research-article

A more precise security type system for dynamic security tests

Authors:

Gregory Malecha,

Stephen ChongAuthors Info & Claims

PLAS '10: Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security

Article No.: 4, Pages 1 - 12

https://doi.org/10.1145/1814217.1814221

Published: 10 June 2010 Publication History

Abstract

The move toward publically available services that store private information has increased the importance of tracking information flow in applications. For example, network systems that store credit-card transactions and medical records must be assured to maintain the confidentiality and integrity of this information. One way to ensure this is to use a language that supports static reasoning about information flow in the type system. While useful in practice, current type systems for checking information flow are imprecise, unnecessarily rejecting safe programs. This annoys programmers and often results in increased code complexity in order to work around these artificial limitations. In this work, we present a new type system for statically checking information flow properties of imperative programs with exceptions. Our key insight is to propagate a context of exception handlers and check exceptions at the throw point rather than propagating exceptions outward and checking them at the catch sites. We prove that our type system guarantees the standard non-interference condition and that it is strictly more permissive than the existing type system for Jif, a language that extends the Java type system to reason about information flow.

References

[1]

Aslan Askarov and Andrei Sabelfeld. Tight enforcement of information-release policies for dynamic languages. In CSF '09: Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium, pages 43--59, Washington, DC, USA, 2009. IEEE Computer Society. ISBN 978-0-7695-3712-2.

Digital Library

[2]

Cadar, Cristian and Dunbar, Daniel and Engler, Dawson. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In Proceedings of OSDI, 2008.

Digital Library

[3]

Adam Chlipala, Gregory Malecha, Greg Morrisett, Avraham Shinnar, and Ryan Wisnesky. Effective interactive proofs for higher-order imperative programs. In ICFP '09: Proceedings of the 14th ACM SIGPLAN international conference on Functional programming, pages 79--90, New York, NY, USA, 2009. ACM. ISBN 978-1-60558-332-7.

Digital Library

[4]

Stephen Chong and Andrew C. Myers. Decentralized robustness. In CSFW '06: Proceedings of the 19th IEEE workshop on Computer Security Foundations, pages 242--256, Washington, DC, USA, 2006. IEEE Computer Society. ISBN 0-7695-2615-2.

Digital Library

[5]

Stephen Chong, Jed Liu, Andrew C. Myers, Xin Qi, K. Vikram, Lantian Zheng, and Xin Zheng. Secure web applications via automatic partitioning. In Proceedings of the 21st ACM Symposium on Operating System Principles, pages 31--44, 2007a.

Digital Library

[6]

Stephen Chong, K. Vikram, and Andrew C. Myers. SIF: Enforcing confidentiality and integrity in web applications. In Proceedings of the 16th USENIX Security Symposium, pages 1--16. USENIX Association, August 2007b.

Digital Library

[7]

Michael R. Clarkson, Stephen Chong, and Andrew C. Myers. Civitas: Toward a secure voting system. In Proceedings of the IEEE Symposium on Security and Privacy, pages 354--368. IEEE Computer Society, May 2008.

Digital Library

[8]

Michael Dalton, Hari Kannan, and Christos Kozyrakis. Raksha: a flexible information flow architecture for software security. In ISCA '07: Proceedings of the 34th annual international symposium on Computer architecture, pages 482--493, New York, NY, USA, 2007. ACM. ISBN 978-1-59593-706-3.

Digital Library

[9]

Dorothy E. Denning and Peter J. Denning. Certification of programs for secure information flow. Commun. ACM, 20(7):504--513, 1977. ISSN 0001--0782.

Digital Library

[10]

David Endler. The evolution of cross site scripting attacks. Technical report, iDEFENSE Labs, 2002.

[11]

Joseph A. Goguen and Jose Meseguer. Security policies and security models. In Proceedings of the IEEE Symposium on Security and Privacy, pages 11--20. IEEE Computer Society, April 1982.

[12]

Robert Grabowski and Lennart Beringer. Noninterference with dynamic security domains and policies. 13th Asian Computing Science Conference, Focusing on Information Security and Privacy, 5913, 2009.

Digital Library

[13]

Nevin Heintze and Jon G. Riecke. The slam calculus: programming with secrecy and integrity. In POPL '98: Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 365--377, New York, NY, USA, 1998. ACM. ISBN 0-89791-979-3.

Digital Library

[14]

Boniface Hicks, Kiyan Ahmadizadeh, and Patrick McDaniel. Understanding practical application development in security-typed languages. In 22nd Annual Computer Security Applications Conference (ACSAC), Miami, Fl, December 2006.

Digital Library

[15]

Jed Liu, Michael D. George, K. Vikram, Xin Qi, Lucas Waye, and Andrew C. Myers. Fabric: A platform for secure distributed computation and storage. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP'09), October 2009.

Digital Library

[16]

Gregory Malecha and Stephen Chong. A more precise security type system for dynamic security tests. Technical Report TR-05-10, Harvard University, May 2010.

Digital Library

[17]

Andrew C. Myers. JFlow: Practical mostly-static information flow control. In Conference Record of the Twenty-Sixth Annual ACM Symposium on Principles of Programming Languages, pages 228--241, New York, NY, USA, January 1999. ACM Press.

Digital Library

[18]

Andrew C. Myers and Barbara Liskov. A decentralized model for information flow control. In Proceedings of the 16th ACM Symposium on Operating System Principles, pages 129--142, New York, NY, USA, 1997. ACM Press.

Digital Library

[19]

Alexander Nanevski. Functional Programming with Names and Necessity. PhD thesis, Carnegie Mellon University, 2004.

Digital Library

[20]

François Pottier and Vincent Simonet. Information flow inference for ml. ACM Transactions on Programming Languages and Systems, 25 (1):117--158, 2003. ISSN 0164--0925.

Digital Library

[21]

Andrei Sabelfeld and Andrew C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1), January 2003.

Digital Library

[22]

Geoffrey Smith and Dennis Volpano. Secure information flow in a multi-threaded imperative language. In POPL '98: Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 355--364, New York, NY, USA, 1998. ACM. ISBN 0-89791-979-3.

Digital Library

[23]

Zhendong Su and Gary Wassermann. The essence of command injection attacks in web applications. SIGPLAN Notices, 41(1):372--382, 2006. ISSN 0362--1340.

Digital Library

[24]

Stephen Tse and Steve Zdancewic. Run-time principals in information-flow type systems. ACM Trans. Program. Lang. Syst., 30, November 2007. ISSN 0164--0925. URL http://portal.acm.org.ezp-prod1.hul.harvard.edu/citation.cfm?id=1290520.1290526.

Digital Library

[25]

Andrew van der Stock, Jeff Williams, and Dave Wichers. OWASP top 10, 2007.

[26]

P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Cross-site scripting prevention with dynamic data tainting and static analysis. In Network and Distributed System Security Symposium (NDSS '07), February 2007.

[27]

Dennis Volpano, Geoffrey Smith, and Cynthia Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):167--187, 1996.

Digital Library

[28]

Glynn Winskel. The formal semantics of programming languages: an introduction. MIT Press, Cambridge, MA, USA, 1993. ISBN 0-262-23169-7.

Digital Library

[29]

Lantian Zheng and Andrew C. Myers. Dynamic security labels and noninterference. In Formal Aspects in Security and Trust, Toulouse, France, August 2004.

Cited By

Alba-Castro M(2014)Automated abstract certification of non-interference with object aliasing in rewriting logic2014 9th Computing Colombian Conference (9CCC)10.1109/ColumbianCC.2014.6955344(192-199)Online publication date: Sep-2014
https://doi.org/10.1109/ColumbianCC.2014.6955344
Hritcu CGreenberg MKarel BPierce BMorrisett G(2013)All Your IFCException Are Belong to UsProceedings of the 2013 IEEE Symposium on Security and Privacy10.1109/SP.2013.10(3-17)Online publication date: 19-May-2013
https://dl.acm.org/doi/10.1109/SP.2013.10
Jagadeesan RPitcher CRiely J(2013)Noninterference for Intuitionist NecessityLogic and Its Applications10.1007/978-3-642-36039-8_17(185-196)Online publication date: 2013
https://doi.org/10.1007/978-3-642-36039-8_17

A more precise security type system for dynamic security tests
1. Security and privacy
  1. Systems security
2. Theory of computation
  1. Semantics and reasoning

Recommendations

Type-Driven Gradual Security with References

In security-typed programming languages, types statically enforce noninterference between potentially conspiring values, such as the arguments and results of functions. But to adopt static security types, like other advanced type disciplines, programmers ...
A security type verifier for smart contracts
Highlights
- We introduce a formal calculus for Solidity, including syntax and semantics.
- We propose a Solidity Type Checker (STC) to prevent both explicit and implicit flows that violate integrity policies, whose soundness is proved w.r.t. non-...
Graphical abstract

Display Omitted

Abstract
The widespread adoption of smart contracts demands strong security guarantees. Our work is motivated by the problem of statically checking potential information tampering in smart contracts. This paper presents a security type verification ...
A Type System for Expressive Security Policies

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PLAS '10: Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security

June 2010

77 pages

ISBN:9781605588278

DOI:10.1145/1814217

Conference Chairs:
Anindya Banerjee
IMDEA Software Institute
,
Deepak Garg
Carnegie Mellon University

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 June 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

PLDI '10

Sponsor:

SIGPLAN

PLDI '10: ACM SIGPLAN Conference on Programming Language Design and Implementation

June 10, 2010

Toronto, Canada

Acceptance Rates

Overall Acceptance Rate 43 of 77 submissions, 56%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
152
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Alba-Castro M(2014)Automated abstract certification of non-interference with object aliasing in rewriting logic2014 9th Computing Colombian Conference (9CCC)10.1109/ColumbianCC.2014.6955344(192-199)Online publication date: Sep-2014
https://doi.org/10.1109/ColumbianCC.2014.6955344
Hritcu CGreenberg MKarel BPierce BMorrisett G(2013)All Your IFCException Are Belong to UsProceedings of the 2013 IEEE Symposium on Security and Privacy10.1109/SP.2013.10(3-17)Online publication date: 19-May-2013
https://dl.acm.org/doi/10.1109/SP.2013.10
Jagadeesan RPitcher CRiely J(2013)Noninterference for Intuitionist NecessityLogic and Its Applications10.1007/978-3-642-36039-8_17(185-196)Online publication date: 2013
https://doi.org/10.1007/978-3-642-36039-8_17

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents