Secure Information Flow in a Multi-threaded Imperative Language

Abstract

Previously, we developed a type system to ensure secure information flow in a sequential, imperative programming language [VS196]. Program variables are classified as either high or low security; intuitively, we wish to prevent information from flowing from high variables to low variables. Here, we extend the analysis to deal with a multithreaded language. We show that the previous type system is insufficient to ensure a desirable security property called noninterference. Nonininterference basically means that the final values of low variables are independent of the initial values of high variables. By modifying the sequential type system, we are able to guarantee noninterference for concurrent programs. Crucial to this result, however, is the use of purely nondeterministic thread scheduling. Since implementing such scheduling is problematic, we also show how a more restrictive type system can guarantee noninterference, given a more deterministic (and easily implementable) scheduling policy, such as round-robin time slicing. Finally, we consider the consequences of adding a clock to the language.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 1998
Accession Number
ADA484468

Entities

People

  • Dennis Volpano
  • Geoffrey B. Smith

Organizations

  • Florida International University

Tags

Communities of Interest

  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Cybersecurity
  • Electronic Commerce
  • Guarantees
  • Language
  • Multithreading
  • Operating Systems
  • Probability
  • Probability Distributions
  • Procedural Programming Language
  • Programming Languages
  • Scheduling (Production)
  • Security
  • Security Protocols

Fields of Study

  • Computer science

Readers

  • Mathematical Modeling and Probability Theory.
  • Parallel and Distributed Computing.