Channels: Runtime System Infrastructure for Security-typed Languages

Abstract

Security-typed languages (STLs) are powerful tools for provably implementing policy in applications. The pro-grammar maps policy onto programs by annotating types with information flow labels, and the STL compiler guarantees that data always obeys its label as it flows within an application. As data flows into or out of an application, however, a runtime system is needed between the information flow world within the application and the non-information flow world of the operating system. In the few existing STL applications, this problem has been handled in ad hoc ways that hindered software engineering and security analysis. In this paper, we present a principled approach to STL runtime system development along with policy infrastructure and class abstractions for the STL, JIF, that implement these principles. We demonstrate the effectiveness of our approach by using our infrastructure to develop a firewall application, FLOWWALL that provably enforces its policy.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 2008
Accession Number
ADA516570

Entities

People

  • Boniface Hicks
  • Patrick Drew McDaniel
  • Timothy Misiak

Organizations

  • Pennsylvania State University

Tags

Communities of Interest

  • Energy and Power Technologies
  • Human Systems

DTIC Thesaurus Topics

  • Compilers
  • Computer Access Control
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Cybersecurity
  • Information Science
  • Infrastructure
  • Language
  • Operating Systems
  • Security
  • Security Protocols
  • Software Development
  • Standards

Fields of Study

  • Computer science
  • Engineering

Readers

  • Computational Linguistics
  • Cybersecurity.
  • Distributed Systems and Data Platform Development