Section: New Results
Security
Participants : Gérard Boudol, Ilaria Castellani, Zhengqin Luo, Tamara Rezk.
Secure information flow in ULM
We have pursued and extended our study of secure information flow as a safety property (paper by Boudol at FAST'08). We have applied this approach [20] to a significative fragment of the ULM language, namely the functional, imperative and concurrent fragment. This language follows the reactive style developed by Boussinot, where cooperative threads communicate and synchronize by means of broadcast events. Since these events determine for a part the flow of control of an ULM program, they convey some knowledge of the security level the program has at the point where events are emitted or received. Then this knowledge has to be controlled in order to ensure that the flow of information along the execution of a program is secure. This is done by means of a run-time monitoring mechanism. Moreover, a static analysis (type and effect system) of programs is designed, and proved to guarantee that the monitoring always succeeds. In other words, typable programs are secure, in the sense that their monitored execution does not encounter any security violation. The monitoring mechanism has been implemented, and some experimentations with scenarios provided by France Télécom R&D are planned.
A Security-Preserving Compiler for Distributed Programs
In language-based security, confidentiality and integrity policies conveniently specify the permitted flows of information between different parts of a program with diverse levels of trust. These policies enable a simple treatment of security, and they can often be verified by typing. However, their enforcement in concrete systems involves delicate compilation issues.
We consider cryptographic enforcement mechanisms for distributed programs with untrusted components. In source programs, security depends on an abstract information-flow policy for accessing the shared memory. In their implementations, shared memory is unprotected and security depends instead on encryption and signing.
In [3] we develop a cryptographic type system for a target probabilistic language. Our typing rules enforce the correct usage of cryptographic primitives against active adversaries; from an information-flow viewpoint, they capture controlled forms of robust declassification and endorsement.
In [13] , we develop a uniform language-based model of security, ranging from computational non-interference for probabilistic programs down to standard cryptographic hypotheses. The theory has been implemented in a prototype called “CFlow”. It has been coded in F#. The code is under the terms of the CeCILL-B license.
Proof Carrying Code
Proof Carrying Code provides trust in mobile code by requiring certificates that ensure the code adherence to specific conditions. The prominent approach to generate certificates for compiled code is Certifying Compilation, that automatically generates certificates for simple safety properties.
In [10] we propose a security certifying compilation for multithreaded programs with secure information flow.
In [8] we present Certificate Translation, a novel extension for standard compilers that automatically transforms formal proofs for more expressive and complex properties of the source program to certificates for the compiled code. We outline the principles of certificate translation, instantiated for a non optimizing compiler and for standard compiler optimizations in the context of an intermediate RTL Language.
Secure session calculi
This work has been mainly carried out within the MATYSS project, whose goal was to study type systems for safe and secure sessions. A session is an abstraction for various forms of “structured communication” which may occur in a parallel and distributed computing environment. Examples of sessions are a client-service negotiation, a financial transaction, or a multiparty interaction among different services within a web application. Language-based support for sessions has now become the subject of active research. Primitives for enabling programmers to code sessions in a flexible way, as well as type systems (session types) ensuring the compliance of programs to session specifications, have been studied for various calculi and languages in the last decade. The key properties ensured by session types are communication safety, namely the consistency of the communication patterns exhibited by the various partners (implying the absence of communication errors at run time), and progress, assuring the absence of deadlock. On the other hand, security properties such as confidentiality have so far received little attention within the session type community. In collaboration with our MATYSS partners in Torino, we have addressed the question of incorporating access control and secure information flow requirements within session types, in the setting of a name-passing calculus akin to the 
-calculus, with asynchronous communication and multiparty sessions.
In [19] we consider a calculus of multiparty sessions with delegation, enriched with security levels for both participants and data. A suitable type system ensures access control, namely that each participant can only receive data of security levels less than or equal to its own security level. For instance, in a well-typed session involving a Customer, a Seller and a Bank, the secret credit card number of the Customer is communicated to the Bank, but not to the Seller. This is obtained also by making delegation explicit in the typing of the delegated session channel. Moreover, the type system prevents undue flows of information via the selection and branching constructs of the language. This work reveals an interesting interplay between the constraints used in security types and those used in session types to ensure properties like communication safety and progress.
