Subtitle Channels : Runtime System Infrastructure for Security - Typed Languages

OMB No . 0704 - 0188

Security-typed languages (STLs) are powerful tools for provably implementing policy in applications. The programmer maps policy onto programs by annotating types with information flow labels, and the STL compiler guarantees that data always obeys its label as it flows within an application. As data flows into or out of an application, however, a runtime system is needed to mediate between the i...

Trusted Declassification: Policy Infrastructure for a Security-Typed Language

Security-typed languages are a powerful tools for developing verifiably secure software applications. Programs written in these languages enforce a strong, global policy of noninterference which ensures that high-security data will not be observable on low-security channels. Because noninterference is typically too strong a property, most programs use some form of declassification to selectivel...

Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages

Efficient virtual machine support of runtime structural reflection

Increasing trends towards adaptive, distributed, generative and pervasive software have made object-oriented dynamically typed languages become increasingly popular. These languages offer dynamic software evolution by means of reflection, facilitating the development of dynamic systems. Unfortunately, this dynamism commonly imposes a runtime performance penalty. In this paper, we describe how t...

Information Flow Analysis for a Dynamically Typed Functional Language with Staged Metaprogramming

Web applications written in JavaScript are regularly used for dealing with sensitive or personal data. Consequently, reasoning about their security properties has become an important problem, which is made very difficult by the highly dynamic nature of the language, particularly its support for runtime code generation. As a first step towards dealing with this, we propose to investigate securit...