Filament: Denning-Style Information Flow Control for Rust
For Rust developers needing fine-grained IFC, Filament provides a practical library-based solution without compiler changes, reducing annotation burden and escape hatches compared to existing approaches.
Filament introduces a Denning-style static information-flow control library for Rust that avoids compiler modifications, achieving fine-grained flow tracking with minimal annotation overhead and negligible compile-time impact, while offering a more permissive programming model than prior work Cocoon.
Existing language-based information-flow control (IFC) tools face a fundamental tension: Denning-style systems that track explicit and implicit flows at the variable level typically require compiler modifications, while more coarse-grained approaches, including recent work Cocoon, avoid compiler changes but impose more restrictive programming models. We present Filament, a Denning-style static IFC library for Rust that requires no compiler modifications. Filament addresses three key challenges in building a practical IFC library for Rust. First, it enables fine-grained explicit-flow checking with minimal annotation overhead by leveraging Rust's type inference. Second, it introduces pc_block!, a lightweight construct for enforcing implicit flows via a compile-time program counter label, without requiring compiler support. Third, it provides fcall! and mcall! macros to support seamless and safe interoperability with standard and third-party libraries. Our evaluation shows that Filament incurs negligible compile-time overhead and requires only modest annotations. Moreover, compared to Cocoon, Filament offers a more permissive programming model, reducing the need for frequent escape hatches that bypass security checks.