Giving Semantics to Program-Counter Labels via Secure Effects

TL;DR

This paper introduces a monadic semantics framework to give formal meaning to program-counter labels in effectful languages, improving security proofs and unifying security notions across effects.

Contribution

It provides a formal semantics for program-counter labels, a new proof technique for noninterference, and unifies security concepts for various effects.

Findings

Develops a monadic semantics framework for program-counter labels

Introduces a new proof technique for noninterference security

Unifies security notions across effects like state, exceptions, and nontermination

Abstract

Type systems designed for information-flow control commonly use a program-counter label to track the sensitivity of the context and rule out data leakage arising from effectful computation in a sensitive context. Currently, type-system designers reason about this label informally except in security proofs, where they use ad-hoc techniques. We develop a framework based on monadic semantics for effects to give semantics to program-counter labels. This framework leads to three results about program-counter labels. First, we develop a new proof technique for noninterference, the core security theorem for information-flow control in effectful languages. Second, we unify notions of security for different types of effects, including state, exceptions, and nontermination. Finally, we formalize the folklore that program-counter labels are a lower bound on effects. We show that, while not universally true, this folklore has a good semantic foundation.