{"title":"Regrading Policies for Flexible Information Flow Control in Session-Typed Concurrency","authors":"Farzaneh Derakhshan, Stephanie Balzer, Yue Yao","doi":"arxiv-2407.20410","DOIUrl":null,"url":null,"abstract":"Noninterference guarantees that an attacker cannot infer secrets by\ninteracting with a program. Information flow control (IFC) type systems assert\nnoninterference by tracking the level of information learned (pc) and\ndisallowing communication to entities of lesser or unrelated level than the pc.\nControl flow constructs such as loops are at odds with this pattern because\nthey necessitate downgrading the pc upon recursion to be practical. In a\nconcurrent setting, however, downgrading is not generally safe. This paper\nutilizes session types to track the flow of information and contributes an IFC\ntype system for message-passing concurrent processes that allows downgrading\nthe pc upon recursion. To make downgrading safe, the paper introduces regrading\npolicies. Regrading policies are expressed in terms of integrity labels, which\nare also key to safe composition of entities with different regrading policies.\nThe paper develops the type system and proves progress-sensitive\nnoninterference for well-typed processes, ruling out timing attacks that\nexploit the relative order of messages. The type system has been implemented in\na type checker, which supports security-polymorphic processes using local\nsecurity theories.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Programming Languages","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2407.20410","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Noninterference guarantees that an attacker cannot infer secrets by
interacting with a program. Information flow control (IFC) type systems assert
noninterference by tracking the level of information learned (pc) and
disallowing communication to entities of lesser or unrelated level than the pc.
Control flow constructs such as loops are at odds with this pattern because
they necessitate downgrading the pc upon recursion to be practical. In a
concurrent setting, however, downgrading is not generally safe. This paper
utilizes session types to track the flow of information and contributes an IFC
type system for message-passing concurrent processes that allows downgrading
the pc upon recursion. To make downgrading safe, the paper introduces regrading
policies. Regrading policies are expressed in terms of integrity labels, which
are also key to safe composition of entities with different regrading policies.
The paper develops the type system and proves progress-sensitive
noninterference for well-typed processes, ruling out timing attacks that
exploit the relative order of messages. The type system has been implemented in
a type checker, which supports security-polymorphic processes using local
security theories.