Sunday, May 3, 2009

information flow security

This has been bugging me for awhile: while I find the research questions surrounding information flow fascinating and important, when did it transform from a program analysis idea into a usable, deployable security one? It seems just like STM: there's been a huge emphasis on it in the community, but shockingly relatively little analysis of wide-scale deployments -- apparently even the browser guys at MS & Mozilla have sunk their teeth into information flow now.

I get it for low-level systems: if you can run an analysis to detect leaks just like you do for buffer overflows, great! However, when I start thinking about something like mashup security, its lossy/conservative nature seems like an awkward fit, in which case we're back at square one. Worse, when I type "information flow usability" into google, the result is about type inference.

Information flow analysis is a fundamental program analysis question. Building an information flow type system / language / etc. is a principled research approach. While I'm still enthusiastic about adding something like gradual types to a scripting language (for both performance and correctness -- and I view it as a fairly conservative extension), I'm worried about adding qualifiers for information flow: relying on this is much deeper and I'm not convinced expressiveness and usability have been adequately investigated (though the Jif guys do have some interesting case studies there). Again, if you can check a property using information flow analysis, that's great, but I'm surprised by the emphasis on static/type support for it, and have no clue as to how far it gets it. Are we over-optimizing something tiny or does it hit some sweet spots?

Maybe I'm the only one. Next week will be interesting..
Post a Comment