Secure Information Flow in a Multi-Threaded Imperative Language

12 years 4 months ago
Secure Information Flow in a Multi-Threaded Imperative Language
Previously, we developed a type system to ensure secure information flow in a sequential, imperative programming language [VSI96]. Program variables are classified as either high or low security; intuitively, we wish to prevent information from flowing from high variables to low variables. Here, we extend the analysis to deal with a multithreaded language. We show that the previous type system is insufficient to ensure a desirable security property called noninterference. Noninterference basically means that the final values of low variables are independent of the initial values of high variables. By modifying the sequential type system, we are able to guarantee noninterference for concurrent programs. Crucial to this result, however, is the use of purely nondeterministic thread scheduling. Since implementing such scheduling is problematic, we also show how a more restrictive type system can guarantee noninterference, given a more deterministic (and easily implementable) schedulin...
Geoffrey Smith, Dennis M. Volpano
Added 05 Aug 2010
Updated 05 Aug 2010
Type Conference
Year 1998
Where POPL
Authors Geoffrey Smith, Dennis M. Volpano
Comments (0)