MAC, A Verified Static Information-Flow Control Library
作者: Marco Vassena , Alejandro Russo , Pablo Buiras , Lucas Waye
DOI: 10.1016/J.JLAMP.2017.12.003
关键词:
摘要: The programming language Haskell plays a unique, privileged role in information-flow control (IFC) research: it is able to enforce information security via libraries. Many state-of-the-art IFC libraries (e.g., LIO and HLIO) support variety of advanced features like mutable data structures, exceptions, concurrency, whose subtle interaction makes verification guarantees challenging. In this work, we focus on MAC, statically-enforced library for Haskell. other libraries, computations have well-established algebraic structure (i.e., monads) responsible manipulate labeled values coming from an abstract type which associates sensitivity label piece information. enrich with functor provide applicative operator encourages more functional style simplifies code. Furthermore, present full-fledged, mechanically-verified model MAC. Specifically, show progress-insensitive noninterference our sequential calculus pinpoint sufficient requirements the scheduler prove progress-sensitive concurrent calculus. For that, study MAC using term erasure, proof technique that ensures same public output should be produced if secrets are erased before or after program execution. As another contribution, extend erasure two-steps flexible novel greatly helps many
chalmers.se
sci-hub.se 参考文章(74)
Simon Meurer, Roland Wismüller, APEFS: An Infrastructure for Permission-Based Filtering of Android Apps Security and Privacy in Mobile Information and Communication Systems. pp. 1- 11 ,(2012) , 10.1007/978-3-642-33392-7_1
Deian Stefan, Pablo Buiras, Edward Z. Yang, Amit Levy, David Terei, Alejandro Russo, David Mazières, Eliminating Cache-Based Timing Attacks with Instruction-Based Scheduling european symposium on research in computer security. ,vol. 8134, pp. 718- 735 ,(2013) , 10.1007/978-3-642-40203-6_40
Abhishek Bichhawat, Vineet Rajani, Deepak Garg, Christian Hammer, Information Flow Control in WebKit’s JavaScript Bytecode principles of security and trust. pp. 159- 178 ,(2014) , 10.1007/978-3-642-54792-8_9
Sven Bugiel, Ahmad-Reza Sadeghi, Stephan Heuser, Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies usenix security symposium. pp. 131- 146 ,(2013)
Limin Jia, Jassim Aljuraidan, Elli Fragkaki, Lujo Bauer, Michael Stroucken, Kazuhide Fukushima, Shinsaku Kiyomoto, Yutaka Miyake, Run-Time Enforcement of Information-Flow Properties on Android european symposium on research in computer security. pp. 775- 792 ,(2013) , 10.1007/978-3-642-40203-6_43
Alejandro Russo, Andrei Sabelfeld, Security for Multithreaded Programs Under Cooperative Scheduling Perspectives of Systems Informatics. pp. 474- 480 ,(2006) , 10.1007/978-3-540-70881-0_43
Heiko Mantel, Henning Sudbrock, Flexible scheduler-independent security european symposium on research in computer security. pp. 116- 133 ,(2010) , 10.1007/978-3-642-15497-3_8
Stefan Heule, Deian Stefan, Edward Z. Yang, John C. Mitchell, Alejandro Russo, IFC Inside: Retrofitting Languages with Dynamic Information Flow Control principles of security and trust. pp. 11- 31 ,(2015) , 10.1007/978-3-662-46666-7_2
Naokata Shikuma, Atsushi Igarashi, Proving noninterference by a fully complete translation to the simply typed λ-calculus ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues. pp. 301- 315 ,(2006) , 10.1007/978-3-540-77505-8_24
Pablo Buiras, Alejandro Russo, Lazy Programs Leak Secrets Secure IT Systems. ,vol. 8208, pp. 116- 122 ,(2013) , 10.1007/978-3-642-41488-6_8