TY - GEN
T1 - Efficient type inference for secure information flow
AU - Hristova, Katia
AU - Rothamel, Tom
AU - Liu, Yanhong A.
AU - Stoller, Scott D.
PY - 2006
Y1 - 2006
N2 - This paper describes the design, analysis, and implementation of an efficient algorithm for information flow analysis expressed using a type system. Given a program and an environment of security classes for information accessed by the program, the algorithm checks whether the program is well typed, i.e., there is no information of higher security classes flowing into places of lower security classes according to a lattice of security classes, by inferring the highest or lowest security class as appropriate for each program node. We express the analysis as a set of Datalog-like rules based on the typing and subtyping rules, and we use a systematic method to generate specialized algorithms and data structures directly from the Datalog-like rules. The generated implementation traverses the program multiple times and uses a combination of linked and indexed data structures to represent program nodes, environments, and types. The time complexity of the algorithm is linear in the size of the input program, times the height of the lattice of security classes, plus a small overhead for preprocessing the security classes. This complexity is confirmed through our prototype implementation and experimental evaluation on code generated from high-level specifications for real systems.
AB - This paper describes the design, analysis, and implementation of an efficient algorithm for information flow analysis expressed using a type system. Given a program and an environment of security classes for information accessed by the program, the algorithm checks whether the program is well typed, i.e., there is no information of higher security classes flowing into places of lower security classes according to a lattice of security classes, by inferring the highest or lowest security class as appropriate for each program node. We express the analysis as a set of Datalog-like rules based on the typing and subtyping rules, and we use a systematic method to generate specialized algorithms and data structures directly from the Datalog-like rules. The generated implementation traverses the program multiple times and uses a combination of linked and indexed data structures to represent program nodes, environments, and types. The time complexity of the algorithm is linear in the size of the input program, times the height of the lattice of security classes, plus a small overhead for preprocessing the security classes. This complexity is confirmed through our prototype implementation and experimental evaluation on code generated from high-level specifications for real systems.
KW - Algorithm
KW - Information flow
KW - Security
KW - Time complexity
KW - Type inference
UR - https://www.scopus.com/pages/publications/33745935568
U2 - 10.1145/1134744.1134759
DO - 10.1145/1134744.1134759
M3 - Conference contribution
SN - 1595933743
SN - 9781595933744
T3 - PLAS 2006 - Proceedings of the 2006 Programming Languages and Analysis for Security Workshop
SP - 85
EP - 94
BT - PLAS 2006 - Proceedings of the 2006 Programming Languages and Analysis for Security Workshop
PB - Association for Computing Machinery
T2 - PLAS 2006 - 2006 Programming Languages and Analysis for Security Workshop
Y2 - 10 June 2006 through 10 June 2006
ER -