Most attempts at analysing secure information flow in programs are based on domain-specific logic... more Most attempts at analysing secure information flow in programs are based on domain-specific logics. Though computationally feasible, these approaches suffer from the need for abstraction and the high cost of building dedicated tools for real programming languages. We recast the information flow problem in a general program logic rather than a problem-specific one. We investigate the feasibility of this approach by showing how a general purpose tool for software verification can be used to perform information flow analyses. We are able to handle phenomena like method calls, loops, and object types for the target language Java Card. We are also able to prove insecurity of programs.
Electronic Notes in Theoretical Computer Science, 1998
This article describes how the use of a higher-order syntax representation of contexts due to A. ... more This article describes how the use of a higher-order syntax representation of contexts due to A. Pitts] combines smoothly with higher-order syntax for evaluation rules, so that de nitions can be extended to work over contexts. This provides "for free" | without the development o f a n y new language-speci c context calculi | evaluation rules for contexts which commute with hole-lling. We h a ve found this to be a useful technique for directly reasoning about operational equivalence. A small illustration is given based on a unique xed-point induction principle for a notion of guarded context in a functional language.
Most attempts at analysing secure information flow in programs are based on domain-specific logic... more Most attempts at analysing secure information flow in programs are based on domain-specific logics. Though computationally feasible, these approaches suffer from the need for abstraction and the high cost of building dedicated tools for real programming languages. We recast the information flow problem in a general program logic rather than a problem-specific one. We investigate the feasibility of this approach by showing how a general purpose tool for software verification can be used to perform information flow analyses. We are able to handle phenomena like method calls, loops, and object types for the target language Java Card. We are also able to prove insecurity of programs.
Electronic Notes in Theoretical Computer Science, 1998
This article describes how the use of a higher-order syntax representation of contexts due to A. ... more This article describes how the use of a higher-order syntax representation of contexts due to A. Pitts] combines smoothly with higher-order syntax for evaluation rules, so that de nitions can be extended to work over contexts. This provides "for free" | without the development o f a n y new language-speci c context calculi | evaluation rules for contexts which commute with hole-lling. We h a ve found this to be a useful technique for directly reasoning about operational equivalence. A small illustration is given based on a unique xed-point induction principle for a notion of guarded context in a functional language.
Uploads
Papers by Dave Sands