Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Cocoon: Static Information Flow Control in Rust (2311.00097v2)

Published 31 Oct 2023 in cs.PL

Abstract: Information flow control (IFC) provides confidentiality by enforcing noninterference, which ensures that high-secrecy values cannot affect low-secrecy values. Prior work introduces fine-grained IFC approaches that modify the programming language and use nonstandard compilation tools, impose run-time overhead, or report false secrecy leaks -- all of which hinder adoption. This paper presents Cocoon, a Rust library for static type-based IFC that uses the unmodified Rust language and compiler. The key insight of Cocoon lies in leveraging Rust's type system and procedural macros to establish an effect system that enforces noninterference. A performance evaluation shows that using Cocoon increases compile time but has no impact on application performance. To demonstrate Cocoon's utility, we retrofitted two popular Rust programs, the Spotify TUI client and Mozilla's Servo browser engine, to use Cocoon to enforce limited confidentiality policies.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (43)
  1. A Core Calculus of Dependency. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (San Antonio, Texas, USA) (POPL ’99). Association for Computing Machinery, New York, NY, USA, 147–160. https://doi.org/10.1145/292540.292555
  2. Viaduct: An Extensible, Optimizing Compiler for Secure Distributed Programs. In Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation (Virtual, Canada) (PLDI 2021). Association for Computing Machinery, New York, NY, USA, 740–755. https://doi.org/10.1145/3453483.3454074
  3. Termination-Insensitive Noninterference Leaks More Than Just a Bit. In Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security (Málaga, Spain) (ESORICS ’08). Springer-Verlag, Berlin, Heidelberg, 333–348. https://doi.org/10.1007/978-3-540-88313-5_22
  4. Thomas H. Austin and Cormac Flanagan. 2009. Efficient Purely-Dynamic Information Flow Analysis. In Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security (Dublin, Ireland) (PLAS ’09). Association for Computing Machinery, New York, NY, USA, 113–124. https://doi.org/10.1145/1554339.1554353
  5. System Programming in Rust: Beyond Safety. SIGOPS Oper. Syst. Rev. 51, 1 (sep 2017), 94–99. https://doi.org/10.1145/3139645.3139660
  6. Edwin Brady. 2007. Idris. Archived from http://www-fp.cs.st-and.ac.uk/ eb/darcs/Idris/.
  7. Roderick Chapman and Adrian Hilton. 2004. Enforcing Security and Safety Models with an Information Flow Analysis Tool. In Proceedings of the 2004 Annual ACM SIGAda International Conference on Ada: The Engineering of Correct and Reliable Software for Real-Time & Distributed Systems Using Ada and Related Technologies (Atlanta, Georgia, USA) (SIGAda ’04). Association for Computing Machinery, New York, NY, USA, 39–46. https://doi.org/10.1145/1032297.1032305
  8. Stephen Nathaniel Chong. 2008. Expressive and Enforceable Information Security Policies. Ph. D. Dissertation. Cornell University. "http://people.seas.harvard.edu/~chong/pubs/chong_dissertation.pdf"
  9. Modular Information Flow through Ownership. In Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation (San Diego, CA, USA) (PLDI 2022). Association for Computing Machinery, New York, NY, USA, 1–14. https://doi.org/10.1145/3519939.3523445
  10. Debian benchmarksgame-team. 2022. The Computer Language 22.05 Benchmarks Game. https://benchmarksgame-team.pages.debian.net/benchmarksgame/index.html. Accessed 2 November 2022.
  11. Dorothy E. Denning. 1976. A Lattice Model of Secure Information Flow. Commun. ACM 19, 5 (may 1976), 236–243. https://doi.org/10.1145/360051.360056
  12. Dorothy E. Denning and Peter J. Denning. 1977. Certification of Programs for Secure Information Flow. Commun. ACM 20, 7 (jul 1977), 504–513. https://doi.org/10.1145/359636.359712
  13. A Dependently Typed Library for Static Information-Flow Control in Idris. In Principles of Security and Trust, Flemming Nielson and David Sands (Eds.). Springer International Publishing, Prague, Czech Republic, 51–75. https://doi.org/10.1007/978-3-030-17138-4_3
  14. Information Flow Control for Java Based on Path Conditions in Dependence Graphs. In Proceedings IEEE International Symposium on Secure Software Engineering. IEEE, Arlington, Virginia, USA, 10 pages.
  15. Daniel Hedin and Andrei Sabelfeld. 2012. A Perspective on Information-Flow Control. In Software Safety and Security - Tools for Analysis and Verification, Tobias Nipkow, Orna Grumberg, and Benedikt Hauptmann (Eds.). NATO Science for Peace and Security Series - D: Information and Communication Security, Vol. 33. IOS Press, Amsterdam, 319–347. https://doi.org/10.3233/978-1-61499-028-4-319
  16. JRIF: reactive information flow control for Java. Technical Report 1813–41194. Cornell University Computing and Information Science. https://ecommons.cornell.edu/handle/1813/41194
  17. Information Flow Control for Standard OS Abstractions. In Proceedings of Twenty-First ACM SIGOPS Symposium on Operating Systems Principles (Stevenson, Washington, USA) (SOSP ’07). Association for Computing Machinery, New York, NY, USA, 321–334. https://doi.org/10.1145/1294261.1294293
  18. Cocoon artifact. https://doi.org/10.5281/zenodo.10798978
  19. Butler W. Lampson. 1973. A Note on the Confinement Problem. Commun. ACM 16, 10 (oct 1973), 613–615. https://doi.org/10.1145/362375.362389
  20. Linux Foundation. 2022. Servo. https://servo.org
  21. Mozilla Research. 2020. The Rust Language. Archived from https://research.mozilla.org/rust/.
  22. Enforcing robust declassification. In Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004. (Pacific Grove, CA, USA). IEEE, New York City, NY, USA, 172–186. https://doi.org/10.1109/CSFW.2004.1310740
  23. Andrew C. Myers. 1999. JFlow: Practical Mostly-Static Information Flow Control. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (San Antonio, Texas, USA) (POPL ’99). Association for Computing Machinery, New York, NY, USA, 228–241. https://doi.org/10.1145/292540.292561
  24. Andrew C. Myers and Barbara Liskov. 1997. A Decentralized Model for Information Flow Control. In Proceedings of the Sixteenth ACM Symposium on Operating Systems Principles (Saint Malo, France) (SOSP ’97). Association for Computing Machinery, New York, NY, USA, 129–142. https://doi.org/10.1145/268998.266669
  25. Jif 3.0: Java information flow. http://www.cs.cornell.edu/jif
  26. Retrofitting Fine Grain Isolation in the Firefox Renderer. In Proceedings of the 29th USENIX Conference on Security Symposium (SEC’20). USENIX Association, USA, Article 40, 18 pages.
  27. Flemming Nielson and Hanne Riis Nielson. 1999. Type and Effect Systems. Springer Berlin Heidelberg, Berlin, Heidelberg, 114–136. https://doi.org/10.1007/3-540-48092-7_6
  28. Noel. 2010. The Rust Language. http://lambda-the-ultimate.org/node/4009.
  29. Leo J. Rotenberg. 1973. Making Computers Keep Secrets. Ph. D. Dissertation. Massachusetts Institute of Technology, Boston, MA.
  30. Laminar: practical fine-grained decentralized information flow control. In Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2009, Michael Hind and Amer Diwan (Eds.). ACM, Dublin, Ireland, 63–74. https://doi.org/10.1145/1542476.1542484
  31. Alejandro Russo. 2015. Functional Pearl: Two Can Keep a Secret, If One of Them Uses Haskell. In Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming (Vancouver, BC, Canada) (ICFP 2015). Association for Computing Machinery, New York, NY, USA, 280–288. https://doi.org/10.1145/2784731.2784756
  32. A. Sabelfeld and A.C. Myers. 2003. Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21, 1 (2003), 5–19. https://doi.org/10.1109/JSAC.2002.806121
  33. Vincent Simonet. 2003. The Flow Caml System: documentation and user’s manual. Technical Report 0282. Institut National de Recherche en Informatique et en Automatique (INRIA). ©INRIA.
  34. Geoffrey Smith and Dennis Volpano. 1998. Secure Information Flow in a Multi-Threaded Imperative Language. In Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (San Diego, California, USA) (POPL ’98). Association for Computing Machinery, New York, NY, USA, 355–364. https://doi.org/10.1145/268946.268975
  35. Stack Overflow. 2022. Annual Developer Survey. https://survey.stackoverflow.co/2022/.
  36. A Type System for Safe Intermittent Computing. Proc. ACM Program. Lang. 7, PLDI, Article 136 (jun 2023), 25 pages. https://doi.org/10.1145/3591250
  37. The Rust Foundation. 2022. Prodution Users — Rust Programming Language. https://www.rust-lang.org/production/users
  38. A Sound Type System for Secure Flow Analysis. J. Comput. Secur. 4, 2–3 (jan 1996), 167–187.
  39. Jian Xiang and Stephen Chong. 2021. Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, CA, USA, 18–35. https://doi.org/10.1109/SP40001.2021.00002
  40. SAILS: Static Analysis of Information Leakage with Sample. In Proceedings of the 27th Annual ACM Symposium on Applied Computing (Trento, Italy) (SAC ’12). Association for Computing Machinery, New York, NY, USA, 1308–1313. https://doi.org/10.1145/2245276.2231983
  41. Steve Zdancewic and Andrew C. Myers. 2000. Confidentiality and Integrity with Untrusted Hosts: Technical Report. technical report. Cornell University.
  42. Securing Distributed Systems with Information Flow Control. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation (San Francisco, California) (NSDI’08). USENIX Association, USA, 293–308.
  43. Lantian Zheng and Andrew C. Myers. 2005. Dynamic Security Labels and Noninterference (Extended Abstract). In Formal Aspects in Security and Trust, Theo Dimitrakos and Fabio Martinelli (Eds.). Springer US, Boston, MA, 27–40.
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now