article

Secure Information Flow via Linear Continuations

Authors:

Steve Zdancewic,

Andrew C. MyersAuthors Info & Claims

Higher-Order and Symbolic Computation, Volume 15, Issue 2-3

Pages 209 - 234

https://doi.org/10.1023/A:1020843229247

Published: 01 September 2002 Publication History

Abstract

Security-typed languages enforce secrecy or integrity policies by type-checking. This paper investigates continuation-passing style (CPS) as a means of proving that such languages enforce noninterference and as a first step towards understanding their compilation. We present a low-level, secure calculus with higher-order, imperative features and linear continuations.

Linear continuations impose a stack discipline on the control flow of programs. This additional structure in the type system lets us establish a strong information-flow security property called noninterference. We prove that our CPS target language enjoys the noninterference property and we show how to translate secure high-level programs to this low-level language. This noninterference proof is the first of its kind for a language with higher-order functions and state.

References

[1]

1. Abadi, M., Banerjee, A., Heintze, N., and Riecke, J. A core calculus of dependency. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), San Antonio, TX, 1999, pp. 147-160.

Digital Library

[2]

2. Abramsky, S. Computational interpretations of linear logic. Theoretical Computer Science, 111 (1993) 3-57.

Digital Library

[3]

3. Agat, J. Transforming out timing leaks. In Proc. 27th ACM Symp. on Principles of Programming Languages (POPL), Boston, MA, 2000, pp. 40-53.

Digital Library

[4]

4. Appel, A. Compiling with Continuations. Cambridge University Press, 1992.

Digital Library

[5]

5. Berdine, J., O'Hearn, P.W., Reddy, U.S., and Thielecke, H. Linearly used continuations. In Proceedings of the Continuations Workshop, 2001.

[6]

6. Bierman, G. A classical linear lambda calculus. Theoretical Computer Science, 227(1/2) (1999) 43-78.

Digital Library

[7]

7. Consel, C. and Danvy, O. For a better support of static data flow. In Proceedings of the Fifth ACM Conference on Functional Programming and Computer Architecture, J. Hughes (Ed.), Cambridge, MA, 1991, pp. 496-519.

Digital Library

[8]

8. Crary, K., Walker, D., and Morrisett, G. Typed memory management in a calculus of capabilities. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), 1999, pp. 262-275.

Digital Library

[9]

9. Damian, D. and Danvy, O. Syntactic accidents in program analysis: On the impact of the CPS transformation. In Proc. 5th ACM SIGPLAN International Conference on Functional Programming (ICFP), 2000, pp. 209-220.

Digital Library

[10]

10. Damian, D. and Danvy, O. Syntactic accidents in program analysis: On the impact of the CPS transformation. Journal of Functional Programming, to appear. Extended version available as the technical report BRICSRS-01-54.

Digital Library

[11]

11. Danvy, O. Semantics-directed compilation of non-linear patterns. Information Processing Letters, 37(6) (1991) 315-322.

Digital Library

[12]

12. Danvy, O. Formalizing implementation strategies for first-class continuations. In Proc. 9th European Symposium on Programming, Lecture Notes in Computer Science, Vol. 1792, 2000, pp. 88-103.

[13]

13. Danvy, O., Dzafic, B., and Pfenning, F. On proving syntactic properties of CPS programs. In Proceedings of the Third International Workshop on Higher Order Operational Techniques in Semantics, A. Gordon and A. Pitts (Eds.). Electronic Notes in Theoretical Computer Science, Vol. 20, 1999, pp. 19-31.

[14]

14. Danvy, O. and Filinski, A. Representing control: A study of the CPS transformation. Mathematical Structures in Computer Science, 2 (1992) 361-391.

[15]

15. Denning, D.E. A lattice model of secure information flow. Comm. of the ACM, 19(5) (1976) 236-243.

Digital Library

[16]

16. Denning, D.E. and Denning, P.J. Certification of programs for secure information flow. Comm. of the ACM, 20(7) (1977) 504-513.

Digital Library

[17]

17. Filinski, A. Linear continuations. In Proc. 19th ACM Symp. on Principles of Programming Languages (POPL), 1992, pp. 27-38.

Digital Library

[18]

18. Flanagan, C., Sabry, A., Duba, B.F., and Felleisen, M. The essence of compiling with continuations. In Proc. of the '93 SIGPLAN Conference on Programming Language Design, 1993, pp. 237-247.

Digital Library

[19]

19. Girard, J.-Y. Linear logic. Theoretical Computer Science, 50 (1987) 1-102.

Digital Library

[20]

20. Goguen, J.A. and Meseguer, J. Security policies and security models. In Proc. IEEE Symposium on Security and Privacy, 1982, pp. 11-20.

[21]

21. Harper, B. and Lillibridge, M. Polymorphic type assignment and CPS conversion. LISP and Symbolic Computation, 6(3/4) (1993) 361-380.

Digital Library

[22]

22. Heintze, N. and Riecke, J.G. The SLam calculus: Programming with secrecy and integrity. In Proc. 25th ACM Symp. on Principles of Programming Languages (POPL), San Diego, California, 1998, pp. 365-377.

Digital Library

[23]

23. Honda, K., Vasconcelos, V., and Yoshida, N. Secure information flow as typed process behaviour. In Proc. 9th European Symposium on Programming, Lecture Notes in Computer Science, Vol. 1782, 2000, pp. 180-199.

[24]

24. Honda, K. and Yoshida, N. A uniform type structure for secure information flow. In Proc. 29th ACM Symp. on Principles of Programming Languages (POPL), 2002, pp. 81-92.

Digital Library

[25]

25. Jones, N.D., Gomard, C.K., and Sestoft, P. Partial Evaluation and Automatic Program Generation. Prentice-Hall International, London, UK, 1993. Available online at http://www.dina.kvl.dk/ses-toft/pebook/.

Digital Library

[26]

26. Morrisett, G., Walker, D., Crary, K., and Glew, N. From system F to typed assembly language. ACM Transactions on Programming Languages and Systems, 21(3) (1999) 528-569.

Digital Library

[27]

27. Muchnick, S.S. Advanced Compiler Design and Implementation. Morgan Kaufmann Publishers, San Mateo, CA, 1997.

Digital Library

[28]

28. Muylaert-Filho, J.A. and Burn, G.L. Continuation passing transformation and abstract interpretation. In Theory and Formal Methods 1993: Proceedings of the First Imperial College Department of Computing Workshop on Theory and Formal Methods, G.L. Burn, S.J. Gay, and M.D. Ryan (Eds.), Isle of Thorns, Sussex, 1993, pp. 247-259.

[29]

29. Myers, A.C. JFlow: Practical mostly-static information flow control. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), San Antonio, TX, 1999, pp. 228-241.

Digital Library

[30]

30. Myers, A.C. and Liskov, B. A decentralized model for information flow control. In Proc. 17th ACM Symp. on Operating System Principles (SOSP), Saint-Malo, France, 1997, pp. 129-142.

Digital Library

[31]

31. Necula, G.C. Proof-carrying code. In Proc. 24th ACM Symp. on Principles of Programming Languages (POPL), 1997, pp. 106-119.

Digital Library

[32]

32. Palsberg, J. and Wand, M. CPS transformation of flow information. Journal of Functional Programming, to appear.

Digital Library

[33]

33. Plotkin, G.D. Call-by-name, call-by-value and the ¿-calculus. Theoretical Computer Science, 1 (1975) 125- 159.

[34]

34. Polakow, J. and Pfenning, F. Properties of terms in continuation-passing style in an ordered logical framework. In 2nd Workshop on Logical Frameworks and Meta-languages, J. Despeyroux (Ed.), Santa Barbara, California, 2000.

[35]

35. Pottier, F. and Conchon, S. Information flow inference for free. In Proc. 5th ACM SIGPLAN International Conference on Functional Programming (ICFP), 2000, pp. 46-57.

Digital Library

[36]

36. Sabelfeld, A. and Sands, D. Probabilistic noninterference for multi-threaded programs. In Proc. 13th IEEE Computer Security Foundations Workshop, 2000, pp. 200-214.

Digital Library

[37]

37. Sabelfeld, A. and Sands, D. A PER model of secure information flow in sequential programs. Higher-Order and Symbolic Computation, 14(1) (2001) 59-91.

Digital Library

[38]

38. Sabry, A. and Felleisen, M. Reasoning about programs in continuation-passing style. Lisp and Symbolic Computation, 6(3/4) (1993) 289-360.

Digital Library

[39]

39. Sabry, A. and Felleisen, M. Is continuation-passing useful for data flow analysis? In Proc. SIGPLAN '94 Conference on Programming Language Design and Implementation, 1994, pp. 1-12.

Digital Library

[40]

40. Smith, G. and Volpano, D. Secure information flow in a multi-threaded imperative language. In Proc. 25th ACM Symp. on Principles of Programming Languages (POPL), San Diego, California, 1998, pp. 355-364.

Digital Library

[41]

41. Turner, D.N. and Wadler, P. Operational interpretations of linear logic. Theoretical Computer Science, 227 (1/2) (1999) 231-248.

Digital Library

[42]

42. Volpano, D., Smith, G., and Irvine, C. A sound type system for secure flow analysis. Journal of Computer Security, 4(3) (1996) 167-187.

Digital Library

[43]

43. Wadler, P. Linear types can change the world!. In Programming Concepts and Methods, M. Broy and C. Jones (Eds.). 1990.

[44]

44. Wadler, P. A taste of linear logic. In Mathematical Foundations of Computer Science, Lecture Notes in Computer Science, Vol. 711. Springer-Verlag, Berlin, 1993, pp. 185-210.

Digital Library

[45]

45. Wright, A.K. and Felleisen, M. A syntactic approach to type soundness. Information and Computation, 115(1) (1994) 38-94.

Digital Library

[46]

46. Zdancewic, S. and Myers, A.C. Secure information flow and CPS. In Proc. 10th European Symposium on Programming, Lecture Notes in Computer Science, Vol. 2028, 2001, pp. 46-61.

Cited By

Hirsch ACecchetti E(2021)Giving semantics to program-counter labels via secure effectsProceedings of the ACM on Programming Languages10.1145/34343165:POPL(1-29)Online publication date: 4-Jan-2021
https://dl.acm.org/doi/10.1145/3434316
Bedford ADesharnais JGodonou TTawbi N(2013)Enforcing Information Flow by Combining Static and Dynamic AnalysisFoundations and Practice of Security10.1007/978-3-319-05302-8_6(83-101)Online publication date: 21-Oct-2013
https://dl.acm.org/doi/10.1007/978-3-319-05302-8_6
Li XTiwari MOberg JKashyap VChong FSherwood THardekopf BHall MPadua D(2011)CaissonProceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/1993498.1993512(109-120)Online publication date: 4-Jun-2011
https://dl.acm.org/doi/10.1145/1993498.1993512
Show More Cited By

Index Terms

Secure Information Flow via Linear Continuations
1. Theory of computation
  1. Semantics and reasoning
    1. Program constructs
      1. Type structures
    2. Program semantics

Recommendations

Compiling with continuations, continued
Proceedings of the ICFP '07 conference

We present a series of CPS-based intermediate languages suitable for functional language compilation, arguing that they have practical benefits over direct-style languages based on A-normal form (ANF) or monads. Inlining of functions demonstrates the ...
Compiling with continuations, continued
ICFP '07: Proceedings of the 12th ACM SIGPLAN international conference on Functional programming

We present a series of CPS-based intermediate languages suitable for functional language compilation, arguing that they have practical benefits over direct-style languages based on A-normal form (ANF) or monads. Inlining of functions demonstrates the ...
Trusted declassification:: high-level policy for a security-typed language
PLAS '06: Proceedings of the 2006 workshop on Programming languages and analysis for security

Security-typed languages promise to be a powerful tool with which provably secure software applications may be developed. Programs written in these languages enforce a strong, global policy of noninterferencewhich ensures that high-security data will ...

Comments

Information & Contributors

Information

Published In

cover image Higher-Order and Symbolic Computation

Higher-Order and Symbolic Computation Volume 15, Issue 2-3

September 2002

126 pages

ISSN:1388-3690

Issue’s Table of Contents

Copyright © Copyright © 2002 Kluwer Academic Publishers.

Publisher

Kluwer Academic Publishers

United States

Publication History

Published: 01 September 2002

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

26
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hirsch ACecchetti E(2021)Giving semantics to program-counter labels via secure effectsProceedings of the ACM on Programming Languages10.1145/34343165:POPL(1-29)Online publication date: 4-Jan-2021
https://dl.acm.org/doi/10.1145/3434316
Bedford ADesharnais JGodonou TTawbi N(2013)Enforcing Information Flow by Combining Static and Dynamic AnalysisFoundations and Practice of Security10.1007/978-3-319-05302-8_6(83-101)Online publication date: 21-Oct-2013
https://dl.acm.org/doi/10.1007/978-3-319-05302-8_6
Li XTiwari MOberg JKashyap VChong FSherwood THardekopf BHall MPadua D(2011)CaissonProceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/1993498.1993512(109-120)Online publication date: 4-Jun-2011
https://dl.acm.org/doi/10.1145/1993498.1993512
Li XTiwari MOberg JKashyap VChong FSherwood THardekopf B(2011)CaissonACM SIGPLAN Notices10.1145/1993316.199351246:6(109-120)Online publication date: 4-Jun-2011
https://dl.acm.org/doi/10.1145/1993316.1993512
Azadmanesh MSharifi MMakarevich OElçi AOrgun MHuss SBabenko LChefranov AVaradharajan V(2010)Towards a system-wide and transparent security mechanism using language-level information flow controlProceedings of the 3rd international conference on Security of information and networks10.1145/1854099.1854107(19-26)Online publication date: 7-Sep-2010
https://dl.acm.org/doi/10.1145/1854099.1854107
Almeida Matos ABoudol G(2009)On declassification and the non-disclosure policyJournal of Computer Security10.5555/1662658.166266217:5(549-597)Online publication date: 1-Oct-2009
https://dl.acm.org/doi/10.5555/1662658.1662662
Chaudhuri ANaldurg PRajamani S(2009)A type system for data-flow integrity on Windows VistaACM SIGPLAN Notices10.1145/1513443.151344743:12(9-20)Online publication date: 28-Feb-2009
https://dl.acm.org/doi/10.1145/1513443.1513447
Boudol G(2009)Secure Information Flow as a Safety PropertyFormal Aspects in Security and Trust10.1007/978-3-642-01465-9_2(20-34)Online publication date: 5-Apr-2009
https://dl.acm.org/doi/10.1007/978-3-642-01465-9_2
Zheng LMyers AErlingsson ÚPistoia M(2008)Securing nonintrusive web encryption through information flowProceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security10.1145/1375696.1375712(125-134)Online publication date: 7-Jun-2008
https://dl.acm.org/doi/10.1145/1375696.1375712
Chaudhuri ANaldurg PRajamani SErlingsson ÚPistoia M(2008)A type system for data-flow integrity on windows vistaProceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security10.1145/1375696.1375708(89-100)Online publication date: 7-Jun-2008
https://dl.acm.org/doi/10.1145/1375696.1375708
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents