantics-based formal specification of secure information-flow properties in sequential programs based on representing degrees of security by partial equivalence relations ... The specification clarifies and unifies a number of specific correctness arguments in the literature, and connections to other forms of program analysis. ... In the usual terminology of information flow, we have considered possibilistic information flows. ...

doi:10.1007/3-540-49099-x_4 fatcat:64obrmgtujaozptj5hjxbazagy

The types of the SLam calculus mingle security information with type information. ... Unfortunately, in classic information flow systems, data quickly floats to the highest level of security. ...

doi:10.1145/268946.268976 dblp:conf/popl/HeintzeR98 fatcat:uclq7dxrcnd25m5bevbpivwudm

To establish this thesis, we translate typed calculi for secure information flow, binding-time analysis, slicing, and call-tracking into DCC. ... The translations help clarify aspects of the source calculi. We also define a semantic model for DCC and use it to give simple proofs of noninterference results for each case. ... Anindya Banerjee is a member of the Church Project and is supported in part by NSF grant EIA-9806835. ...

doi:10.1145/292540.292555 dblp:conf/popl/AbadiBHR99 fatcat:di3m7hpk5bbe3eovu2n3zozhse

a static view of security levels. ... The static verification of secure information flow has been a popular theme in recent programming language research, but information flow policies considered are based on multilevel security which presents ... This work was partly supported by the Swedish research agencies SSF, VR and Vinnova, and by the Information Society Technologies programme of the European Commission, Future and Emerging Technologies under ...

doi:10.1007/11693024_13 fatcat:gsf2ouwoxvhilnidxiv232b4yu

We would like to thank Jeff Sanders for helping us to get the initial understanding and the anonymous referees for constructive criticism. ... use existing formalizations of non-interference for the π calculus [7] to demonstrate information flow security. ... Some of these covert channels -the ones inherent in the logic of programs -can be identified by a painstaking information flow analysis [4] . ...

doi:10.1109/icimp.2009.15 fatcat:mdpcdvmb4rhfxjkqi3nc3x5ugu

First, in trying to provide a coherent presentation of different ideas and techniques, one inevitably ends up leaving out the approaches that do not fit the intended roadmap. ... As a consequence, we decided to concentrate on few papers that introduce the main ideas, in the hope that discussing them in some detail will provide sufficient insight for further reading. ... In Section 5 we discuss the security π-calculus, a typed version of the asynchronous π-calculus, which applies type based techniques provide security resource access control and information flow security ...

doi:10.1007/978-3-540-24631-2_3 fatcat:cjtedz44njfzvntbdzpyj5hjga

Language-based security Information-flow analysis Dynamic logic Security type system Formal verification a b s t r a c t Type systems and program logics are often thought to be at opposing ends of the ... In this paper we show that a flow-sensitive type system ensuring non-interference in a simple while-language can be expressed through specialised rules of a program logic. ... The comments of the anonymous reviewers helped to improve the paper in several respects. ...

doi:10.1016/j.tcs.2008.04.033 fatcat:byahnpjqynhtfgfctzfzy64m74

Szczepanski

PICNIC is a tool for verifying security properties of systems, namely non-interference properties of processes expressed as terms of the π-calculus with two security levels and declassification primitives ... Notably, PICNIC has been developed in Fresh O'CaML, a dialect of CaML with native support for binders and fresh/local names; thus, this work can be seen also as a non-trivial case study about the applicability ... In order to introduce a mechanism into the π-calculus for the secure downgrading of information, in [1] the syntax of the language has been enriched with a family of declassified actions of the form ...

doi:10.1109/acsd.2008.4574592 dblp:conf/acsd/CrafaMMPR08 fatcat:zfdnngkgpjhunlpnl2eo2oe6aq

We further provide a security type system for the programming model ASPfun of functional active objects. Type safety and a confinement property are presented. ASPfun thus realizes secure down calls. ... In this paper, we provide a formal framework for the security of distributed active objects. Active objects communicate asynchronously implementing method calls via futures. ... This constraint is what we expect for information flow security. If the guard of an if-then-else can only be typed in a H-P C then its branches must also be "lifted" to H. ...

arXiv:1405.0867v1 fatcat:kq2d4cfhzbg4xfu7z7e7atz52m

This article considers correctness in terms of transactional properties for secure nested transactions. Correctness is expressed in terms of a labeled transition system, the TauZero calculus. ... Secure Nested Transactions are an adaptation of traditional nested transactions to support the synergy of language-based security and multi-level database security. ... We assume a security type system to prevent information flow leaks, by classifying data as High or Low. The details of this type system are provided in a technical report [7] . ...

doi:10.1007/978-3-642-30065-3_11 fatcat:5xz25ugazfg7zl445zyeapveiq

We propose a monitored semantics for this calculus, which blocks the execution of processes as soon as they attempt to leak information. ... We illustrate the use of this semantics with various examples, and show that the induced safety property is compositional and that it is strictly included between a typability property and a security property ... Acknowledgments We would like to thank Kohei Honda, Nobuko Yoshida and the anonymous referees for helpful feedback. ...

doi:10.1017/s0960129514000619 fatcat:7qtv7iawc5aq3noiqs2wwye77q

Multiple Versions

The dependency core calculus (DCC), a simple extension of the computational lambda calculus, captures a common notion of dependency that arises in many programming language settings. ... This notion of dependency is closely related to the notion of information flow in security; it is sensitive not only to data dependencies that cause explicit flows, but also to control dependencies that ... Introduction The dependency core calculus (DCC) [2] is a simple extension of the computational lambda calculus [20] , where each level ℓ in a lattice is associated with a type constructor T ℓ that behaves ...

arXiv:1004.1211v1 fatcat:gmwaci65gvgvjnhnwjkejekvjm

Language-based information-flow security

Preserved Fulltext

Note on a simple type system for non-interference [article]

Preserved Fulltext

Information flow vs. resource access in the asynchronous pi-calculus

Preserved Fulltext

A Per Model of Secure Information Flow in Sequential Programs [chapter]

Preserved Fulltext

The SLam calculus

Preserved Fulltext

A core calculus of dependency

Preserved Fulltext

Flow Locks: Towards a Core Calculus for Dynamic Flow Policies [chapter]

Preserved Fulltext

Enhancing Privacy Implementations of Database Enquiries

Preserved Fulltext

A Survey of Name-Passing Calculi and Crypto-Primitives [chapter]

Preserved Fulltext

Integration of a security type system into a program logic

Preserved Fulltext

PicNIc - Pi-calculus non-interference checker

Preserved Fulltext

Confinement for Active Objects [article]

Preserved Fulltext

Transactional Correctness for Secure Nested Transactions [chapter]

Preserved Fulltext

Information flow safety in multiparty sessions

Preserved Fulltext

Other Versions

Liberalizing Dependency [article]

Preserved Fulltext