Khái niệm cốt lõi
The authors present a new gradual security-typed language, 𝜆★
IFC, that satisfies both noninterference and the gradual guarantee without making any sacrifices, by removing the unknown security label ★from the runtime security labels.
Tóm tắt
The paper discusses the design and formal analysis of 𝜆★
IFC, a gradual security-typed language that achieves both information-flow security and the gradual guarantee.
Key highlights:
The tension between security and the gradual guarantee arises from the inclusion of the unknown security label ★in the runtime security labels, as in the prior language GSLRef.
𝜆★
IFC removes ★from the runtime security labels, while allowing it in type annotations to support gradual typing. This design choice is sufficient to reclaim the gradual guarantee without sacrificing type-guided classification or no-sensitive-upgrade (NSU) checking.
The semantics of 𝜆★
IFC is defined by translation to a new security cast calculus 𝜆𝑐
IFC, which uses coercion calculi to model runtime security monitoring.
The authors prove the gradual guarantee and noninterference for 𝜆★
IFC, with the proofs mechanized in the Agda proof assistant.
𝜆★
IFC is the first gradual security-typed language design that satisfies both noninterference and the gradual guarantee without making any compromises.