MAC, A Verified Information-Flow Control Library
Licentiatavhandling, 2017

Information Flow Control (IFC) is a language-based security mechanism that tracks where data flows within a program and prevents leakage of sensitive data. IFC has been embedded in pure functional languages such as Haskell, in the form of a library, thus reducing the implementation and maintenance effort and fostering a secure-by-construction programming-model. MAC is a state-of- the-art IFC Haskell library that detects leaks statically and that supports many advanced programming features, such as exceptions, mutable references and concurrency. While MAC is an elegant functional pearl and is implemented concisely in less than 200 lines of code, it does not provide any formal security guarantee. This thesis presents the first full-fledged verified formal model of MAC, which guarantees that any program written against the library’s API satisfies non-interference by construction. In particular, the contributions of this work improve MAC in three areas: formal verification techniques, expressivity and protection against covert channels. Firstly, the thesis enriches term erasure with two-steps erasure, a novel flexible technique, which has been used to reason systematically about the security implications of advanced programming features and that greatly simplifies the non-interference proof. Secondly, this work gives a functor algebraic structure to labeled values, an abstract data type which protects values with explicit labels, thus enabling flexible manipulation of labeled data through classic functional programming patterns. Thirdly, the thesis closes the sharing-based internal-timing covert channel, which exploits the sharing feature of lazy evaluation to leak data, by affecting the timing behavior of threads racing to gain access to some shared resource. We design an unsharing primitive that disables sharing by lazily duplicating thunks and we apply it to restrict sharing, when needed for security reasons. All the results presented in this thesis have been corroborated with extensive mechanized proofs, developed in the Agda proof assistant.

Haskell

NonInterference

Agda

Functional Programming

Information-Flow Control

Lecture hall EC, EDIT building, Johanneberg Campus, Rännvägen 6B
Opponent: Prof. David Pichardie, Department of Computer Science, ENS Rennes, France

Författare

Marco Vassena

Informationssäkerhet

Flexible manipulation of labeled values for information-flow control libraries

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 9878 LNCS, 2016(2016)p. 538-557

Paper i proceeding

On formalizing information-flow control libraries

11th ACM SIGSAC Workshop on Programming Languages and Analysis for Security, PLAS 2016, Vienna, Austria, 24 October 2016,; (2016)p. 15-28

Paper i proceeding

Securing Concurrent Lazy Programs Against Information Leakage

Proceedings - IEEE Computer Security Foundations Symposium,; (2017)p. 37-52

Paper i proceeding

Styrkeområden

Informations- och kommunikationsteknik

Ämneskategorier

Datavetenskap (datalogi)

Utgivare

Chalmers

Lecture hall EC, EDIT building, Johanneberg Campus, Rännvägen 6B

Opponent: Prof. David Pichardie, Department of Computer Science, ENS Rennes, France

Mer information

Skapat

2017-05-09