Abstract:
The secure information flow problem is concerned with developing techniques to prevent untrusted programs from leaking the sensitive information that they manipulate. For instance, if we classify a program's variables as H (high, private) or L (low, public), then we would wish to prevent information in H variables from being leaked into L variables. The absence of such leaks can be formalized as a noninterference property, which asserts that the final values of L variables are independent of the initial values of H variables. In recent years, there has been much research into the use of static analyses, in the form of type systems, that can guarantee that a program satisfies noninterference.

In this talk, I will first introduce the basic principles of a type system for secure information flow analysis. Then I will present some current work (joint with Rafael Alpizar) on extending the type system to address shared-key encryption and decryption operations. Our intuition is that encrypting a H plaintext yields a L ciphertext, while decrypting a L ciphertext yields a H plaintext. The challenge is to prove that adding such rules to the type system is sound, in the sense that well-typed programs (under the new type system) still satisfy a noninterference property. Of course, such a soundness result cannot hold unless the encryption scheme is cryptographically strong, nor can it hold for programs with unrestricted running time, since such programs could do brute-force search for the key. But if we assume that the encryption scheme satisfies a strong cryptographic property called IND-CCA security, then we are able to prove that well-typed, polynomial-time programs cannot leak H secrets with non-negligible probability. I will try to make the main ideas of the proof understandable to a general audience.