Information Flow Analysis for Assembly Languages
We study type systems for guaranteeing secure information flow in assembly languages. Earlier work has shown that type systems for high-level languages can guarantee confidentiality of local data accessed by untrusted software, but no such results have been established for realistic low-level languages. Low-level languages lack control-flow structures that guide static analysis, and they include operations for explicit management of the control stack that make it possible to leak confidential information. Our work addresses these issues and shows that the approach used for secure information flow in high-level languages can be adapted to low-level languages as well.
The key property we study is non-interference, that no public output of a program is affected by secret data it may have accessed. Non-interference can be shown sound for natural type systems of low-level programs, yielding efficient, static procedures that can be used by clients to verify non-interference of untrusted code.
Publications
Ricardo Medel, Adriana Compagnoni and Eduardo Bonelli. A Typed Assembly Language for Non-Interference. ICTCS 2005 Ninth Italian Conference on Theoretical Computer Science Certosa di Pontignano (Siena), Italy, 12-14 October 2005. LNCS 3701, pp 360-374. Supersedes our paper in the informal proceedings of FCS'05.
Ricardo Medel, Adriana Compagnoni and Eduardo Bonelli. Non-Interference for a Typed Assembly Language. LICS'05 Affiliated Workshop on Foundations of Computer Security (FCS'05) Chicago, IL, June 30 - July 1, 2005.
Eduardo Bonelli, Adriana Compagnoni, and Ricardo Medel. Information-Flow Analysis for a Typed Assembly Language with Polymorphic Stacks. CASSIS 2005: Constructiona and Analysis of Safe, Secure and Interoperable Smart Devices. Nice, France. March 8-11 2005. Gilles Barthe, Benjamin Gregoire, Marieke Huisman, Jean-Louis Lanet (Eds.): Construction and Analysis of Safe, Secure, and Interoperable Smart Devices, Second International Workshop, CASSIS 2005, Nice, France, March 8-11, 2005, Revised Selected Papers. Lecture Notes in Computer Science 3956 Springer 2006, ISBN 3-540-33689-3.
