Skip to Main content Skip to Navigation
Conference papers

Information Flow Tracking for Side-Effectful Libraries

Abstract : Dynamic information flow control is a promising technique for ensuring confidentiality and integrity of applications that manipulate sensitive information. While much progress has been made on increasingly powerful programming languages ranging from low-level machine languages to high-level languages for distributed systems, surprisingly little attention has been devoted to libraries and APIs. The state of the art is largely an all-or-nothing choice: either a shallow or deep library modeling approach. Seeking to break out of this restrictive choice, we formalize a general mechanism that tracks information flow for a language that includes higher-order functions, structured data types and references. A key feature of our approach is the model heap, a part of the memory, where security information is kept to enable the interaction between the labeled program and the unlabeled library. We provide a proof-of-concept implementation and report on experiments with a file system library. The system has been proved correct using Coq.
Complete list of metadata

Cited literature [28 references]  Display  Hide  Download

https://hal.inria.fr/hal-01824816
Contributor : Hal Ifip <>
Submitted on : Wednesday, June 27, 2018 - 3:55:29 PM
Last modification on : Thursday, June 18, 2020 - 10:18:03 AM
Long-term archiving on: : Thursday, September 27, 2018 - 2:24:31 AM

File

469043_1_En_8_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Alexander Sjösten, Daniel Hedin, Andrei Sabelfeld. Information Flow Tracking for Side-Effectful Libraries. 38th International Conference on Formal Techniques for Distributed Objects, Components, and Systems (FORTE), Jun 2018, Madrid, Spain. pp.141-160, ⟨10.1007/978-3-319-92612-4_8⟩. ⟨hal-01824816⟩

Share

Metrics

Record views

495

Files downloads

12