Achieving information flow security through monadic control of effects

Journal of Computer Security

Volumn 17, Issue 5, 2009, Pages 599-653

  Harrison, William L ^a   Hook, James ^b  

^a University of Missouri   (United States)

^b Department of Electrical and Computer Engineering   (United States)

Author keywords

Information flow security; Language based security; Monads; Non interference; Programming language semantics

Indexed keywords

INFORMATION FLOW SECURITY; LANGUAGE-BASED SECURITY; MONADS; NON-INTERFERENCE; PROGRAMMING LANGUAGE SEMANTICS;

C (PROGRAMMING LANGUAGE); COMPUTER OPERATING SYSTEMS; MATHEMATICAL MODELS; MODEL STRUCTURES; SECURITY OF DATA; SEMANTICS; SEPARATION;

LINGUISTICS;

EID: 70449404985     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2009-0356     Document Type: Conference Paper

References (77)

1. M. Abadi, A. Banerjee, N. Heintze and J. Riecke, A core calculus of dependency, in: Proceedings of the Twenty-Sixth ACM Symposium on Principles of Programming Languages, San Antonio, TX, USA, January 1999, pp. 147-160.
2. D. Alexander, W. Arbaugh, M. Hicks, P. Kakkar, A. Keromytis, J. Moore, C. Gunder, S. Nettles and J. Smith, The switchware active network architecture, IEEE Network (1998).
3. M. Archer and C. Heitmeyer, TAME: A specialized specification and verification system for timed automata, in: Work In Progress (WIP) Proceedings of the 17th IEEE Real-Time Systems Symposium (RTSS'96), A. Bestavros, ed., Washington, DC, USA, 1996, pp. 3-6.
4. M. Barr and C. Wells, Category Theory for Computing Science, Prentice Hall, 1990.
5. D. Bell and L. LaPadula, Secure computer systems: Mathematical foundations and model, Technical Report M74-244, The MITRE Corp., Bedford, MA, USA, May 1973.
6. W.R. Bevier, Kit: A study in operating system verification, IEEE Transactions on Software Engineering 15(11) (1989), 1382-1396.
7. R. Bird, Introduction to Functional Programming using Haskell, 2nd edn, Prentice-Hall Series in Computer Science, Prentice-Hall Europe, London, UK, 1998.
8. K. Birman, R. Constable, M. Hayden, C. Kreitz, O. Rodeh, R. van Renesse andW. Vogels, The Horus and Ensemble projects: Accomplishments and limitations, in: Proceedings of the DARPA Information Survivability Conference & Exposition (DISCEX'00), 2000.
9. K. Claessen, A poor man's concurrency monad, Journal of Functional Programming 9(3) (1999), 313-323.
10. K. Crary, A. Kliger and F. Pfenning, A monadic analysis of information flow security with mutable state, Journal of Functional Programming 15(2) (2005).
11. D. Denning and P. Denning, Certification of programs for secure information flow, Communications of the ACM 20(7) (1977), 504-513.
12. D. Espinosa, Semantic Lego, PhD thesis, Columbia University, 1995.
13. A. Filinski, Representing layered monads, in: Proceedings of the 26st ACM Symposium on Principles of Programming Languages (POPL), 1999, pp. 175-188.
14. R. Giacobazzi and I. Mastroeni, Abstract non-interference: Parameterizing non-interference by abstract interpretation, in: Proceedings of the 31st ACM Symposium on Principles of Programming Languages (POPL), 2004, pp. 186-197.
15. R. Giacobazzi and I. Mastroeni, Adjoining declassification and attack models by abstract interpretation, in: European Symposium on Programming (ESOP'05), LNCS, Vol.3444, Springer-Verlag, 2005, pp. 295-310.
16. J. Gibbons and G. Hutton, Proof methods for corecursive programs, Fundamenta Informaticae Special Issue on Program Transformation 66(4) (2005), 353-366.
17. J.A. Goguen and J. Meseguer, Security policies and security models, in: Proceedings of the 1982 Symposium on Security and Privacy (SSP'82), Los Alamitos, CA, USA, April 1990, IEEE Computer Society Press, 1990, pp. 11-20.
18. D. Greve, R. Richards and M. Wilding, A summary of intrinsic partitioning verification, in: Fifth International Workshop on the ACL2 Theorem Prover and Its Applications (ACL2-2004), November 2004.
19. D. Greve, M. Wilding and W.M. Vanfleet, A separation kernel formal security policy, in: Fourth International Workshop on the ACL2 Theorem Prover and Its Applications (ACL2-2003), July 2003.
20. C. Gunter, Semantics of Programming Languages: Programming Techniques, The MIT Press, Cambridge, MA, 1992.
21. T. Hallgren, M.P. Jones, R. Leslie and A. Tolmach, A principled approach to operating system construction in haskell, in: Proceedings of the Tenth ACM SIGPLAN International Conference on Functional Programming (ICFP05), ACM Press, New York, NY, 2005, pp. 116-128.
22. R. Harper, P. Lee and F. Pfenning, The Fox project: Advanced language technology for extensible systems, Technical Report CMU-CS-98-107, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, USA, January 1998.
23. W. Harrison, Modular compilers and their correctness proofs, PhD thesis, University of Illinois at Urbana-Champaign, 2001.
24. W. Harrison, Haskell implementations of the monadic separation kernels for CSFW 2005. Available from: www.cs.missouri.edu/?harrison/csfw05.
25. W. Harrison, The essence of multitasking, in: 11th International Conference on Algebraic Methodology and Software Technology (AMAST 2006), July 2006, pp. 158-172.
26. W. Harrison, G. Allwein, A. Gill and A. Procter, Asynchronous exceptions as an effect, in: Proceedings of the 9th International Conference on the Mathematics of Program Construction (MPC08), LNCS, Vol.5133, 2008, pp. 153-176.
27. W. Harrison and S. Kamin, Metacomputation-based compiler architecture, in: 5th International Conference on the Mathematics of Program Construction, Ponte de Lima, Portugal, LNCS, Vol.1837, Springer-Verlag, 2000, pp. 213-229.
28. N. Heintze and J. Riecke, The SLam calculus: programming with secrecy and integrity, in: Proceedings of the Twenty-fifth ACM Symposium on Principles of Programming Languages, ACM Press, New York, NY, 1998, pp. 365-377.
29. C.L. Heitmeyer, M. Archer, E.I. Leonard and J. McLean, Formal specification and verification of data separation in a separation kernel for an embedded system, in: CCS'06: Proceedings of the 13th ACM Conference on Computer and Communications Security, ACM Press, New York, NY, 2006, pp. 346-355.
30. B. Huffman, J. Matthews and P. White, Axiomatic constructor classes in isabelle/holcf, in: 18th International Conference on Theorem Proving in Higher Order Logics (TPHOL05), LNCS, Vol.3603, Springer-Verlag, 2005, pp. 147-162.
31. R. Joshi and K. Leino, A semantic approach to secure information flow, Science of Computer Programming 37(1-3) (2000), 113-138.
32. M. Kaufmann and J.S. Moore, An industrial strength theorem prover for a logic based on common lisp, IEEE Transactions on Software Engineering 23(4) (1997), 203-213.
33. B. Lampson, A note on the confinement problem, in: Communications of the ACM, October 1973, ACM press, 1973, pp. 613-615.
34. P. Li and S. Zdancewic, Downgrading policies and relaxed noninterference, in: POPL'05: Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2005, pp. 158-170.
35. S. Liang, Modular monadic semantics and compilation, PhD thesis, Yale University, 1998.
36. S. Liang, P. Hudak and M. Jones, Monad transformers and modular interpreters, in: 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1995, ACM Press, 1995, pp. 333-343.
37. S. Mac Lane, Categories for the Working Mathematician, Graduate Texts in Mathematics, Springer- Verlag, 1971.
38. Z. Manna and A. Pnueli, The Temporal Logic of Reactive and Concurrent Systems: Specification, Springer-Verlag, 1991.
39. W. Martin, P. White, F.S. Taylor and A. Goldberg, Formal construction of the mathematically analyzed separation kernel, in: ASE'00: Proceedings of the 15th IEEE International Conference on Automated Software Engineering, IEEE Computer Society, Washington, DC, 2000, p. 133.
40. E. McCauley and P. Drongowski, KSOS - the design of a secure operating system, in: Proceedings of the American Federation of Information Processing Societies (AFIPS) National Computer Conference, Vol.48, 1979, pp. 345-353.
41. D. McCullough, Noninterference and the composability of security properties, in: Proc. IEEE Symposium on Security and Privacy, 1988, pp. 177-187.
42. J. McLean, A general theory of composition for trace sets closed under selective interleaving functions, in: Proceedings of the IEEE Symposium on Research in Security and Privacy, 1994, pp. 79-93.
43. R. Milner, M. Tofte, R. Harper and D. MacQueen, The Definition of Standard ML, revised edn, The MIT Press, Cambridge, MA, 1997.
44. M. Mizuno and D. Schmidt, A security flow control algorithm and its denotational semantics correctness proof, Formal Aspects of Computing 4(6A) (1992), 727-754.
45. E. Moggi, Computational lambda-calculus and monads, in: Proceedings 4th Annual IEEE Symp. on Logic in Computer Science, LICS'89, Pacific Grove, CA, USA, 5-8 June, 1989, IEEE Computer Society Press, Washington, DC, 1989, pp. 14-23.
46. E. Moggi, An abstract view of programming languages, Technical Report ECS-LFCS-90-113, Dept. of Computer Science, Edinburgh Univ., 1990.
47. E. Moggi, Notions of computation and monads, Information and Computation 93(1) (1991), 55-92.
48. P. Neumann, R. Boyer, R. Feiertag, K. Levitt and L. Robinson, A provably secure operating system: The system, its applications, and proof, Technical Report CSL-116, SRI, May 1980.
49. T. Nipkow, L.C. Paulson and M.Wenzel, Isabelle/HOL - A Proof Assistant for Higher-Order Logic, LNCS, Vol.2283, Springer, 2002.
50. P. O'Hearn, H. Yang and J. Reynolds, Separation and information hiding, in: Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, ACM Press, 2004, pp. 268-280.
51. S. Owre, J. Rushby and N. Shankar, PVS: A Prototype Verification System, in: Proc. of 11th International Conference on Automated Deduction, D. Kapur, ed., Lecture Notes in Artificial Intelligence, Vol.607, Saratoga, NY, USA, June 1992, Springer-Verlag, 1992, pp. 748-752.
52. J. Palsberg and P. Ørbæk, Trust in the lambda-calculus, Journal of Functional Programming 7(6) (1997), 557-591.
53. N. Papaspyrou, A resumption monad transformer and its applications in the semantics of concurrency, in: Proceedings of the 3rd Panhellenic Logic Symposium, 2001 (an expanded technical report is available from the author by request).
54. S. Peyton Jones (ed.), Haskell 98 Language and Libraries, the Revised Report, Cambridge University Press, 2003.
55. G. Plotkin, A powerdomain construction, SIAM Journal of Computing 5(3) (1976).
56. F. Pottier and S. Conchon, Information flow inference for free, in: Proceedings of the Fifth ACM SIGPLAN International Conference on Functional Programming (ICFP'99), 2000, pp. 46-57.
57. F. Pottier and V. Simonet, Information flow inference for ML, in: Proceedings of the 29th ACM Symposium on Principles of Programming Languages, Portland, OR, USA, January 2002, pp. 319- 330.
58. Programatica Home Page, www.cse.ogi.edu/PacSoft/projects/programatica.
59. J. Reynolds, The Craft of Programming, Prentice Hall, Englewood Cliffs, NJ, 1981.
60. J. Reynolds, Types, abstraction and parametric polymorphism, in: Information Processing 83, R.E.A. Mason, ed., North-Holland, 1983, pp. 513-523.
61. J. Reynolds, Separation logic: a logic for shared mutable data structures, in: Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science (LICS'02), 2002.
62. W. Roscoe, Theory and Practice of Concurrency, Prentice-Hall, 1998.
63. J. Rushby, Design and verification of secure systems, in: Proceedings of the ACM Symposium on Operating System Principles, Vol.15, 1981, pp. 12-21.
64. J. Rushby, Proof of separability: A verification technique for a class of security kernels, in: Proceedings of the 5th International Symposium on Programming, Springer-Verlag, Berlin, 1982, pp. 352- 362.
65. A. Sabelfeld and A. Myers, Language-based information-flow security, IEEE Journal on Selected Areas in Communications 21(1) (2003).
66. D. Schmidt, Denotational Semantics, Allyn and Bacon, Boston, MA, 1986.
67. J. Shapiro, J. Smith and D. Farber, EROS: a fast capability system, in: Proceedings of the 17th ACM Symposium on Operating Systems Principles (SOSP'99), Charleston, SC, USA, December 1999, pp. 170-185.
68. G. Smith, A new type system for secure information flow, in: 14th IEEE Computer Security Foundations Workshop (CSFW'01), IEEE Computer Society Press, June 2001, pp. 115-125.
69. G. Smith and D. Volpano, Secure information flow in a multi-threaded imperative language, in: Proceedings of the 25th ACM Symposium on Principles of Programming Languages, San Diego, CA, USA, January 1998, pp. 355-364.
70. SPECWARE Home Page, http://www.specware.org/.
71. J.E. Stoy, Denotational Semantics: The Scott-Strachey Approach to Programming Language Semantics, The MIT Press, Cambridge, MA, 1977.
72. S. Tse and S. Zdancewic, Translating dependency into parametricity, in: Proceedings of the Ninth ACM SIGPLAN International Conference on Functional Programming (ICFP'04), 2004, pp. 115- 125.
73. P. Wadler, The essence of functional programming, in: Proceedings of the 19th Symposium on Principles of Programming Languages, Albuquerque, NM, USA, January 19-22, 1992, ACM Press, 1992, pp. 11-14.
74. P. Wadler, Monads for functional programming, in: Proceedings of the 1992 Marktoberdorf International Summer School on Logic of Computation, LNCS, Vol.925, 1995, pp. 24-52.
75. B. Walker, R. Kemmerer and G. Popek, Specification and verification of the UCLA Unix security kernel, Communications of the ACM 23(2) (1980), 118-131.
76. A. Zakinthinos and E. Lee, A general theory of security properties, in: Proceedings of the 1997 IEEE Symposium on Security and Privacy, IEEE Computer Society, 1997, pp. 94-102.
77. S. Zdancewic and A. Myers, Robust declassification, in: Proceedings of 14th IEEE Computer Security Foundations Workshop, Cape Breton, NS, Canada, June 2001, pp. 15-23.