Typed-based Relaxed Noninterference for Free
share
Despite the clear need for specifying and enforcing information flow policies, existing tools and theories either fall short of practical languages, fail to encompass the declassification needed for practical requirements, or fail to provide provable guarantees. In this paper we make progress on provable guarantees encompassing declassification by leveraging type abstraction. We translate information flow policies, with declassification, into an interface for which an unmodified standard typechecker can be applied to a source program - if it typechecks, the program provably satisfies the policy. Our proof reduces security to the mathematical foundation of data abstraction, Reynolds' abstraction theorem. By proving this result for a large fragment of pure ML, we give evidence for the potential to build sound security tools using off the shelf language tools and their theories.
READ FULL TEXT