Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Information Flow Analysis for a Typed Assembly Language with Polymorphic Stacks

  • Conference paper
Construction and Analysis of Safe, Secure, and Interoperable Smart Devices (CASSIS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3956))

Abstract

We study secure information flow in a stack based Typed Assembly Language (TAL). We define a TAL with an execution stack and establish the soundness of its type system by proving non-interference. One of the problems of studying information flow for a low-level language is the absence of high-level control flow constructs that guide information flow analysis in high-level languages. Furthermore, in the presence of an execution stack, code that frees space on the stack must be constrained in order to avoid illegal flows. Finally, in the presence of stack polymorphism, we must ensure that type variables are instantiated without observable differences. These issues are addressed by introducing junction points into the type system, ensuring that they behave as ordered linear continuations, and that they interact safely with the execution stack. We also discuss several limitations of our approach and point out some remaining open issues.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Aspinall, D., Compagnoni, A.B.: Heap bounded assembly language. Journal of Automated Reasoning, Special Issue on Proof-Carrying Code 31(3-4), 261–302 (2003)

    Article  MATH  Google Scholar 

  2. Banerjee, A., Naumann, D.: Secure information flow and pointer confinement in a Java-like language. In: Proceedings of Fifteenth IEEE Computer Security Foundations - CSFW, June 2002, pp. 253–267 (2002)

    Google Scholar 

  3. Barthe, G., Basu, A., Rezk, T.: Security types preserving compilation. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 2–15. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Bell, D., LaPadula, L.: Secure computer systems: Mathematical foundations and model. Technical Report MTR 2547 v2, MITRE (November 1973)

    Google Scholar 

  5. Biba, K.: Integrity considerations for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, MA (April 1977)

    Google Scholar 

  6. Bonelli, E., Compagnoni, A., Medel, R.: Information flow analysis for a typed assembly language with polymorphic stacks (2005), http://www.cs.stevens.edu/~rmedel/siftalTechReport.ps

  7. Bonelli, E., Compagnoni, A., Medel, R.: SIFTAL: A typed assembly language for secure information flow analysis (2005), http://www.cs.stevens.edu/~rmedel/techReport.ps

  8. Chothia, T., Duggan, D., Vitek, J.: Type-based distributed access control. In: Proc. of IEEE Computer Security Foundations Workshop, Asilomar, California (2003)

    Google Scholar 

  9. Crary, K., Kliger, A., Pfenning, F.: A monadic analysis of information flow security with mutable state. Technical Report CMU-CS-03-164, Carnegie Mellon University (September 2003)

    Google Scholar 

  10. Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–242 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  11. Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Communications of the ACM 20(7), 504–513 (1977)

    Article  MATH  Google Scholar 

  12. Feiertag, R.J., Levitt, K.N., Robinson, L.: Proving multilevel security of a system design. In: 6th ACM Symp. Operating System Principles, November 1977, pp. 57–65 (1977)

    Google Scholar 

  13. Goguen, J.A., Meseguer, J.: Security policy and security models. In: Proceedings of the Symposium on Security and Privacy, pp. 11–20. IEEE Press, Los Alamitos (1982)

    Google Scholar 

  14. Hedin, D., Sands, D.: Timing aware information flow security for a JavaCard-like bytecode. In: Proceedings of the First Workshop on Bytecode Semantics, Verification, Analysis and Transformation (Bytecode 2005), December 2005. Electronic Notes in Theoretical Computer Science, vol. 141(1), pp. 163–182 (2005)

    Google Scholar 

  15. Medel, R., Compagnoni, A., Bonelli, E.: A typed assembly language for non-interference. In: Coppo, M., Lodi, E., Pinna, G.M. (eds.) ICTCS 2005. LNCS, vol. 3701, pp. 360–374. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  16. Morrisett, G., Crary, K., Glew, N., Walker, D.: Stack-based typed assembly language. In: Leroy, X., Ohori, A. (eds.) TIC 1998. LNCS, vol. 1473, pp. 28–52. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  17. Morrisett, G., Walker, D., Crary, K., Glew, N.: From System F to Typed Assembly Language. ACM Transactions on Programming Languages and Systems 21(3), 528–569 (1999); This is the expanded version of a paper that appeared in Twenty-Fifth ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Diego, CA, USA, pp. 85–97 (January 1998)

    Google Scholar 

  18. Myers, A., Sabelfeld, A.: A model for delimited information release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  19. Myers, A., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification. In: 7th IEEE Computer Security Foundations Workshop (2004)

    Google Scholar 

  20. Necula, G.: Compiling with Proofs. PhD thesis, Carnegie Mellon University (September 1998)

    Google Scholar 

  21. Neumman, P.G., Feiertag, R.J., Levitt, K.N., Robinson, L.: Software development and proofs of multi-level security. In: Proceedings of the 2nd International Conference on Software Engineering, pp. 421–428. IEEE Computer Society, Los Alamitos (1976)

    Google Scholar 

  22. Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1) (2003)

    Google Scholar 

  23. Smith, F., Walker, D., Morrisett, G.: Alias types. In: Smolka, G. (ed.) ESOP 2000. LNCS, vol. 1782, pp. 366–381. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  24. Volpano, D.M., Smith, G.: A type-based approach to program security. In: Bidoit, M., Dauchet, M. (eds.) TAPSOFT 1997. LNCS, vol. 1214, pp. 607–621. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  25. Xi, H., Harper, R.: A dependently typed assembly language. Technical Report OGI-CSE-99-008, Oregon Graduate Institute of Science and Technology (July 1999)

    Google Scholar 

  26. Yu, D., Islam, N.: A typed assembly language for confidentiality. Personal Communication (July 2005)

    Google Scholar 

  27. Zdancewic, S., Myers, A.: Robust declassification. In: Proc. of 14th IEEE Computer Security Foundations Workshop, Cape Breton, Canada, June 2001, pp. 15–23 (2001)

    Google Scholar 

  28. Zdancewic, S., Myers, A.: Secure information flow via linear continuations. Higher Order and Symbolic Computation 15(2–3) (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LIFIA, Fac. de Informática, Univ. Nac. de La Plata, Argentina

    Eduardo Bonelli

  2. Stevens Institute of Technology, Hoboken, NJ, 07030, USA

    Adriana Compagnoni & Ricardo Medel

Authors
  1. Eduardo Bonelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Adriana Compagnoni
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ricardo Medel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IMDEA Software, Madrid, Spain

    Gilles Barthe

  2. INRIA Sophia Antipolis, Projet EVEREST, 2004 route des Lucioles, B.P. 93, 06902, Sophia Antipolis Cedex, France

    Benjamin Grégoire

  3. INRIA Sophia Antipolis, France

    Marieke Huisman

  4. Gemalto, France

    Jean-Louis Lanet

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bonelli, E., Compagnoni, A., Medel, R. (2006). Information Flow Analysis for a Typed Assembly Language with Polymorphic Stacks. In: Barthe, G., Grégoire, B., Huisman, M., Lanet, JL. (eds) Construction and Analysis of Safe, Secure, and Interoperable Smart Devices. CASSIS 2005. Lecture Notes in Computer Science, vol 3956. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11741060_3

Download citation

  • DOI: https://doi.org/10.1007/11741060_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33689-1

  • Online ISBN: 978-3-540-33691-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation