On Dynamic Flow-Sensitive Floating-Label Systems
Pablo Buiras, Deian Stefan, Alejandro Russo
TL;DR
This paper extends the LIO language-based floating-label system with flow-sensitive references, enabling safe label changes and automatic upgrades, including in concurrent settings, while maintaining non-interference guarantees.
Contribution
It introduces a safe, flow-sensitive reference mechanism with automatic upgrades in a dynamic IFC system, extending to concurrency and preserving security guarantees.
Findings
Safe label manipulation considering reference and label labels
Automatic upgrade mechanism reduces manual label management
Non-interference proven for both sequential and concurrent systems
Abstract
Flow-sensitive analysis for information-flow control (IFC) allows data structures to have mutable security labels, i.e., labels that can change over the course of the computation. This feature is often used to boost the permissiveness of the IFC monitor, by rejecting fewer runs of programs, and to reduce the burden of explicit label annotations. However, adding flow-sensitive constructs (e.g., references or files) to a dynamic IFC system is subtle and may also introduce high-bandwidth covert channels. In this work, we extend LIO---a language-based floating-label system---with flow-sensitive references. The key insight to safely manipulating the label of a reference is to not only consider the label on the data stored in the reference, i.e., the reference label, but also the label on the reference label itself. Taking this into consideration, we provide an upgrade primitive that can be…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Advanced Malware Detection Techniques · Logic, programming, and type systems