Modular Information Flow Through Ownership (PLDI 2022 - PLDI Research Papers) - PLDI 2022

Mon 13 - Fri 17 June 2022 San Diego, California, United States

Who

Will Crichton, Marco Patrignani, Maneesh Agrawala, Pat Hanrahan

Track

Time Zone

The program is currently displayed in (GMT-07:00) Pacific Time (US & Canada).

Use conference time zone: (GMT-07:00) Pacific Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

When

Wed 15 Jun 2022 11:40 - 12:00 at Kon-Tiki - Security Chair(s): Yu Feng
Wed 15 Jun 2022 23:40 - 00:00 at Kon-Tiki - Security

Abstract

Statically analyzing information flow, or how data influences other data within a program, is a challenging task in imperative languages. Analyzing pointers and mutations requires access to a program’s complete source. However, programs often use pre-compiled dependencies where only type signatures are available. We demonstrate that ownership types can be used to soundly and precisely analyze information flow through function calls given only their type signature. From this insight, we built Flowistry a system for analyzing information flow in Rust, an ownership-based language. We prove the system’s soundness as a form of noninterference using the Oxide formal model of Rust. Then we empirically evaluate the precision of Flowistry, showing that modular flows are identical to whole-program flows in 94% of cases drawn from large Rust codebases. We illustrate the applicability of Flowistry by implementing both a program slicer and an IFC checker on top of it.

Link to Preprint

https://arxiv.org/abs/2111.13662

DOI

https://doi.org/10.1145/3519939.3523445

Will Crichton

Stanford University

Marco Patrignani

University of Trento

Italy

Maneesh Agrawala

Stanford University

Pat Hanrahan

Stanford University, USA

Time Zone

The program is currently displayed in (GMT-07:00) Pacific Time (US & Canada).

Use conference time zone: (GMT-07:00) Pacific Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Session Program

Wed 15 Jun
Displayed time zone: Pacific Time (US & Canada) change

	10:40 - 12:00	SecurityPLDI at Kon-Tiki +12h Chair(s): Yu Feng University of California, Santa Barbara

	10:40 20m Talk		P4BID: Information Flow Control in P4 PLDI Karuna Grewal , Loris D'Antoni University of Wisconsin-Madison, USA, Justin Hsu Cornell University DOI
	11:00 20m Talk		ANOSY: Approximated Knowledge Synthesis with Refinement Types for Declassification PLDI Sankha Narayan Guria University of Maryland, College Park, Niki Vazou IMDEA Software Institute, Marco Guarnieri IMDEA Software Institute, James Parker Galois, Inc. DOI Pre-print
	11:20 20m Talk		Hardening Attack Surfaces with Formally Proven Binary Format Parsers PLDI Nikhil Swamy Microsoft Research, Tahina Ramananandro Microsoft Research, Aseem Rastogi Microsoft Research, Irina Spiridonova Microsoft Research, Haobin Ni Cornell University, Dmitry Malloy Microsoft, Juan Vazquez Microsoft, Michael Tang Microsoft, Omar Cardona Microsoft, Arti Gupta Microsoft DOI
	11:40 20m Talk		Modular Information Flow Through Ownership PLDI Will Crichton Stanford University, Marco Patrignani University of Trento, Maneesh Agrawala Stanford University, Pat Hanrahan Stanford University, USA DOI Pre-print

	22:40 - 00:00	SecurityPLDI at Kon-Tiki

	22:40 20m Talk		P4BID: Information Flow Control in P4 PLDI Karuna Grewal , Loris D'Antoni University of Wisconsin-Madison, USA, Justin Hsu Cornell University DOI
	23:00 20m Talk		ANOSY: Approximated Knowledge Synthesis with Refinement Types for Declassification PLDI Sankha Narayan Guria University of Maryland, College Park, Niki Vazou IMDEA Software Institute, Marco Guarnieri IMDEA Software Institute, James Parker Galois, Inc. DOI Pre-print
	23:20 20m Talk		Hardening Attack Surfaces with Formally Proven Binary Format Parsers PLDI Nikhil Swamy Microsoft Research, Tahina Ramananandro Microsoft Research, Aseem Rastogi Microsoft Research, Irina Spiridonova Microsoft Research, Haobin Ni Cornell University, Dmitry Malloy Microsoft, Juan Vazquez Microsoft, Michael Tang Microsoft, Omar Cardona Microsoft, Arti Gupta Microsoft DOI
	23:40 20m Talk		Modular Information Flow Through Ownership PLDI Will Crichton Stanford University, Marco Patrignani University of Trento, Maneesh Agrawala Stanford University, Pat Hanrahan Stanford University, USA DOI Pre-print