Agda Formalization of a Security-preserving Translation from Flow-sensitive to Flow-insensitive Security Types

The analysis of information flow is a popular technique for ensuring the confidentiality of data. It is in this context that confidentiality policies arise for giving guarantees that private data cannot be inferred by the inspection of public data. One of those policies is non-interference, a semant...

Celý popis

Uloženo v:

Podrobná bibliografie
Vydáno v:	Electronic notes in theoretical computer science Ročník 351; s. 75 - 94
Hlavní autoři:	Manzino, Cecilia, Pardo, Alberto
Médium:	Journal Article
Jazyk:	angličtina
Vydáno:	Elsevier B.V 15.09.2020
Témata:	Agda dependently-typed programming information flow type systems non-interference type safety information flow type systems type safety non-interference Agda dependently-typed programming
ISSN:	1571-0661, 1571-0661
On-line přístup:	Získat plný text
Tagy:	Přidat tag Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!

Abstract	The analysis of information flow is a popular technique for ensuring the confidentiality of data. It is in this context that confidentiality policies arise for giving guarantees that private data cannot be inferred by the inspection of public data. One of those policies is non-interference, a semantic condition that ensures the absence of illicit information flow during program execution by not allowing to distinguish the results of two computations when they only vary in their confidential inputs. A remarkable feature of non-interference is that it can be enforced statically by the definition of information flow type systems. In those type systems, if a program type-checks, then it means that it meets the security policy. In this paper we focus on the preservation of non-interference through program translation. Concretely, we formalize the proof of security preservation of Hunt and Sands' translation that transforms high-level While programs typable in a flow-sensitive type system into equivalent high-level programs typable in a flow-insensitive type system. Our formalization is performed in the dependently-typed language Agda. We use the expressive power of Agda's type system to encode the security type systems at the type level. A particular aspect of our formalization is that it follows a fully internalist approach where we decorate the type of the abstract syntax with security type information in order to obtain the representation of well-typed (i.e secure) programs. A benefit of this approach is that it allows us to directly express the property of security preservation in the type of the translation relation. In this manner, apart from inherently expressing the transformation of programs, the translation relation also stands for an inductive proof of security preservation.
AbstractList	The analysis of information flow is a popular technique for ensuring the confidentiality of data. It is in this context that confidentiality policies arise for giving guarantees that private data cannot be inferred by the inspection of public data. One of those policies is non-interference, a semantic condition that ensures the absence of illicit information flow during program execution by not allowing to distinguish the results of two computations when they only vary in their confidential inputs. A remarkable feature of non-interference is that it can be enforced statically by the definition of information flow type systems. In those type systems, if a program type-checks, then it means that it meets the security policy. In this paper we focus on the preservation of non-interference through program translation. Concretely, we formalize the proof of security preservation of Hunt and Sands' translation that transforms high-level While programs typable in a flow-sensitive type system into equivalent high-level programs typable in a flow-insensitive type system. Our formalization is performed in the dependently-typed language Agda. We use the expressive power of Agda's type system to encode the security type systems at the type level. A particular aspect of our formalization is that it follows a fully internalist approach where we decorate the type of the abstract syntax with security type information in order to obtain the representation of well-typed (i.e secure) programs. A benefit of this approach is that it allows us to directly express the property of security preservation in the type of the translation relation. In this manner, apart from inherently expressing the transformation of programs, the translation relation also stands for an inductive proof of security preservation.
Author	Pardo, Alberto Manzino, Cecilia
Author_xml	– sequence: 1 givenname: Cecilia surname: Manzino fullname: Manzino, Cecilia email: ceciliam@fceia.unr.edu.ar organization: Departamento de Ciencias de la Computación, Universidad Nacional de Rosario, Argentina – sequence: 2 givenname: Alberto surname: Pardo fullname: Pardo, Alberto email: pardo@fing.edu.uy organization: Instituto de Computación, Universidad de la República,Montevideo, Uruguay
BookMark	eNqFkMFOAjEQhhuDiYA-gZd9gV2nlO2WgwdCRE1IPIjnpswOpGRpSVsx-PQCq9F40NNMJvP9mfl6rOO8I8auORQcuLxZF-QSxmIAAyhAFQDlGevysuI5SMk7P_oL1otxDSAUr2SXufGqNtnUh41p7LtJ1rvMLzOTPRO-Bpv2-TZQpLCzbpXNg3GxaZeWwW-yaePf8kgu2mR3lCXfTqz7nn3lZPP9luIlO1-aJtLVZ-2zl-ndfPKQz57uHyfjWY5iqFKOi0UlRbkQlTS1IKiollCpEiTiyJR1hVChwlIYoQxHIXFUg5EDRaAA-VD02ajNxeBjDLTUaNPp8BSMbTQHfRSn1_okTh_FaVD6IO7Ail_sNtiNCft_qNuWosNbO0tBR7TkkGobCJOuvf2T_wDHiY3C
CitedBy_id	crossref_primary_10_1016_j_scico_2025_103351
Cites_doi	10.1145/1111320.1111045 10.1109/JSAC.2002.806121 10.1145/360051.360056 10.1145/1052883.1052897
ContentType	Journal Article
Copyright	2020 The Author(s)
Copyright_xml	– notice: 2020 The Author(s)
DBID	6I. AAFTH AAYXX CITATION
DOI	10.1016/j.entcs.2020.08.005
DatabaseName	ScienceDirect Open Access Titles Elsevier:ScienceDirect:Open Access CrossRef
DatabaseTitle	CrossRef
DatabaseTitleList
DeliveryMethod	fulltext_linktorsrc
Discipline	Computer Science
EISSN	1571-0661
EndPage	94
ExternalDocumentID	10_1016_j_entcs_2020_08_005 S1571066120300414
GroupedDBID	--M 0R~ 0SF 1B1 1~5 457 4G. 5GY 6I. 7-5 71M AABNK AACTN AAEDT AAEDW AAFTH AAIKJ AAKOC AALRI AAXUO ABMAC ACDAQ ACGFO ACGFS ACRLP ACXMD ADBBV ADEZE AEKER AEXQZ AFTJW AGHFR AIEXJ AIKHN AITUG AJMQA ALMA_UNASSIGNED_HOLDINGS AMRAJ AOUOD AXJTR CS3 DU5 EBS EO8 EO9 EP2 EP3 FDB FEDTE FNPLU G-Q GBLVA HVGLF IHE IXB J1W KOM KQ8 M41 M~E N9A NCXOZ O-L O9- OK1 OZT P2P ROL RPZ SDF SDG SES SPC SSV SSW SSZ --K 29G 4.4 5VS 9DU AAQFI AAQXK AAYWO AAYXX ABFNM ABWVN ACLOT ACNNM ACRPL ACVFH ADCNI ADFGL ADMUD ADNMO ADVLN AEIPS AEUPX AFPUW AGQPQ AIGII AKBMS AKRWK AKYEP ANKPU ASPBG AVWKF AZFZN CITATION EJD FGOYB HZ~ R2- SEW ~HD
ID	FETCH-LOGICAL-c348t-cbb7635b376ad3e07ed6078506cc9a5d7c07c8c53a38a1c36c9d0a628e080c143
ISICitedReferencesCount	2
ISICitedReferencesURI	http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000577848900005&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN	1571-0661
IngestDate	Sat Nov 29 07:04:27 EST 2025 Tue Nov 18 21:52:05 EST 2025 Fri Feb 23 02:47:47 EST 2024
IsDoiOpenAccess	true
IsOpenAccess	true
IsPeerReviewed	false
IsScholarly	false
Keywords	information flow type systems type safety non-interference Agda dependently-typed programming
Language	English
License	This is an open access article under the CC BY-NC-ND license.
LinkModel	OpenURL
MergedId	FETCHMERGED-LOGICAL-c348t-cbb7635b376ad3e07ed6078506cc9a5d7c07c8c53a38a1c36c9d0a628e080c143
OpenAccessLink	https://dx.doi.org/10.1016/j.entcs.2020.08.005
PageCount	20
ParticipantIDs	crossref_citationtrail_10_1016_j_entcs_2020_08_005 crossref_primary_10_1016_j_entcs_2020_08_005 elsevier_sciencedirect_doi_10_1016_j_entcs_2020_08_005
PublicationCentury	2000
PublicationDate	2020-09-15
PublicationDateYYYYMMDD	2020-09-15
PublicationDate_xml	– month: 09 year: 2020 text: 2020-09-15 day: 15
PublicationDecade	2020
PublicationTitle	Electronic notes in theoretical computer science
PublicationYear	2020
Publisher	Elsevier B.V
Publisher_xml	– name: Elsevier B.V
References	Volpano, Smith (br0160) 1997 Sheard (br0150) 2004; 39 Norell (br0090) 2009 Poulsen, Rouvoet, Tolmach, Krebbers, Visser (br0120) 2018; 2 Bove, Dybjer (br0010) 2008; vol. 5520 Pardo, Gunther, Pagano, Viera (br0100) 2018 Sabelfeld, Myers (br0140) 2003; 21 Manzino, Pardo (br0070) 2014; vol. 8771 Goguen, Meseguer (br0030) 1982 Russo, Sabelfeld (br0130) 2010 Denning (br0020) 1976; 19 Manzino (br0060) 2018 Hunt, Sands (br0040) 2006; 41 Hunt, Sands (br0050) 2011 Nipkow, Klein (br0080) 2014 Pasalic, Linger (br0110) 2004 Manzino (10.1016/j.entcs.2020.08.005_br0070) 2014; vol. 8771 Manzino (10.1016/j.entcs.2020.08.005_br0060) 2018 Hunt (10.1016/j.entcs.2020.08.005_br0050) 2011 Denning (10.1016/j.entcs.2020.08.005_br0020) 1976; 19 Volpano (10.1016/j.entcs.2020.08.005_br0160) 1997 Norell (10.1016/j.entcs.2020.08.005_br0090) 2009 Poulsen (10.1016/j.entcs.2020.08.005_br0120) 2018; 2 Sheard (10.1016/j.entcs.2020.08.005_br0150) 2004; 39 Hunt (10.1016/j.entcs.2020.08.005_br0040) 2006; 41 Sabelfeld (10.1016/j.entcs.2020.08.005_br0140) 2003; 21 Nipkow (10.1016/j.entcs.2020.08.005_br0080) 2014 Goguen (10.1016/j.entcs.2020.08.005_br0030) 1982 Pasalic (10.1016/j.entcs.2020.08.005_br0110) 2004 Pardo (10.1016/j.entcs.2020.08.005_br0100) 2018 Bove (10.1016/j.entcs.2020.08.005_br0010) 2008; vol. 5520 Russo (10.1016/j.entcs.2020.08.005_br0130) 2010
References_xml	– year: 2014 ident: br0080 article-title: Concrete Semantics: With Isabelle/HOL – start-page: 607 year: 1997 end-page: 621 ident: br0160 article-title: A type-based approach to program security publication-title: Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development – volume: 41 start-page: 79 year: 2006 end-page: 90 ident: br0040 article-title: On flow-sensitive security types publication-title: SIGPLAN Not. – volume: vol. 5520 start-page: 57 year: 2008 end-page: 99 ident: br0010 article-title: Dependent types at work publication-title: Language Engineering and Rigorous Software Development, International LerNet ALFA Summer School 2008 – volume: 2 start-page: 16:1 year: 2018 end-page: 16:34 ident: br0120 article-title: Intrinsically-typed definitional interpreters for imperative languages publication-title: Proc. ACM Program. Lang. – start-page: 186 year: 2010 end-page: 199 ident: br0130 article-title: Dynamic vs. static flow-sensitive security analysis publication-title: Proceedings of the 23rd IEEE Computer Security Foundations Symposium – start-page: 11 year: 1982 end-page: 20 ident: br0030 article-title: Security policies and security models publication-title: Symposium on Security and Privacy – start-page: 17:1 year: 2018 end-page: 17:12 ident: br0100 article-title: An internalist approach to correct-by-construction compilers publication-title: Proceedings of the 20th International Symposium on Principles and Practice of Declarative Programming – volume: 39 start-page: 119 year: 2004 end-page: 132 ident: br0150 article-title: Languages of the future publication-title: SIGPLAN Not. – start-page: 297 year: 2011 end-page: 316 ident: br0050 article-title: From exponential to polynomial-time security typing via principal types publication-title: Programming Languages and Systems – 20th European Symposium on Programming – volume: 19 start-page: 236 year: 1976 end-page: 243 ident: br0020 article-title: A lattice model of secure information flow publication-title: Commun. ACM – volume: vol. 8771 start-page: 16 year: 2014 end-page: 30 ident: br0070 article-title: A Security Types Preserving Compiler in Haskell publication-title: Proceedings of the 18th Brazilian Symposium on Programming Languages – start-page: 1 year: 2009 end-page: 2 ident: br0090 article-title: Dependently typed programming in Agda publication-title: 4th international workshop on Types in Language Design and Implementation – start-page: 136 year: 2004 end-page: 167 ident: br0110 article-title: Meta-programming with typed object-language representations publication-title: Generative Programming and Component Engineering: Third International Conference – year: 2018 ident: br0060 article-title: Security preserving program translations – volume: 21 start-page: 5 year: 2003 end-page: 19 ident: br0140 article-title: Language-based information-flow security publication-title: IEEE J. Selected Areas in Communications – start-page: 17:1 year: 2018 ident: 10.1016/j.entcs.2020.08.005_br0100 article-title: An internalist approach to correct-by-construction compilers – year: 2014 ident: 10.1016/j.entcs.2020.08.005_br0080 – volume: 2 start-page: 16:1 year: 2018 ident: 10.1016/j.entcs.2020.08.005_br0120 article-title: Intrinsically-typed definitional interpreters for imperative languages publication-title: Proc. ACM Program. Lang. – volume: 41 start-page: 79 year: 2006 ident: 10.1016/j.entcs.2020.08.005_br0040 article-title: On flow-sensitive security types publication-title: SIGPLAN Not. doi: 10.1145/1111320.1111045 – volume: 21 start-page: 5 year: 2003 ident: 10.1016/j.entcs.2020.08.005_br0140 article-title: Language-based information-flow security publication-title: IEEE J. Selected Areas in Communications doi: 10.1109/JSAC.2002.806121 – start-page: 136 year: 2004 ident: 10.1016/j.entcs.2020.08.005_br0110 article-title: Meta-programming with typed object-language representations – start-page: 607 year: 1997 ident: 10.1016/j.entcs.2020.08.005_br0160 article-title: A type-based approach to program security – year: 2018 ident: 10.1016/j.entcs.2020.08.005_br0060 – start-page: 297 year: 2011 ident: 10.1016/j.entcs.2020.08.005_br0050 article-title: From exponential to polynomial-time security typing via principal types – start-page: 186 year: 2010 ident: 10.1016/j.entcs.2020.08.005_br0130 article-title: Dynamic vs. static flow-sensitive security analysis – volume: 19 start-page: 236 year: 1976 ident: 10.1016/j.entcs.2020.08.005_br0020 article-title: A lattice model of secure information flow publication-title: Commun. ACM doi: 10.1145/360051.360056 – volume: vol. 8771 start-page: 16 year: 2014 ident: 10.1016/j.entcs.2020.08.005_br0070 article-title: A Security Types Preserving Compiler in Haskell – volume: 39 start-page: 119 year: 2004 ident: 10.1016/j.entcs.2020.08.005_br0150 article-title: Languages of the future publication-title: SIGPLAN Not. doi: 10.1145/1052883.1052897 – start-page: 1 year: 2009 ident: 10.1016/j.entcs.2020.08.005_br0090 article-title: Dependently typed programming in Agda – start-page: 11 year: 1982 ident: 10.1016/j.entcs.2020.08.005_br0030 article-title: Security policies and security models – volume: vol. 5520 start-page: 57 year: 2008 ident: 10.1016/j.entcs.2020.08.005_br0010 article-title: Dependent types at work
SSID	ssj0038176
Score	1.851979
Snippet	The analysis of information flow is a popular technique for ensuring the confidentiality of data. It is in this context that confidentiality policies arise for...
SourceID	crossref elsevier
SourceType	Enrichment Source Index Database Publisher
StartPage	75
SubjectTerms	Agda dependently-typed programming information flow type systems non-interference type safety
Title	Agda Formalization of a Security-preserving Translation from Flow-sensitive to Flow-insensitive Security Types
URI	https://dx.doi.org/10.1016/j.entcs.2020.08.005
Volume	351
WOSCitedRecordID	wos000577848900005&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
journalDatabaseRights	– providerCode: PRVESC databaseName: Elsevier SD Freedom Collection Journals 2021 customDbUrl: eissn: 1571-0661 dateEnd: 20201231 omitProxy: false ssIdentifier: ssj0038176 issn: 1571-0661 databaseCode: AIEXJ dateStart: 19950101 isFulltext: true titleUrlDefault: https://www.sciencedirect.com providerName: Elsevier – providerCode: PRVHPJ databaseName: ROAD: Directory of Open Access Scholarly Resources customDbUrl: eissn: 1571-0661 dateEnd: 20201231 omitProxy: false ssIdentifier: ssj0038176 issn: 1571-0661 databaseCode: M~E dateStart: 20040101 isFulltext: true titleUrlDefault: https://road.issn.org providerName: ISSN International Centre
link	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1NT9wwELVWtIde-l2V0lY-9LYNSh0cO0eEWHGgCKlU4hY5jkFBkYPYlCIO_I3-3c74I9mF1aoceokia-Ps7rzMjJ03bwj5oqqs4qmqEl7pPMEXZ0nBBEsyZSA7YpCR165Q-FAcHcnT0-J4MvkTa2GuW2GtvLkpLv-rqWEMjI2ls48w9zApDMA5GB2OYHY4_pPhd89rNZ1hKtqGGktfA_kjdKpLkPqKHsKee2nzNvANsdBk1na_kzmS2h2lCBJTN9LYcSzOM8Ul7HxpZ39sqWO73jG9lgoldeggMQ1hd9wNt7eN9Xu2RjdtM4SKY8BvqMNBAni3uEcBC1LsscAX3apAfpWXXd82K8aCL86C-qz3pr6nSojLvhfyA4_vNx8utiFEa5RfZ6mTZE35GODiS_17cW9gI0ai20XpJilxkhKbc6I27hMmeIFcwe93-zHEo6qhK1uLPyHKWTni4INvsjrlWUhjTl6S52H9QXc9bl6RibGvyYvY24MGV_-GWIQRXYIR7c6ooitgRBdgRBFGdBlGtO_ofRgN81AHo7fk52z_ZO8gCb05Ep3tyD7RVYVShhXEJ1VnJhWmziHb5GmudaF4LXQqtNQ8U5lU33SW66JOVc6kgSWKhiT9HdmwnTXvCa1rqYSRecWV3FHMKMMypWVRnRWFgRRzk7D495U6CNdj_5S2XGO4TfJ1uOjS67as_3ge7VKGZ8CnlCXgbN2FHx53ny3ybHw-PpKN_uqX-USe6uu-mV99diD7C08VrMs
linkProvider	ISSN International Centre
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Agda+Formalization+of+a+Security-preserving+Translation+from+Flow-sensitive+to+Flow-insensitive+Security+Types&rft.jtitle=Electronic+notes+in+theoretical+computer+science&rft.au=Manzino%2C+Cecilia&rft.au=Pardo%2C+Alberto&rft.date=2020-09-15&rft.issn=1571-0661&rft.eissn=1571-0661&rft.volume=351&rft.spage=75&rft.epage=94&rft_id=info:doi/10.1016%2Fj.entcs.2020.08.005&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_j_entcs_2020_08_005
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1571-0661&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1571-0661&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1571-0661&client=summon