Type-Driven Repair for Information Flow Security
作者: Nadia Polikarpova , Shachar Itzhaky , Jean Yang , Armando Solar-Lezama
DOI:
关键词:
摘要: We present Lifty, a language that uses type-driven program repair to enforce information flow policies. In the programmer specifies policy by annotating source of sensitive data with refinement type, and system automatically inserts access checks necessary this across code. This is significant improvement over current practice, where programmers manually implement checks, any missing check can cause an leak. To support programming model, we have developed (1) encoding security in terms decidable types enables fully automatic verification (2) algorithm localizes unsafe accesses replaces them provably secure alternatives. formalize prove its noninterference guarantee. Our experience using Lifty conference management shows it decreases burden able efficiently synthesize all including those required prevent set reported real-world leaks.
arxiv.org参考文章(31)
Etienne Kneuss, Manos Koukoutos, Viktor Kuncak, None, Deductive Program Repair computer aided verification. ,vol. 9207, pp. 217- 233 ,(2015) , 10.1007/978-3-319-21668-3_13
Yalin Ke, Kathryn T. Stolee, Claire Le Goues, Yuriy Brun, Repairing Programs with Semantic Code Search (T) automated software engineering. pp. 295- 306 ,(2015) , 10.1109/ASE.2015.60
Cormac Flanagan, K. Rustan M. Leino, Houdini, an Annotation Assistant for ESC/Java formal methods. pp. 500- 517 ,(2001) , 10.1007/3-540-45251-6_29
Niklas Broberg, David Sands, Flow locks: towards a core calculus for dynamic flow policies european symposium on programming. ,vol. 3924, pp. 180- 196 ,(2006) , 10.1007/11693024_13
Matthew Fredrikson, Richard Joiner, Somesh Jha, Thomas Reps, Phillip Porras, Hassen Saïdi, Vinod Yegneswaran, Efficient Runtime Policy Enforcement Using Counterexample-Guided Abstraction Refinement Computer Aided Verification. pp. 548- 563 ,(2012) , 10.1007/978-3-642-31424-7_39
Aws Albarghouthi, Sumit Gulwani, Zachary Kincaid, Recursive Program Synthesis Computer Aided Verification. pp. 934- 950 ,(2013) , 10.1007/978-3-642-39799-8_67
Jean Yang, Kuat Yessenov, Armando Solar-Lezama, A language for automatically enforcing privacy policies symposium on principles of programming languages. ,vol. 47, pp. 85- 96 ,(2012) , 10.1145/2103621.2103669
Stelios Sidiroglou-Douskos, Eric Lahtinen, Fan Long, Martin Rinard, Automatic error elimination by horizontal code transfer across multiple applications programming language design and implementation. ,vol. 50, pp. 43- 54 ,(2015) , 10.1145/2737924.2737988
Jed Liu, Michael D. George, K. Vikram, Xin Qi, Lucas Waye, Andrew C. Myers, Fabric: a platform for secure distributed computation and storage symposium on operating systems principles. pp. 321- 334 ,(2009) , 10.1145/1629575.1629606
Zohar Manna, Richard Waldinger, A Deductive Approach to Program Synthesis ACM Transactions on Programming Languages and Systems. ,vol. 2, pp. 90- 121 ,(1980) , 10.1145/357084.357090