TIFL – a universal language for describing information flows in software
UDC: 004.056
DOI: -
Authors:
TIMAKOV A.A.
1
1 MIREA - Russian Technological University, Moscow, Russia
Keywords: information flow, information flow control, grammar, security label, language semantics, abstract state of computation environment, abstract value
Annotation:
The author of the article details the grammar and rules for using the developed universal language for describing information flows in software, known as TIFL (Trivial Information Flow Language). The language forms the foundation of a prospective mechanism for controlling information flows, enabling the identification of business logics errors in distributed systems, including government information systems, leading to breaches in confidentiality and data integrity. TIFL expressions can be used by application developers for initial code annotation of programs or by system analysts for describing business-services at the design stage of automation information systems. TIFL grammar and semantics simplicity are the main advantages of the language allowing precise and clear definition of data flows which emerge during difficult computation. In company with well-known system access control mechanisms, information flow control at the level of individual applications provides a new level of refining when describing security policy requirements for secure systems execution.
Bibliography:
1. Broberg N., van Delft B., Sands D. Paragon for Practical Programming with Information-Flow Control // Lecture Notes in Computer Science. Vol 8301. Programming Languages and Systems: 11th Asian Symposium APLAS 2013, Melbourne, VIC, Australia, Dec. 9–11, 2013. – Cham: Springer, 2013. – P. 217–232. – DOI: 10.1007/978-3-319-03542-0_16
2. Formal Verification of Information Flow Secure Systems with IFlow: Report / P. Fischer, K. Katkalov, K. Stenzel, W. Reif. – Augsburg: Universitat Augsburg. Institut fur Informatik, 2012. – 54 p. – URL: https://opus.bibliothek.uni-augsburg.de/opus4/frontdoor/index/index/docId/1842
3. Checking Applications using Security APIs with JOANA / J. Graf, M. Hecker, M. Mohr, G. Snelting // 8th International Workshop on Analysis of Security APIs, Verona, Italy, July 13, 2015. – URL: https://pp.ipd.kit.edu/uploads/publikationen/joana15asa.pdf
4. Myers C.A., Liskov B. A Decentralized Model for Information Flow Control // ACM SIGOPS Operating Systems Review. – 1997. – Vol. 31, Issue 5. – P. 129–142. – DOI: 10.1145/269005.266669
5. Timakov A.A. Variant realizatsii protsedury analiza informatsionnykh potokov v programmnykh blokakh PL/SQL s ispol'zovaniem platformy PLIF // Programmirovanie. – 2023. – № 4. – S. 39–57. – DOI: 10.31857/S0132347423040118
6. Timakov A.A. Information Flow Control in Software DB Units Based on Formal Verification // Programming and Computer Software. – 2022. – Vol. 48, Issue 4. – P. 265–285. – DOI: 10.1134/S0361768822040053
7. Kryuchkov A.V. Sostavnye chasti i gruppy tekhnologicheskikh operatsiy protsessa razrabotki spetsial'nogo programmnogo obespecheniya ASUP, neobkhodimye dlya otsenki proizvoditel'nosti truda programmistov pri provedenii importozameshcheniya // Avtomatizatsiya i informatizatsiya TEK. – 2023. – № 4(597). – S. 34–45. – DOI: 10.33285/2782-604X-2023-4(597)-34-45
8. Hedin D., Sabelfeld A. A Perspective on Information-Flow Control // Software Safety and Security. Vol. 33. – IOS Press, 2012. – P. 319–347. – DOI: 10.3233/978-1-61499-028-4-319
Back to issue