Skip to main content
SpringerLink
Log in
Book cover

International Conference on Formal Methods for Open Object-Based Distributed Systems

International Conference on Formal Techniques for Distributed Systems

FMOODS 2011, FORTE 2011: Formal Techniques for Distributed Systems pp 153–167Cite as

An Accurate Type System for Information Flow in Presence of Arrays

  • Conference paper

  • 454 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 6722))

Abstract

Secure information flow analysis aims to check that the execution of a program does not reveal information about secret data manipulated by this program. In this paper, we consider programs dealing with arrays; unlike most of existing works, we will not assume that arrays are homogeneous in terms of security levels. Some part of an array can be declared as secret whereas another part is public. Based on a pre-computed approximation of integer variables (serving as indices for arrays), we devise a type system such that typed programs do not leak unauthorized information. Soundness of our type system is proved by a non-interference theorem.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Amtoft, T., Hatcliff, J., Rodríguez, E.: Precise and automated contract-based reasoning for verification and certification of information flow properties of programs with arrays. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 43–63. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  2. Annichini, A., Bouajjani, A., Sighireanu, M.: Trex: A tool for reachability analysis of complex systems. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 368–372. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Bardin, S., Finkel, A., Leroux, J., Petrucci, L.: Fast: Fast acceleration of symbolikc transition systems. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 118–121. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  4. Bonelli, E., Compagnoni, A., Medel, R.: Information flow analysis for a typed assembly language with polymorphic stacks. In: Barthe, G., Grégoire, B., Huisman, M., Lanet, J.-L. (eds.) CASSIS 2005. LNCS, vol. 3956, pp. 37–56. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  5. Deng, Z., Smith, G.: Lenient array operations for practical secure information flow. In: 17th IEEE Computer Security Foundations Workshop (CSFW-17 2004), p. 115. IEEE Computer Society Press, Los Alamitos (2004)

    Chapter  Google Scholar 

  6. Denning, D.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  7. Denning, D., Denning, P.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)

    Article  MATH  Google Scholar 

  8. Genaim, S., Spoto, F.: Information flow analysis for java bytecode. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 346–362. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  9. Halbwachs, N., Péron, M.: Discovering properties about arrays in simple programs. In: Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation, pp. 339–348. ACM Press, New York (2008)

    Chapter  Google Scholar 

  10. Henzinger, T., Hottelier, T., Kovács, L.: Valigator: A verification tool with bound and invariant generation. In: Cervesato, I., Veith, H., Voronkov, A. (eds.) LPAR 2008. LNCS (LNAI), vol. 5330, pp. 333–342. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  11. Hunt, S., Sands, D.: On flow-sensitive security types. In: Proceedings of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages POPL 2006, pp. 79–90. ACM Press, New York (2006)

    Google Scholar 

  12. Myers, A.: Jflow: Practical mostly-static information flow control. In: POPL, pp. 228–241 (1999)

    Google Scholar 

  13. Perrelle, V., Halbwachs, N.: An analysis of permutations in arrays. In: Barthe, G., Hermenegildo, M. (eds.) VMCAI 2010. LNCS, vol. 5944, pp. 279–294. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  14. Pottier, F., Simonet, V.: Information flow inference for ml. ACM Trans. Program. Lang. Syst. 25(1), 117–158 (2003)

    Article  MATH  Google Scholar 

  15. Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21 (2003)

    Article  Google Scholar 

  16. Volpano, D., Irvine, C., Smith, G.: A sound type system for secure flow analysis. Journal of Computer Security 4(2/3), 167–188 (1996)

    Article  Google Scholar 

  17. Yao, J., Li, J.: Discretional array operations for secure information flow. Journal of Information and Computing Science 1(2), 67–77 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratoire d’Informatique Fondamentale de Marseille (LIF), UMR6166 CNRS - Université de la Méditerranée - Université de Provence, France

    Séverine Fratani & Jean-Marc Talbot

Authors
  1. Séverine Fratani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean-Marc Talbot
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università di Pisa, Largo Bruno Pontecorvo 3, 56127, Pisa, Italy

    Roberto Bruni

  2. School of Computing, Queen’s University, 723 Goodwin Hall, K7L 3N6, Kingston, ON, Canada

    Juergen Dingel

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fratani, S., Talbot, JM. (2011). An Accurate Type System for Information Flow in Presence of Arrays. In: Bruni, R., Dingel, J. (eds) Formal Techniques for Distributed Systems. FMOODS FORTE 2011 2011. Lecture Notes in Computer Science, vol 6722. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21461-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21461-5_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21460-8

  • Online ISBN: 978-3-642-21461-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation