FOSAD 2017 - Information Flow Control Libraries

Abstract for the course

Information-Flow Control (IFC) emerges as a promising technology to harden programs against information leakage and corruption. To avoid such problems, IFC restricts programmers from writing code which irresponsibly distribute (modifies) sensitive data. Special purpose IFC-languages have been developed over the years but the impact in practice has been rather limited. Rather than producing new languages from scratch, IFC can be also guaranteed via libraries. As long as developers follow the libraries' APIs, it is guarantee that their code will not reveal sensitive information. We believe that this approach makes IFC technology more likely to be adopted. The course introduces security problems regarding protecting sensitive data, the foundations for IFC, and the principles behind many IFC libraries. The material presented in the course is based on recent research results.

Prerequisites

The only prerequisite for students is to have basic functional programming skills. The rest of the course is self-contained.

Acknowledgments

The development of this course is partly supported the Swedish research agency VR.