Boniface Hicks
Pennsylvania State University
USA

Kiyan Ahmadizadeh
Pennsylvania State University
USA

Patrick McDaniel
Pennsylvania State University
USA

Security-typed languages are an evolving tool for implementing systems
with provable security guarantees. However, to date, these tools have
only been used to build simple ``toy'' programs. As described in this
paper, we have developed the first real-world, security-typed
application: a secure email system written in the Java language
variant Jif. Real-world policies are mapped onto the information
flows controlled by the language primitives, and we consider the
process and tractability of broadly enforcing security policy in
commodity applications. We find that while the language provided the
rudimentary tools to achieve low-level security goals, additional
tools, services, and language extensions were necessary to formulate
and enforce application policy. We detail the design and use of these
tools. We also show how the strong guarantees of Jif in conjunction
with our policy tools can be used to evaluate security. This work
serves as a starting point--we have demonstrated that it is possible
to implement real-world systems and policy using security-typed
languages. However, further investigation of the developer tools and
supporting policy infrastructure is necessary before they can fulfill
their considerable promise of enabling more secure systems.

Keywords: security typed languages, systems security

Read Paper (in PDF)