Information Flow Tracking for Side-Effectful Libraries

  • Alexander SjöstenEmail author
  • Daniel Hedin
  • Andrei Sabelfeld
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10854)


Dynamic information flow control is a promising technique for ensuring confidentiality and integrity of applications that manipulate sensitive information. While much progress has been made on increasingly powerful programming languages ranging from low-level machine languages to high-level languages for distributed systems, surprisingly little attention has been devoted to libraries and APIs. The state of the art is largely an all-or-nothing choice: either a shallow or deep library modeling approach. Seeking to break out of this restrictive choice, we formalize a general mechanism that tracks information flow for a language that includes higher-order functions, structured data types and references. A key feature of our approach is the model heap, a part of the memory, where security information is kept to enable the interaction between the labeled program and the unlabeled library. We provide a proof-of-concept implementation and report on experiments with a file system library. The system has been proved correct using Coq.



This work was partly funded by the Swedish Foundation for Strategic Research (SSF) and the Swedish Research Council (VR).


  1. 1.
    Austin, T.H., Flanagan, C.: Efficient purely-dynamic information flow analysis. In: PLAS (2009)Google Scholar
  2. 2.
    Bauer, L., Cai, S., Jia, L., Passaro, T., Stroucken, M., Tian, Y.: Run-time monitoring and formal analysis of information flows in chromium. In: NDSS. The Internet Society (2015)Google Scholar
  3. 3.
    Bichhawat, A., Rajani, V., Garg, D., Hammer, C.: Information flow control in WebKit’s JavaScript bytecode. In: Abadi, M., Kremer, S. (eds.) POST 2014. LNCS, vol. 8414, pp. 159–178. Springer, Heidelberg (2014). Scholar
  4. 4.
    Bielova, N., Rezk, T.: A taxonomy of information flow monitors. In: Piessens, F., Viganò, L. (eds.) POST 2016. LNCS, vol. 9635, pp. 46–67. Springer, Heidelberg (2016). Scholar
  5. 5.
    Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Devriese, D., Piessens, F.: Noninterference through secure multi-execution. In: S&P (2010)Google Scholar
  7. 7.
    Dimoulas, C., Findler, R.B., Flanagan, C., Felleisen, M.: Correct blame for contracts: no more scapegoating. In: POPL (2011)Google Scholar
  8. 8.
    Dimoulas, C., New, M.S., Findler, R.B., Felleisen, M.: Oh Lord, please don’t let contracts be misunderstood (functional pearl). In: ICFP (2016)Google Scholar
  9. 9.
    Findler, R.B., Felleisen, M.: Contracts for higher-order functions. In: ICFP (2002)Google Scholar
  10. 10.
    File System–Node.js v9.2.0 Documentation. Accessed Nov 2017
  11. 11.
    Greenberg, M., Pierce, B.C., Weirich, S.: Contracts made manifest. In: POPL (2010)Google Scholar
  12. 12.
    Groef, W.D., Devriese, D., Nikiforakis, N., Piessens, F.: FlowFox: a web browser with flexible and precise information flow control. In: CCS (2012)Google Scholar
  13. 13.
    Groef, W.D., Devriese, D., Nikiforakis, N., Piessens, F.: Secure multi-execution of web scripts: theory and practice. J. Comput. Secur. 22, 469–509 (2014)CrossRefGoogle Scholar
  14. 14.
    Hedin, D., Bello, L., Sabelfeld, A.: Information-flow security for JavaScript and its APIs. J. Comput. Secur. 24, 181–234 (2015)CrossRefGoogle Scholar
  15. 15.
    Hedin, D., Birgisson, A., Bello, L., Sabelfeld, A.: JSFlow: tracking information flow in JavaScript and its APIs. In: SAC (2014)Google Scholar
  16. 16.
    Hedin, D., Sabelfeld, A.: Information-flow security for a core of JavaScript. In: CSF (2012)Google Scholar
  17. 17.
    Hedin, D., Sjösten, A., Piessens, F., Sabelfeld, A.: A principled approach to tracking information flow in the presence of libraries. In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 49–70. Springer, Heidelberg (2017). Scholar
  18. 18.
    Heule, S., Stefan, D., Yang, E.Z., Mitchell, J.C., Russo, A.: IFC inside: retrofitting languages with dynamic information flow control. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 11–31. Springer, Heidelberg (2015). Scholar
  19. 19.
    INRIA: The Coq Proof Assistant. Accessed Nov 2017
  20. 20.
    Kashyap, V., Wiedermann, B., Hardekopf, B.: Timing- and termination-sensitive secure information flow: exploring a new approach. In: S&P (2011)Google Scholar
  21. 21.
    King, D., Jaeger, T., Jha, S., Seshia, S.A.: Effective blame for information-flow violations. In: FSE (2008)Google Scholar
  22. 22.
  23. 23.
  24. 24.
    Rafnsson, W., Sabelfeld, A.: Secure multi-execution: fine-grained, declassification-aware, and transparent. In: CSF (2013)Google Scholar
  25. 25.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2003)CrossRefGoogle Scholar
  26. 26.
    Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. Program Flow Analysis: Theory and Applications (1981)Google Scholar
  27. 27.
    Sjösten, A., Hedin, D., Sabelfeld, A.: Information Flow Tracking for Side-effectful Libraries - Full version.
  28. 28.
    Zdancewic, S.A.: Programming languages for information security. Ph.D. thesis, Cornell University (2002)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  • Alexander Sjösten
    • 1
    Email author
  • Daniel Hedin
    • 1
    • 2
  • Andrei Sabelfeld
    • 1
  1. 1.Chalmers University of TechnologyGothenburgSweden
  2. 2.Mälardalen UniversityVästeråsSweden

Personalised recommendations