Affiliation:
1. Northeastern University, USA
Abstract
The dependency core calculus (DCC) is a framework for studying a variety of dependency analyses (e.g., secure information flow). The key property provided by DCC is noninterference, which guarantees that a low-level observer (attacker) cannot distinguish high-level (protected) computations. The proof of noninterference for DCC suggests a connection to parametricity in System F, which suggests that it should be possible to implement dependency analyses in languages with parametric polymorphism. We present a translation from DCC into Fω and prove that the translation preserves noninterference. To express noninterference in Fω, we define a notion of observer-sensitive equivalence that makes essential use of both first-order and higher-order polymorphism. Our translation provides insights into DCC's type system and shows how DCC can be implemented in a polymorphic language without loss of the noninterference (security) guarantees available in DCC. Our contributions include proof techniques that should be valuable when proving other secure compilation or full abstraction results.
Funder
National Science Foundation
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Graphics and Computer-Aided Design,Software
Cited by
6 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Monadic and comonadic aspects of dependency analysis;Proceedings of the ACM on Programming Languages;2022-10-31
2. Exorcising Spectres with Secure Compilers;Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security;2021-11-12
3. Fully Abstract and Robust Compilation;Programming Languages and Systems;2021
4. On the Versatility of Open Logical Relations;Programming Languages and Systems;2020
5. Type-Based Declassification for Free;Formal Methods and Software Engineering;2020