Macquarie University
Browse

Adaptation of information flow concepts in a capability-based functional language

Download (611.6 kB)
thesis
posted on 2022-08-16, 03:01 authored by Cameron John Pappas

The average cost of a data breach in 2019 was estimated at $3.92 million USD. Some of these breaches were caused through the exploitation of software vulnerabilities. Analysis indicates information leaks are the third most common of these vulnerabilities. Information leaks are caused when data flows violate a security policy. Leaks can be identified by information flow analysis, which tracks how data flows through a program to protect sensitive data. Static, dynamic and hybrid approaches exist, tagging data or locations with security levels. Typically these approaches are external to the core language, provided through libraries and tools. In this thesis we explore core language mechanisms as a means to enforce a security policy that prevents the declassification of data, language-wide. Leveraging the type system, we encode security levels and simultaneously enforce the policy. We introduce an existing security-focused, functional language, Cooma, which uses capabilities to represent permissions and side-effects. By default, Cooma programs have no capabilities so users must explicitly provide them at run-time. Embedding information flow analysis in Cooma’s type system, we present CoomaIF. We prove well-typed CoomaIF programs don’t violate our security policy and demonstrate the security guarantees CoomaIF provides.

History

Table of Contents

1 Introduction -- 2 Background -- 3 An introduction to Cooma -- 4 Information flow concepts in Cooma -- 5 Evaluation -- 6 Conclusion -- References

Notes

A thesis submitted to Macquarie University in partial fulfilment of the degree of Master of Research

Awarding Institution

Macquarie University

Degree Type

Thesis MRes

Degree

Thesis (MRes), Macquarie University, Faculty of Science and Engineering, 2020

Department, Centre or School

Department of Computing

Year of Award

2020

Principal Supervisor

Anthony Sloane

Additional Supervisor 1

Annabelle McIver

Rights

Copyright: Cameron John Pappas Copyright disclaimer: https://www.mq.edu.au/copyright-disclaimer

Language

English

Extent

61 pages

Usage metrics

    Macquarie University Theses

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC