Simple noninterference from parametricity

Algehed, Maximilian; Bernardy, Jean-Philippe

doi:10.1145/3341693

Cited by 14 publications

(12 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on previous work of Tse and Zdancewic [2004], Bowman and Ahmed [2015] provide a translation from the recursion-free fragment of DCC to , translating noninterference into parametricity. Algehed and Bernardy [2019] leverage parametricity of the Calculus of Constructions to prove noninterference for a polyvariant variation of DCC and Algehed et al [2020] show noninterference of a dynamic information-flow control library using a parametricity theorem. All these works model information-flow properties using parametricity whereas we add impredicative type polymorphism to a security-typed language.…”

Section: Related Workmentioning

confidence: 99%

Mechanized logical relations for termination-insensitive noninterference

Gregersen

Bay

Timany

et al. 2021

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

We present an expressive information-flow control type system with recursive types, existential types, label polymorphism, and impredicative type polymorphism for a higher-order programming language with higher-order state. We give a novel semantic model of this type system and show that well-typed programs satisfy termination-insensitive noninterference. Our semantic approach supports compositional integration of syntactically well-typed and syntactically ill-typed---but semantically sound---components, which we demonstrate through several interesting examples. We define our model using logical relations on top of the Iris program logic framework; to capture termination-insensitivity, we develop a novel language-agnostic theory of Modal Weakest Preconditions. We formalize all of our theory and examples in the Coq proof assistant.

show abstract

Section: Related Workmentioning

confidence: 99%

Mechanized logical relations for termination-insensitive noninterference

Gregersen

Bay

Timany

et al. 2021

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…Supporting security features via generic abstraction features of type systems have been proposed before, but so far this has been done via quantification over types [Bowman and Ahmed 2015; Tse and Zdancewic 2004]. It has additionally been shown that non-interference is a consequence of the generic parametricity of type-theory [Algehed and Bernardy 2019].…”

Section: Informational Applicationsmentioning

confidence: 99%

A unified view of modalities in type systems

Abel

Bernardy

2020

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

We propose to unify the treatment of a broad range of modalities in typed lambda calculi. We do so by defining a generic structure of modalities, and show that this structure arises naturally from the structure of intuitionistic logic, and as such finds instances in a wide range of type systems previously described in literature. Despite this generality, this structure has a rich metatheory, which we expose.

show abstract

“…Formally, the protection relation defines the label of data, leading to the following theorem. Bowman and Ahmed [2015] proved the version we use here and Algehed and Bernardy [2019] provided a machine-checked proof in Agda.…”

Section: An Information-flow-control Type System For a Pure Languagementioning

confidence: 99%

“…Theorem 1 (Noninterference for DCC [Algehed and Bernardy 2019;Bowman and Ahmed 2015]). For expressions 𝑒 1 and 𝑒 2 and ℓ ∈ L, if Γ ⊢ 𝑒 1 : 𝜏, Γ ⊢ 𝑒 2 : 𝜏, and ℓ ⊳ 𝜏, then for all labels ℓ Atk ∈ L, either ℓ ⊑ ℓ Atk or 𝑒 1 ≈ ℓ Atk 𝑒 2 .…”

Section: An Information-flow-control Type System For a Pure Languagementioning

confidence: 99%

“…While DCC with the call-by-value semantics we are using enforces termination-insensitive noninterference [Abadi et al 1999;Algehed and Bernardy 2019;Bowman and Ahmed 2015;Heintze and Riecke 1998], termination channels can leak arbitrary amounts of data [Askarov et al 2008]. We would therefore like to remove the strong assumption that attackers cannot use those channels.…”

Section: Example: Termination-sensitive Noninterferencementioning

confidence: 99%

See 1 more Smart Citation

Giving Semantics to Program-Counter Labels via Secure Effects

Hirsch,

Cecchetti

2020

Preprint

View full text Add to dashboard Cite

Type systems designed for information-flow control commonly use a program-counter label to track the sensitivity of the context and rule out data leakage arising from effectful computation in a sensitive context. Currently, type-system designers reason about this label informally except in security proofs, where they use ad-hoc techniques. We develop a framework based on monadic semantics for effects to give semantics to program-counter labels. This framework leads to three results about program-counter labels. First, we develop a new proof technique for noninterference, the core security theorem for information-flow control in effectful languages. Second, we unify notions of security for different types of effects, including state, exceptions, and nontermination. Finally, we formalize the folklore that program-counter labels are a lower bound on effects. We show that, while not universally true, this folklore has a good semantic foundation.

show abstract

Simple noninterference from parametricity

Cited by 14 publications

References 21 publications

Mechanized logical relations for termination-insensitive noninterference

Mechanized logical relations for termination-insensitive noninterference

A unified view of modalities in type systems

Giving Semantics to Program-Counter Labels via Secure Effects

Contact Info

Product

Resources

About