Calculational Design of Information Flow Monitors (extended version)

TL;DR

This paper introduces a systematic, abstract interpretation-based method for designing correct, scalable, and precise information flow monitors that can handle complex policies, including downgrading, to improve security and privacy in web applications.

Contribution

It presents a novel, formalized approach for constructing sound information flow monitors using abstract interpretation, accommodating advanced policies like downgrading.

Findings

Provides a systematic technique for monitor design

Enables integration of various analysis techniques

Addresses scalability and precision challenges

Abstract

Fine grained information flow monitoring can in principle address a wide range of security and privacy goals, for example in web applications. But it is very difficult to achieve sound monitoring with acceptable runtime cost and sufficient precision to avoid impractical restrictions on programs and policies. We present a systematic technique for design of monitors that are correct by construction. It encompasses policies with downgrading. The technique is based on abstract interpretation which is a standard basis for static analysis of programs. This should enable integration of a wide range of analysis techniques, enabling more sophisticated engineering of monitors to address the challenges of precision and scaling to widely used programming languages.