Liquid information flow control
作者: Nadia Polikarpova , Deian Stefan , Jean Yang , Shachar Itzhaky , Travis Hance
DOI: 10.1145/3408987
关键词:
摘要: We present Lifty, a domain-specific language for data-centric applications that manipulate sensitive data. A Lifty programmer annotates the sources of data with declarative security policies, and statically automatically verifies application handles according to policies. Moreover, if verification fails, suggests provably correct repair, thereby easing burden implementing policy enforcing code throughout application. The main insight behind is encode information flow control using liquid types, an expressive yet decidable type system. Liquid types enable fully automatic checking complex, dependent power our repair mechanism via type-driven error localization patch synthesis. Our experience implement three case studies from literature shows (1) sufficiently specify many real-world (2) checker able verify secure programs find leaks in insecure quickly, (3) even leaves out all code, engine within reasonable time.
acm.org
sci-hub.st 参考文章(57)
Nikhil Swamy, Juan Chen, Ravi Chugh, Enforcing stateful authorization and information flow policies in fine european symposium on programming. pp. 529- 549 ,(2010) , 10.1007/978-3-642-11957-6_28
Etienne Kneuss, Manos Koukoutos, Viktor Kuncak, None, Deductive Program Repair computer aided verification. ,vol. 9207, pp. 217- 233 ,(2015) , 10.1007/978-3-319-21668-3_13
Isil Dillig, Thomas Dillig, Explain: A Tool for Performing Abductive Inference Computer Aided Verification. pp. 684- 689 ,(2013) , 10.1007/978-3-642-39799-8_46
Matthew Fredrikson, Richard Joiner, Somesh Jha, Thomas Reps, Phillip Porras, Hassen Saïdi, Vinod Yegneswaran, Efficient Runtime Policy Enforcement Using Counterexample-Guided Abstraction Refinement Computer Aided Verification. pp. 548- 563 ,(2012) , 10.1007/978-3-642-31424-7_39
Deian Stefan, Alejandro Russo, David Mazières, John C. Mitchell, Disjunction category labels nordic conference on secure it systems. pp. 223- 239 ,(2011) , 10.1007/978-3-642-29615-4_16
Nadia Polikarpova, Ivan Kuraj, Armando Solar-Lezama, Program synthesis from polymorphic refinement types programming language design and implementation. ,vol. 51, pp. 522- 538 ,(2016) , 10.1145/2908080.2908093
Jean Yang, Kuat Yessenov, Armando Solar-Lezama, A language for automatically enforcing privacy policies symposium on principles of programming languages. ,vol. 47, pp. 85- 96 ,(2012) , 10.1145/2103621.2103669
Limin Jia, Steve Zdancewic, Encoding information flow in Aura Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security - PLAS '09. pp. 17- 29 ,(2009) , 10.1145/1554339.1554344
Jed Liu, Michael D. George, K. Vikram, Xin Qi, Lucas Waye, Andrew C. Myers, Fabric: a platform for secure distributed computation and storage symposium on operating systems principles. pp. 321- 334 ,(2009) , 10.1145/1629575.1629606
KARL CRARY, ALEKSEY KLIGER, FRANK PFENNING, A monadic analysis of information flow security with mutable state Journal of Functional Programming. ,vol. 15, pp. 249- 291 ,(2005) , 10.1017/S0956796804005441