Niklas Broberg

Flow locks: towards a core calculus for dynamic flow policies

Security is rarely a static notion. What is considered to be confidential or untrusted data varies over time according to changing events and states. The static verification of secure information flow has been a popular theme in recent programming language research, but information flow policies considered are based on multilevel security which presents a static view of security levels. In this paper we introduce a very simple mechanism for specifying dynamic information flow policies, flow locks, which specify conditions under which data may be read by a certain actor. The interface between the policy and the code is via instructions which open and close flow locks. We present a type and effect system for an ML-like language with references which permits the completely static verification of flow lock policies, and prove that the system satisfies a semantic security property generalising noninterference. We show that this simple mechanism can represent a number of recently proposed information flow paradigms for declassification.

Paragon for Practical Programming with Information-Flow Control

Conventional security policies for software applications are adequate for managing concerns on the level of access control. But standard abstraction mechanisms of mainstream programming languages are not sufficient to express how information is allowed to flow between resources once access to them has been obtained. In practice we believe that such control - information flow control - is needed to manage the end-to-end security properties of applications. In this paper we present Paragon, a Java-based language with first-class support for static checking of information flow control policies. Paragon policies are specified in a logic-based policy language. By virtue of their explicitly stateful nature, these policies appear to be more expressive and flexible than those used in previous languages with information-flow support. Our contribution is to present the design and implementation of Paragon, which smoothly integrates the policy language with Javas object-oriented setting, and reaps the benefits of the marriage with a fully fledged programming language.

Regular expression patterns

We extend Haskell with regular expression patterns. Regular expression patterns provide means for matching and extracting data which goes well beyond ordinary pattern matching as found in Haskell. It has proven useful for string manipulation and for processing structured data such as XML. Regular expression patterns can be used with arbitrary lists, and work seamlessly together with ordinary pattern matching in Haskell. Our extension is lightweight, it is little more than syntactic sugar. We present a semantics and a type system, and show how to implement it as a preprocessor to Haskell.

Flow-sensitive semantics for dynamic information flow policies

Dynamic information flow policies, such as declassification, are essential for practically useful information flow control systems. However, most systems proposed to date that handle dynamic information flow policies suffer from a common drawback. They build on semantic models of security which are inherently flow insensitive, which means that many simple intuitively secure programs will be considered insecure. In this paper we address this problem in the context of a particular system, flow locks. We provide a new flow sensitive semantics for flow locks based on a knowledge-style definition (following Askarov and Sabelfeld), in which the knowledge gained by an actor observing a program run is constrained according to the flow locks which are open at the time each observation is made. We demonstrate the applicability of the definition in a soundness proof for a simple flow lock type system. We also show how other systems can be encoded using flow locks, as an easy means to provide these systems with flow sensitive semantics.

Paragon - Practical programming with information flow control

Conventional security policies for software applications are adequate for managing concerns on the level of access control. But standard abstraction mechanisms of mainstream programming languages are not sufficient to express how information is allowed to flow between resources once access to them has been obtained. In practice we believe that such control - information flow control - is needed to manage the end-to-end security properties of applications. In this paper we present Paragon, a Java-based language with first-class support for static checking of information flow control policies. Paragon policies are specified in a logic-based policy language. By virtue of their explicitly stateful nature, these policies appear to be more expressive and flexible than those used in previous languages with information-flow support. Our contribution is to present the design and implementation of Paragon, which smoothly integrates the policy language with Javas object-oriented setting, and reaps the benefits of the marriage with a fully fledged programming language.

The Anatomy and Facets of Dynamic Policies

Information flow policies are often dynamic, the security concerns of a program will typically change during execution to reflect security-relevant events. A key challenge is how to best specify, and give proper meaning to, such dynamic policies. A large number of approaches exist that tackle that challenge, each yielding some important, but unconnected, insight. In this work we synthesise existing knowledge on dynamic policies, with an aim to establish a common terminology, best practices, and frameworks for reasoning about them. We introduce the concept of facets to illuminate subtleties in the semantics of policies, and closely examine the anatomy of policies and the expressiveness of policy specification mechanisms. We further explore the relation between dynamic policies and the concept of declassification.

Some examples related to the abc -conjecture for algebraic number fields

We present a numerical method for finding extreme examples of identities related to the uniform abc-conjecture for algebraic number fields.

A Datalog Semantics for Paralocks

Broberg and Sands (POPL’10) introduced a logic-based policy language, Paralocks, suitable for static information-flow control in programs. Although Paralocks comes with a precise information-flow semantics for programs, the logic-based semantics of policies, describing how policies are combined and compared, is less well developed. This makes the algorithms for policy comparison and computation ad-hoc, and their security guarantees less intuitive. In this paper we provide a new semantics for Paralocks policies based on Datalog. By doing so we are able to show that the ad-hoc semantics from earlier work coincides with the natural Datalog interpretation. Furthermore we show that by having a Datalog-inspired semantics, we can borrow language extensions and algorithms from Datalog for the benefit of Paralocks. We explore how these extensions and algorithms interact with the design and implementation of Paragon, a language combining Paralocks with Java.

Haskell server pages through dynamic loading

Haskell Server Pages (HSP) is a domain specific language, based on Haskell, for writing dynamic web pages. Its main features are concrete XML expressions as first class values, pattern-matching on XML, and a runtime system for evaluating dynamic web pages.The first design of HSP was made by Erik Meijer and Danny van Velzen in 2000, but it was never fully designed nor implemented. In this paper we refine, extend and improve their design of the language and describe how to implement HSP using dynamic loading of pages.

Rational Points On Cubic Surfaces

Let kbe an algebraic number field andF(x0x1x2x3) a non-singular cubic form with coefficients ink.Suppose that the projective cubic k-surface \(X \subset \mathbb{P}_{k}^{3}\) given by F =0 contains three coplanar lines defined over k, and letU(k)be the set of those k-rational points onXwhich do not lie on any line onX.We show that the number of points inU(k)with height at mostB is O F, e(B 4/3+e for any e >0.