Channels: Runtime system infrastructure for security-typed languages

Boniface Hicks, Timothy Misiak, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Security-typed languages (STLs) are powerful tools for provably implementing policy in applications. The programmer maps policy onto programs by annotating types with information flow labels, and the STL compiler guarantees that data always obeys its label as it flows within an application. As data flows into or out of an application, however, a runtime system is needed to mediate between the information flow world within the application and the non-information flow world of the operating system. In the few existing STL applications, this problem has been handled in ad hoc ways that hindered software engineering and security analysis. In this paper, we present a principled approach to STL runtime system development along with policy infrastructure and class abstractions for the STL, Jif, that implement these principles. We demonstrate the effectiveness of our approach by using our infrastructure to develop a firewall application, FLOWWALL, that provably enforces its policy.

Original languageEnglish (US)
Title of host publicationProceedings - 23rd Annual Computer Security Applications Conference, ACSAC 2007
Pages443-452
Number of pages10
DOIs
Publication statusPublished - Dec 1 2007
Event23rd Annual Computer Security Applications Conference, ACSAC 2007 - Miami Beach, FL, United States
Duration: Dec 10 2007Dec 14 2007

Publication series

NameProceedings - Annual Computer Security Applications Conference, ACSAC
ISSN (Print)1063-9527

Other

Other23rd Annual Computer Security Applications Conference, ACSAC 2007
CountryUnited States
CityMiami Beach, FL
Period12/10/0712/14/07

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Software
  • Engineering(all)

Cite this

Hicks, B., Misiak, T., & McDaniel, P. (2007). Channels: Runtime system infrastructure for security-typed languages. In Proceedings - 23rd Annual Computer Security Applications Conference, ACSAC 2007 (pp. 443-452). [4413010] (Proceedings - Annual Computer Security Applications Conference, ACSAC). https://doi.org/10.1109/ACSAC.2007.35