Type-based Declassification for Free
This work addresses the need for practical, sound security tools in programming languages, though it appears incremental as it builds on existing theories and methods.
The authors tackled the problem of verifying information flow security with declassification policies by translating these policies into type interfaces, enabling standard typecheckers to provably ensure policy satisfaction without modifications, with the proof leveraging Reynolds' abstraction theorem.
This work provides a study to demonstrate the potential of using off-the-shelf programming languages and their theories to build sound language-based-security tools. Our study focuses on information flow security encompassing declassification policies that allow us to express flexible security policies needed for practical requirements. We translate security policies, with declassification, into an interface for which an unmodified standard typechecker can be applied to a source program---if the program typechecks, it provably satisfies the policy. Our proof reduces security soundness---with declassification---to the mathematical foundation of data abstraction, Reynolds' abstraction theorem.