Cocoon: Static Information Flow Control in Rust
Proceedings of the ACM on Programming Languages(2023)
摘要
Information flow control (IFC) provides confidentiality by enforcing
noninterference, which ensures that high-secrecy values cannot affect
low-secrecy values. Prior work introduces fine-grained IFC approaches that
modify the programming language and use nonstandard compilation tools, impose
run-time overhead, or report false secrecy leaks – all of which hinder
adoption.
This paper presents Cocoon, a Rust library for static type-based IFC that
uses the unmodified Rust language and compiler. The key insight of Cocoon lies
in leveraging Rust's type system and procedural macros to establish an effect
system that enforces noninterference. A performance evaluation shows that using
Cocoon increases compile time but has no impact on application performance. To
demonstrate Cocoon's utility, we retrofitted two popular Rust programs, the
Spotify TUI client and Mozilla's Servo browser engine, to use Cocoon to enforce
limited confidentiality policies.
更多查看译文
关键词
Rust,information flow control,type and effect systems
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要