Agda Formalization of a Security-preserving Translation from Flow-sensitive to Flow-insensitive Security Types
The analysis of information flow is a popular technique for ensuring the confidentiality of data. It is in this context that confidentiality policies arise for giving guarantees that private data cannot be inferred by the inspection of public data. One of those policies is non-interference, a semant...
Gespeichert in:
| Veröffentlicht in: | Electronic notes in theoretical computer science Jg. 351; S. 75 - 94 |
|---|---|
| Hauptverfasser: | , |
| Format: | Journal Article |
| Sprache: | Englisch |
| Veröffentlicht: |
Elsevier B.V
15.09.2020
|
| Schlagworte: | |
| ISSN: | 1571-0661, 1571-0661 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Abstract | The analysis of information flow is a popular technique for ensuring the confidentiality of data. It is in this context that confidentiality policies arise for giving guarantees that private data cannot be inferred by the inspection of public data. One of those policies is non-interference, a semantic condition that ensures the absence of illicit information flow during program execution by not allowing to distinguish the results of two computations when they only vary in their confidential inputs. A remarkable feature of non-interference is that it can be enforced statically by the definition of information flow type systems. In those type systems, if a program type-checks, then it means that it meets the security policy.
In this paper we focus on the preservation of non-interference through program translation. Concretely, we formalize the proof of security preservation of Hunt and Sands' translation that transforms high-level While programs typable in a flow-sensitive type system into equivalent high-level programs typable in a flow-insensitive type system. Our formalization is performed in the dependently-typed language Agda. We use the expressive power of Agda's type system to encode the security type systems at the type level. A particular aspect of our formalization is that it follows a fully internalist approach where we decorate the type of the abstract syntax with security type information in order to obtain the representation of well-typed (i.e secure) programs. A benefit of this approach is that it allows us to directly express the property of security preservation in the type of the translation relation. In this manner, apart from inherently expressing the transformation of programs, the translation relation also stands for an inductive proof of security preservation. |
|---|---|
| AbstractList | The analysis of information flow is a popular technique for ensuring the confidentiality of data. It is in this context that confidentiality policies arise for giving guarantees that private data cannot be inferred by the inspection of public data. One of those policies is non-interference, a semantic condition that ensures the absence of illicit information flow during program execution by not allowing to distinguish the results of two computations when they only vary in their confidential inputs. A remarkable feature of non-interference is that it can be enforced statically by the definition of information flow type systems. In those type systems, if a program type-checks, then it means that it meets the security policy.
In this paper we focus on the preservation of non-interference through program translation. Concretely, we formalize the proof of security preservation of Hunt and Sands' translation that transforms high-level While programs typable in a flow-sensitive type system into equivalent high-level programs typable in a flow-insensitive type system. Our formalization is performed in the dependently-typed language Agda. We use the expressive power of Agda's type system to encode the security type systems at the type level. A particular aspect of our formalization is that it follows a fully internalist approach where we decorate the type of the abstract syntax with security type information in order to obtain the representation of well-typed (i.e secure) programs. A benefit of this approach is that it allows us to directly express the property of security preservation in the type of the translation relation. In this manner, apart from inherently expressing the transformation of programs, the translation relation also stands for an inductive proof of security preservation. |
| Author | Pardo, Alberto Manzino, Cecilia |
| Author_xml | – sequence: 1 givenname: Cecilia surname: Manzino fullname: Manzino, Cecilia email: ceciliam@fceia.unr.edu.ar organization: Departamento de Ciencias de la Computación, Universidad Nacional de Rosario, Argentina – sequence: 2 givenname: Alberto surname: Pardo fullname: Pardo, Alberto email: pardo@fing.edu.uy organization: Instituto de Computación, Universidad de la República,Montevideo, Uruguay |
| BookMark | eNqFkMFOAjEQhhuDiYA-gZd9gV2nlO2WgwdCRE1IPIjnpswOpGRpSVsx-PQCq9F40NNMJvP9mfl6rOO8I8auORQcuLxZF-QSxmIAAyhAFQDlGevysuI5SMk7P_oL1otxDSAUr2SXufGqNtnUh41p7LtJ1rvMLzOTPRO-Bpv2-TZQpLCzbpXNg3GxaZeWwW-yaePf8kgu2mR3lCXfTqz7nn3lZPP9luIlO1-aJtLVZ-2zl-ndfPKQz57uHyfjWY5iqFKOi0UlRbkQlTS1IKiollCpEiTiyJR1hVChwlIYoQxHIXFUg5EDRaAA-VD02ajNxeBjDLTUaNPp8BSMbTQHfRSn1_okTh_FaVD6IO7Ail_sNtiNCft_qNuWosNbO0tBR7TkkGobCJOuvf2T_wDHiY3C |
| CitedBy_id | crossref_primary_10_1016_j_scico_2025_103351 |
| Cites_doi | 10.1145/1111320.1111045 10.1109/JSAC.2002.806121 10.1145/360051.360056 10.1145/1052883.1052897 |
| ContentType | Journal Article |
| Copyright | 2020 The Author(s) |
| Copyright_xml | – notice: 2020 The Author(s) |
| DBID | 6I. AAFTH AAYXX CITATION |
| DOI | 10.1016/j.entcs.2020.08.005 |
| DatabaseName | ScienceDirect Open Access Titles Elsevier:ScienceDirect:Open Access CrossRef |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 1571-0661 |
| EndPage | 94 |
| ExternalDocumentID | 10_1016_j_entcs_2020_08_005 S1571066120300414 |
| GroupedDBID | --M 0R~ 0SF 1B1 1~5 457 4G. 5GY 6I. 7-5 71M AABNK AACTN AAEDT AAEDW AAFTH AAIKJ AAKOC AALRI AAXUO ABMAC ACDAQ ACGFO ACGFS ACRLP ACXMD ADBBV ADEZE AEKER AEXQZ AFTJW AGHFR AIEXJ AIKHN AITUG AJMQA ALMA_UNASSIGNED_HOLDINGS AMRAJ AOUOD AXJTR CS3 DU5 EBS EO8 EO9 EP2 EP3 FDB FEDTE FNPLU G-Q GBLVA HVGLF IHE IXB J1W KOM KQ8 M41 M~E N9A NCXOZ O-L O9- OK1 OZT P2P ROL RPZ SDF SDG SES SPC SSV SSW SSZ --K 29G 4.4 5VS 9DU AAQFI AAQXK AAYWO AAYXX ABFNM ABWVN ACLOT ACNNM ACRPL ACVFH ADCNI ADFGL ADMUD ADNMO ADVLN AEIPS AEUPX AFPUW AGQPQ AIGII AKBMS AKRWK AKYEP ANKPU ASPBG AVWKF AZFZN CITATION EJD FGOYB HZ~ R2- SEW ~HD |
| ID | FETCH-LOGICAL-c348t-cbb7635b376ad3e07ed6078506cc9a5d7c07c8c53a38a1c36c9d0a628e080c143 |
| ISICitedReferencesCount | 2 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000577848900005&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1571-0661 |
| IngestDate | Sat Nov 29 07:04:27 EST 2025 Tue Nov 18 21:52:05 EST 2025 Fri Feb 23 02:47:47 EST 2024 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | false |
| Keywords | information flow type systems type safety non-interference Agda dependently-typed programming |
| Language | English |
| License | This is an open access article under the CC BY-NC-ND license. |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-c348t-cbb7635b376ad3e07ed6078506cc9a5d7c07c8c53a38a1c36c9d0a628e080c143 |
| OpenAccessLink | https://dx.doi.org/10.1016/j.entcs.2020.08.005 |
| PageCount | 20 |
| ParticipantIDs | crossref_citationtrail_10_1016_j_entcs_2020_08_005 crossref_primary_10_1016_j_entcs_2020_08_005 elsevier_sciencedirect_doi_10_1016_j_entcs_2020_08_005 |
| PublicationCentury | 2000 |
| PublicationDate | 2020-09-15 |
| PublicationDateYYYYMMDD | 2020-09-15 |
| PublicationDate_xml | – month: 09 year: 2020 text: 2020-09-15 day: 15 |
| PublicationDecade | 2020 |
| PublicationTitle | Electronic notes in theoretical computer science |
| PublicationYear | 2020 |
| Publisher | Elsevier B.V |
| Publisher_xml | – name: Elsevier B.V |
| References | Volpano, Smith (br0160) 1997 Sheard (br0150) 2004; 39 Norell (br0090) 2009 Poulsen, Rouvoet, Tolmach, Krebbers, Visser (br0120) 2018; 2 Bove, Dybjer (br0010) 2008; vol. 5520 Pardo, Gunther, Pagano, Viera (br0100) 2018 Sabelfeld, Myers (br0140) 2003; 21 Manzino, Pardo (br0070) 2014; vol. 8771 Goguen, Meseguer (br0030) 1982 Russo, Sabelfeld (br0130) 2010 Denning (br0020) 1976; 19 Manzino (br0060) 2018 Hunt, Sands (br0040) 2006; 41 Hunt, Sands (br0050) 2011 Nipkow, Klein (br0080) 2014 Pasalic, Linger (br0110) 2004 Manzino (10.1016/j.entcs.2020.08.005_br0070) 2014; vol. 8771 Manzino (10.1016/j.entcs.2020.08.005_br0060) 2018 Hunt (10.1016/j.entcs.2020.08.005_br0050) 2011 Denning (10.1016/j.entcs.2020.08.005_br0020) 1976; 19 Volpano (10.1016/j.entcs.2020.08.005_br0160) 1997 Norell (10.1016/j.entcs.2020.08.005_br0090) 2009 Poulsen (10.1016/j.entcs.2020.08.005_br0120) 2018; 2 Sheard (10.1016/j.entcs.2020.08.005_br0150) 2004; 39 Hunt (10.1016/j.entcs.2020.08.005_br0040) 2006; 41 Sabelfeld (10.1016/j.entcs.2020.08.005_br0140) 2003; 21 Nipkow (10.1016/j.entcs.2020.08.005_br0080) 2014 Goguen (10.1016/j.entcs.2020.08.005_br0030) 1982 Pasalic (10.1016/j.entcs.2020.08.005_br0110) 2004 Pardo (10.1016/j.entcs.2020.08.005_br0100) 2018 Bove (10.1016/j.entcs.2020.08.005_br0010) 2008; vol. 5520 Russo (10.1016/j.entcs.2020.08.005_br0130) 2010 |
| References_xml | – year: 2014 ident: br0080 article-title: Concrete Semantics: With Isabelle/HOL – start-page: 607 year: 1997 end-page: 621 ident: br0160 article-title: A type-based approach to program security publication-title: Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development – volume: 41 start-page: 79 year: 2006 end-page: 90 ident: br0040 article-title: On flow-sensitive security types publication-title: SIGPLAN Not. – volume: vol. 5520 start-page: 57 year: 2008 end-page: 99 ident: br0010 article-title: Dependent types at work publication-title: Language Engineering and Rigorous Software Development, International LerNet ALFA Summer School 2008 – volume: 2 start-page: 16:1 year: 2018 end-page: 16:34 ident: br0120 article-title: Intrinsically-typed definitional interpreters for imperative languages publication-title: Proc. ACM Program. Lang. – start-page: 186 year: 2010 end-page: 199 ident: br0130 article-title: Dynamic vs. static flow-sensitive security analysis publication-title: Proceedings of the 23rd IEEE Computer Security Foundations Symposium – start-page: 11 year: 1982 end-page: 20 ident: br0030 article-title: Security policies and security models publication-title: Symposium on Security and Privacy – start-page: 17:1 year: 2018 end-page: 17:12 ident: br0100 article-title: An internalist approach to correct-by-construction compilers publication-title: Proceedings of the 20th International Symposium on Principles and Practice of Declarative Programming – volume: 39 start-page: 119 year: 2004 end-page: 132 ident: br0150 article-title: Languages of the future publication-title: SIGPLAN Not. – start-page: 297 year: 2011 end-page: 316 ident: br0050 article-title: From exponential to polynomial-time security typing via principal types publication-title: Programming Languages and Systems – 20th European Symposium on Programming – volume: 19 start-page: 236 year: 1976 end-page: 243 ident: br0020 article-title: A lattice model of secure information flow publication-title: Commun. ACM – volume: vol. 8771 start-page: 16 year: 2014 end-page: 30 ident: br0070 article-title: A Security Types Preserving Compiler in Haskell publication-title: Proceedings of the 18th Brazilian Symposium on Programming Languages – start-page: 1 year: 2009 end-page: 2 ident: br0090 article-title: Dependently typed programming in Agda publication-title: 4th international workshop on Types in Language Design and Implementation – start-page: 136 year: 2004 end-page: 167 ident: br0110 article-title: Meta-programming with typed object-language representations publication-title: Generative Programming and Component Engineering: Third International Conference – year: 2018 ident: br0060 article-title: Security preserving program translations – volume: 21 start-page: 5 year: 2003 end-page: 19 ident: br0140 article-title: Language-based information-flow security publication-title: IEEE J. Selected Areas in Communications – start-page: 17:1 year: 2018 ident: 10.1016/j.entcs.2020.08.005_br0100 article-title: An internalist approach to correct-by-construction compilers – year: 2014 ident: 10.1016/j.entcs.2020.08.005_br0080 – volume: 2 start-page: 16:1 year: 2018 ident: 10.1016/j.entcs.2020.08.005_br0120 article-title: Intrinsically-typed definitional interpreters for imperative languages publication-title: Proc. ACM Program. Lang. – volume: 41 start-page: 79 year: 2006 ident: 10.1016/j.entcs.2020.08.005_br0040 article-title: On flow-sensitive security types publication-title: SIGPLAN Not. doi: 10.1145/1111320.1111045 – volume: 21 start-page: 5 year: 2003 ident: 10.1016/j.entcs.2020.08.005_br0140 article-title: Language-based information-flow security publication-title: IEEE J. Selected Areas in Communications doi: 10.1109/JSAC.2002.806121 – start-page: 136 year: 2004 ident: 10.1016/j.entcs.2020.08.005_br0110 article-title: Meta-programming with typed object-language representations – start-page: 607 year: 1997 ident: 10.1016/j.entcs.2020.08.005_br0160 article-title: A type-based approach to program security – year: 2018 ident: 10.1016/j.entcs.2020.08.005_br0060 – start-page: 297 year: 2011 ident: 10.1016/j.entcs.2020.08.005_br0050 article-title: From exponential to polynomial-time security typing via principal types – start-page: 186 year: 2010 ident: 10.1016/j.entcs.2020.08.005_br0130 article-title: Dynamic vs. static flow-sensitive security analysis – volume: 19 start-page: 236 year: 1976 ident: 10.1016/j.entcs.2020.08.005_br0020 article-title: A lattice model of secure information flow publication-title: Commun. ACM doi: 10.1145/360051.360056 – volume: vol. 8771 start-page: 16 year: 2014 ident: 10.1016/j.entcs.2020.08.005_br0070 article-title: A Security Types Preserving Compiler in Haskell – volume: 39 start-page: 119 year: 2004 ident: 10.1016/j.entcs.2020.08.005_br0150 article-title: Languages of the future publication-title: SIGPLAN Not. doi: 10.1145/1052883.1052897 – start-page: 1 year: 2009 ident: 10.1016/j.entcs.2020.08.005_br0090 article-title: Dependently typed programming in Agda – start-page: 11 year: 1982 ident: 10.1016/j.entcs.2020.08.005_br0030 article-title: Security policies and security models – volume: vol. 5520 start-page: 57 year: 2008 ident: 10.1016/j.entcs.2020.08.005_br0010 article-title: Dependent types at work |
| SSID | ssj0038176 |
| Score | 1.8520831 |
| Snippet | The analysis of information flow is a popular technique for ensuring the confidentiality of data. It is in this context that confidentiality policies arise for... |
| SourceID | crossref elsevier |
| SourceType | Enrichment Source Index Database Publisher |
| StartPage | 75 |
| SubjectTerms | Agda dependently-typed programming information flow type systems non-interference type safety |
| Title | Agda Formalization of a Security-preserving Translation from Flow-sensitive to Flow-insensitive Security Types |
| URI | https://dx.doi.org/10.1016/j.entcs.2020.08.005 |
| Volume | 351 |
| WOSCitedRecordID | wos000577848900005&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVESC databaseName: Elsevier SD Freedom Collection Journals 2021 customDbUrl: eissn: 1571-0661 dateEnd: 20201231 omitProxy: false ssIdentifier: ssj0038176 issn: 1571-0661 databaseCode: AIEXJ dateStart: 19950101 isFulltext: true titleUrlDefault: https://www.sciencedirect.com providerName: Elsevier – providerCode: PRVHPJ databaseName: ROAD: Directory of Open Access Scholarly Resources customDbUrl: eissn: 1571-0661 dateEnd: 20201231 omitProxy: false ssIdentifier: ssj0038176 issn: 1571-0661 databaseCode: M~E dateStart: 20040101 isFulltext: true titleUrlDefault: https://road.issn.org providerName: ISSN International Centre |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV09b9swECWMtEOXfhdN0xYcurkKZNGSqDEIYmRJEKApkE2gSCpQIFBBrKZBh_6N_t3e8UOyE8Nohi6CQUi0rHu6O9Lv7hHypagV5MGFimap0NFcKx0JFcuIsVnFFJM8q5QVm8hPT_nFRXE2mfwJtTC3bW4Mv7srrv-rqWEMjI2ls48w9zApDMBnMDocwexw_CfDH1wqMV1gKtr6GktXA_nNK9VFSH1FD2EuXWvz1vMNsdBk0XY_oyWS2i2lCBJTO9KYcSzMM8Ul7HJtZ3-U1DFdb5lea4WS0itITH3YHXfDza_GuD1bLZu2GULFGeDX1-EgAbxb3aOABSlqLKSrbjVHfpVru76vN4x5X8x891nnTZ2mio_LTgv5gcd3mw9X-xCiJbZfT2LbkjVOxwAX_tS_F_cGNmIgul2VdpISJylRnBN74z5J8rRAruDJ76MQ4rGroS1bCz8htLOyxMEHd7I55VlJY85fkud-_UEPHG5ekYk2r8mLoO1Bvat_QwzCiK7BiHY1FXQDjOgKjCjCiK7DiPYdvQ-jYR5qYfSWfF8cnR8eR16bI5JszvtIVhW2MqwgPgnFdJxrlUG2mcaZlIVIVS7jXHKZMsG4mEmWyULFIku4hiWKhCT9HdkxndHvCU1UrXQFqWSdw_JhXogsVlVV6xoyzbnkfJck4fGV0jeuR_2UttxiuF3ydbjo2vVt2X56FuxS-nfApZQl4GzbhR8e9z175Nn4fnwkO_3ND_2JPJW3fbO8-WxB9hcbxK1c |
| linkProvider | ISSN International Centre |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Agda+Formalization+of+a+Security-preserving+Translation+from+Flow-sensitive+to+Flow-insensitive+Security+Types&rft.jtitle=Electronic+notes+in+theoretical+computer+science&rft.au=Manzino%2C+Cecilia&rft.au=Pardo%2C+Alberto&rft.date=2020-09-15&rft.issn=1571-0661&rft.eissn=1571-0661&rft.volume=351&rft.spage=75&rft.epage=94&rft_id=info:doi/10.1016%2Fj.entcs.2020.08.005&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_j_entcs_2020_08_005 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1571-0661&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1571-0661&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1571-0661&client=summon |