Abstract:
A promising technique for protecting privacy and integrity of sensitive data is to statically check information flow within programs that manipulate the data. While previous work has proposed programming language extensions to allow this static checking, the resulting languages are too restrictive for practical use and have not been implemented. In this paper, we describe the new language JFlow, an extension to the Java language that adds statically-checked information flow annotations. JFlow provides several new features that make information flow checking more flexible and convenient than in previous models: a decentralized label model, label polymorphism, run-time label checking, and automatic label inference. JFlow also supports many language features that have never been integrated successfully with static information flow control, including objects, subclassing, dynamic type tests, access control, and exceptions. This paper defines the JFlow language and presents formal rules tha...
Citations
|
1446
|
The Java Language Specification
– Gosling, Joy, et al.
|
|
426
|
Secure Computer Systems: Unified Exposition and Multics Interpretation
– Bell, LaPadula
- 1975
|
|
418
|
Cryptography and Data Security
– Denning
- 1982
|
|
370
|
A Lattice Model of Secure Information Flow
– Denning
- 1976
|
|
269
|
A Note on the Confinement Problem
– Lampson
- 1973
|
|
264
|
A sound type system for secure flow analysis
– Volpano, Smith, et al.
- 1996
|
|
256
|
Certification of programs for secure information flow
– Denning, Denning
- 1977
|
|
213
|
Secrecy by Typing in Security Protocols
– Abadi
- 1997
|
|
180
|
The SLam calculus: Programming with secrecy and integrity
– Heintze, Riecke
- 1998
|
|
156
|
Parameterized types for Java
– Myers, Bank, et al.
- 1997
|
|
150
|
Secure information flow in a multi-threaded imperative language
– Smith, Volpano
- 1998
|
|
143
|
Typeful Programming
– Cardelli
- 1989
|
|
124
|
Dynamic typing in a statically typed language
– Abadi, Cardelli, et al.
- 1991
|
|
120
|
A decentralized model for information flow control
– Myers, Liskov
- 1997
|
|
56
|
An axiomatic approach to information flow in programs
– Andrews, Reitman
- 1980
|
|
52
|
Complete, safe information flow with decentralized labels
– Myers, Liskov
- 1998
|
|
45
|
Mostly-static decentralized information flow control
– MYERS
- 1999
|
|
38
|
Tractable constraints in finite semilattices
– Rehof, Mogensen
- 1996
|
|
32
|
Trust in the -calculus
– rbaek, Palsberg
- 1997
|
|
28
|
An efficient general iterative algorithm for data flow analysis
– Horwitz, Demers, et al.
- 1987
|
|
27
|
A language extension for expressing constraints on data access
– JONES, LISKOV
- 1978
|
|
15
|
Cacl: Efficient finegrained protection for objects
– Richardson, Schwartz, et al.
- 1992
|
|
12
|
Access flow: A protection model which integrates access control and information flow
– Stoughton
- 1981
|
|
11
|
Provably-Secure Programming Languages for Remote Evaluation
– Volpano
- 1996
|
|
9
|
LouAnna Notargiacomo. Beyond the pale of MAC and DAC—defining new forms of access control
– McCollum, Messing
- 1990
|
|
4
|
Worklist management strategies for dataflow analysis
– Kanamori, Weise
- 1994
|
|
4
|
PolyJ: Parameterized types for Java. Software release. Located at http://www.pmg.lcs.mit.edu/polyj
– Liskov, Mathewson, et al.
- 1998
|
