A progress-sensitive flow-sensitive inlined information-flow control monitor (extended version)
MetadataShow full item record
CitationBedford, Andrew, Stephen Chong, Josée Desharnais, Elisavet Kozyri, and Nadia Tawbi. 2017. “A Progress-Sensitive Flow-Sensitive Inlined Information-Flow Control Monitor (extended Version).” Computers & Security 71 (November): 114–131. doi:10.1016/j.cose.2017.04.001.
AbstractWe present a novel progress-sensitive, flow-sensitive hybrid information-flow control monitor for an imperative interactive language. Progress-sensitive information-flow control is a strong information security guarantee which ensures that a program's progress (or lack of) does not leak information. Flow-sensitivity means that this strong security guarantee is enforced fairly precisely: our monitor tracks information flow per variable and per program point. We illustrate our approach on an imperative interactive language. Our hybrid monitor is inlined: source programs are translated, by a type-based analysis, into a target language that supports dynamic security levels. A key benefit of this is that the resulting monitored program is amenable to standard optimization techniques such as partial evaluation. One of the distinguishing features of our hybrid monitor is that it uses sets of levels to track the different possible security types of variables. This feature allows us to distinguish outputs that never leak information from those that may leak information.
Citable link to this pagehttp://nrs.harvard.edu/urn-3:HUL.InstRepos:34390139
- FAS Scholarly Articles