Static Information Flow Control Made Simpler

TL;DR

This paper introduces a simplified static information flow control system that directly reasons about programmer data, unifies confidentiality and integrity, and demonstrates its effectiveness through case studies in Rust-based web frameworks.

Contribution

It presents a novel IFC system that simplifies reasoning by directly handling programmer data and unifies confidentiality and integrity concepts.

Findings

Successfully applied to TLS key management in Rocket and Conduit.

Simplifies security reasoning compared to traditional lattice-based IFC.

Demonstrates practical effectiveness in real-world Rust applications.

Abstract

Static information flow control (IFC) systems provide the ability to restrict data flows within a program, enabling vulnerable functionality or confidential data to be statically isolated from unsecured data or program logic. Despite the wide applicability of IFC as a mechanism for guaranteeing confidentiality and integrity -- the fundamental properties on which computer security relies -- existing IFC systems have seen little use, requiring users to reason about complicated mechanisms such as lattices of security labels and dual notions of confidentiality and integrity within these lattices. We propose a system that diverges significantly from previous work on information flow control, opting to reason directly about the data that programmers already work with. In doing so, we naturally and seamlessly combine the clasically separate notions of confidentiality and integrity into one unified framework, further simplifying reasoning. We motivate and showcase our work through two case studies on TLS private key management: one for Rocket, a popular Rust web framework, and another for Conduit, a server implementation for the Matrix messaging service written in Rust.