All your IFCException are belong to us

Cǎtǎlin Hriţcu, Michael Greenberg, Ben Karel, Benjamin C. Pierce, Greg Morrisett

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

51 Scopus citations

Abstract

Existing designs for fine-grained, dynamic information-flow control assume that it is acceptable to terminate the entire system when an incorrect flow is detected - i.e, they give up availability for the sake of confidentiality and integrity. This is an unrealistic limitation for systems such as long-running servers. We identify public labels and delayed exceptions as crucial ingredients for making information-flow errors recoverable in a sound and usable language, and we propose two new error-handling mechanisms that make all errors recoverable. The first mechanism builds directly on these basic ingredients, using not-a-values (NaVs) and data flow to propagate errors. The second mechanism adapts the standard exception model to satisfy the extra constraints arising from information flow control, converting thrown exceptions to delayed ones at certain points. We prove that both mechanisms enjoy the fundamental soundness property of non-interference. Finally, we describe a prototype implementation of a full-scale language with NaVs and report on our experience building robust software components in this setting.

Original languageEnglish
Title of host publicationProceedings - 2013 IEEE Symposium on Security and Privacy, SP 2013
Pages3-17
Number of pages15
DOIs
StatePublished - 2013
Event34th IEEE Symposium on Security and Privacy, SP 2013 - San Francisco, CA, United States
Duration: 19 May 201322 May 2013

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
ISSN (Print)1081-6011

Conference

Conference34th IEEE Symposium on Security and Privacy, SP 2013
Country/TerritoryUnited States
CitySan Francisco, CA
Period19/05/1322/05/13

Keywords

  • NaVs
  • availability
  • delayed exceptions
  • dynamic information flow control
  • error recovery
  • exception handling
  • fine-grained labeling
  • not-a-values
  • programming-language design
  • public labels
  • reliability

Fingerprint

Dive into the research topics of 'All your IFCException are belong to us'. Together they form a unique fingerprint.

Cite this