Enforcing Information Flow Policies with Type-Targeted Program Synthesis

Author(s): Polikarpova, N; Yang, J; Itzhaky, S; Hance, T; Solar-Lezama, A | Abstract: We present a technique for static enforcement of high-level, declarative information flow policies. Given a program that manipulates sensitive data and a set of declarative policies on the data, our technique automatically inserts policy-enforcing code throughout the program to make it provably secure with respect to the policies. We achieve this through a new approach we call type-targeted program synthesis, which enables the application of traditional synthesis techniques in the context of global policy enforcement. The key insight is that, given an appropriate encoding of policy compliance in a type system, we can use type inference to decompose a global policy enforcement problem into a series of small, local program synthesis problems that can be solved independently. We implement this approach in Lifty, a core DSL for data-centric applications. Our experience using the DSL to implement three case studies shows that (1) Lifty's centralized, declarative policy definitions make it easier to write secure data-centric applications, and (2) the Lifty compiler is able to efficiently synthesize all necessary policy-enforcing code, including the code required to prevent several reported real-world information leaks.