共同流入:类java语言的粗粒度信息流控制

Jian Xiang, Stephen Chong
{"title":"共同流入:类java语言的粗粒度信息流控制","authors":"Jian Xiang, Stephen Chong","doi":"10.1109/SP40001.2021.00002","DOIUrl":null,"url":null,"abstract":"Coarse-grained dynamic information-flow control (IFC) is a good match for imperative object-oriented programming languages such as Java. Java language abstractions align well with coarse-grained IFC concepts, and so Java can be cleanly extended with coarse-grained dynamic IFC without requiring significantly different design patterns or excessive security annotations, and without excessive performance overhead.We present Co-Inflow: an extension of Java with coarse-grained dynamic IFC. By careful design choices and defaults, a programmer typically needs to add very few annotations to a Java program to convert it to a Co-Inflow program with relatively good precision. Additional annotations can improve precision. We achieve this tradeoff between precision and annotation burden by instantiating and specializing recent advances in coarse-grained IFC for a Java-like setting, and by using opaque labeled values: a restriction of labeled values that the Co-Inflow runtime automatically and securely creates and uses.We have captured the essence of Co-Inflow in a middle-weight imperative calculus, and proven that it provides a termination- insensitive non-interference security guarantee. We have a prototype implementation of Co-Inflow and use it to evaluate the precision, usability, and potential performance of Co-Inflow.","PeriodicalId":6786,"journal":{"name":"2021 IEEE Symposium on Security and Privacy (SP)","volume":"23 1","pages":"18-35"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages\",\"authors\":\"Jian Xiang, Stephen Chong\",\"doi\":\"10.1109/SP40001.2021.00002\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Coarse-grained dynamic information-flow control (IFC) is a good match for imperative object-oriented programming languages such as Java. Java language abstractions align well with coarse-grained IFC concepts, and so Java can be cleanly extended with coarse-grained dynamic IFC without requiring significantly different design patterns or excessive security annotations, and without excessive performance overhead.We present Co-Inflow: an extension of Java with coarse-grained dynamic IFC. By careful design choices and defaults, a programmer typically needs to add very few annotations to a Java program to convert it to a Co-Inflow program with relatively good precision. Additional annotations can improve precision. We achieve this tradeoff between precision and annotation burden by instantiating and specializing recent advances in coarse-grained IFC for a Java-like setting, and by using opaque labeled values: a restriction of labeled values that the Co-Inflow runtime automatically and securely creates and uses.We have captured the essence of Co-Inflow in a middle-weight imperative calculus, and proven that it provides a termination- insensitive non-interference security guarantee. We have a prototype implementation of Co-Inflow and use it to evaluate the precision, usability, and potential performance of Co-Inflow.\",\"PeriodicalId\":6786,\"journal\":{\"name\":\"2021 IEEE Symposium on Security and Privacy (SP)\",\"volume\":\"23 1\",\"pages\":\"18-35\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE Symposium on Security and Privacy (SP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SP40001.2021.00002\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP40001.2021.00002","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5

摘要

粗粒度动态信息流控制(IFC)非常适合命令式面向对象编程语言(如Java)。Java语言抽象与粗粒度的IFC概念很好地结合在一起,因此Java可以用粗粒度的动态IFC清晰地扩展,而不需要明显不同的设计模式或过多的安全注释,也没有过多的性能开销。我们提出了Co-Inflow:一个带有粗粒度动态IFC的Java扩展。通过谨慎的设计选择和默认设置,程序员通常只需要向Java程序添加很少的注释,就能以相对较高的精度将其转换为Co-Inflow程序。额外的注释可以提高精度。我们通过为类似java的设置实例化和专化粗粒度IFC的最新进展,以及通过使用不透明的标记值来实现精度和注释负担之间的权衡:Co-Inflow运行时自动安全地创建和使用的标记值的限制。我们在一个中权重命令式微积分中抓住了共流入的本质,并证明了它提供了一个对终止不敏感的不干扰安全保证。我们有一个Co-Inflow的原型实现,并使用它来评估Co-Inflow的精度、可用性和潜在性能。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages
Coarse-grained dynamic information-flow control (IFC) is a good match for imperative object-oriented programming languages such as Java. Java language abstractions align well with coarse-grained IFC concepts, and so Java can be cleanly extended with coarse-grained dynamic IFC without requiring significantly different design patterns or excessive security annotations, and without excessive performance overhead.We present Co-Inflow: an extension of Java with coarse-grained dynamic IFC. By careful design choices and defaults, a programmer typically needs to add very few annotations to a Java program to convert it to a Co-Inflow program with relatively good precision. Additional annotations can improve precision. We achieve this tradeoff between precision and annotation burden by instantiating and specializing recent advances in coarse-grained IFC for a Java-like setting, and by using opaque labeled values: a restriction of labeled values that the Co-Inflow runtime automatically and securely creates and uses.We have captured the essence of Co-Inflow in a middle-weight imperative calculus, and proven that it provides a termination- insensitive non-interference security guarantee. We have a prototype implementation of Co-Inflow and use it to evaluate the precision, usability, and potential performance of Co-Inflow.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信