TY - GEN
T1 - Channels
T2 - 23rd Annual Computer Security Applications Conference, ACSAC 2007
AU - Hicks, Boniface
AU - Misiak, Timothy
AU - McDaniel, Patrick
PY - 2007
Y1 - 2007
N2 - Security-typed languages (STLs) are powerful tools for provably implementing policy in applications. The programmer maps policy onto programs by annotating types with information flow labels, and the STL compiler guarantees that data always obeys its label as it flows within an application. As data flows into or out of an application, however, a runtime system is needed to mediate between the information flow world within the application and the non-information flow world of the operating system. In the few existing STL applications, this problem has been handled in ad hoc ways that hindered software engineering and security analysis. In this paper, we present a principled approach to STL runtime system development along with policy infrastructure and class abstractions for the STL, Jif, that implement these principles. We demonstrate the effectiveness of our approach by using our infrastructure to develop a firewall application, FLOWWALL, that provably enforces its policy.
AB - Security-typed languages (STLs) are powerful tools for provably implementing policy in applications. The programmer maps policy onto programs by annotating types with information flow labels, and the STL compiler guarantees that data always obeys its label as it flows within an application. As data flows into or out of an application, however, a runtime system is needed to mediate between the information flow world within the application and the non-information flow world of the operating system. In the few existing STL applications, this problem has been handled in ad hoc ways that hindered software engineering and security analysis. In this paper, we present a principled approach to STL runtime system development along with policy infrastructure and class abstractions for the STL, Jif, that implement these principles. We demonstrate the effectiveness of our approach by using our infrastructure to develop a firewall application, FLOWWALL, that provably enforces its policy.
UR - http://www.scopus.com/inward/record.url?scp=48649108967&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=48649108967&partnerID=8YFLogxK
U2 - 10.1109/ACSAC.2007.35
DO - 10.1109/ACSAC.2007.35
M3 - Conference contribution
AN - SCOPUS:48649108967
SN - 0769530605
SN - 9780769530604
T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC
SP - 443
EP - 452
BT - Proceedings - 23rd Annual Computer Security Applications Conference, ACSAC 2007
Y2 - 10 December 2007 through 14 December 2007
ER -