Correctness Criteria for Function-Based Reclassifiers: A Language Based Approach

Abstract

An emerging problem in systems security is controlling how a program uses the data it has access to. Information Flow Control (ifc) propagates restrictions on data by following the flow of information, for example if a secret value flows to a public value, that value should be considered secret as well. A common problem in ifc is reclassification of data, for instance to explicitly make data less restricted. An ifc mechanism often has strict flow rules in its normal operation, but reclassification by definition need to bypass these restrictions.

This thesis proposes correctness criteria that aim to provide stronger semantic guarantees for the behavior of reclassification functions. We first conduct a survey on prior work in IFC, which concludes that little emphasis has been put on crystallizing such criteria. We then define a set of criteria for reclassification and implement a parser to enforce these criteria. If a piece of code is successfully analyzed by the parser, then that code can be safely used to reclassify data. Rust is emerging as one of the more prominent languages for systems programming due to its memory safety, and we conjecture this can be analogously continued to target ifc as well.