Cocoon: Static Information Flow Control in Rust

Ada Lamba; Max Taylor; Vincent Beardsley; Jacob Bambeck; Michael D. Bond; Zhiqiang Lin

doi:10.1145/3649817

Cocoon: Static Information Flow Control in Rust

Ada Lamba, Max Taylor, Vincent Beardsley, Jacob Bambeck, Michael D. Bond, Zhiqiang Lin

Ohio State University

Research output: Contribution to journal › Article › peer-review

6 Scopus citations

Abstract

Information flow control (IFC) provides confidentiality by enforcing noninterference, which ensures that high-secrecy values cannot affect low-secrecy values. Prior work introduces fine-grained IFC approaches that modify the programming language and use non-standard compilation tools, impose run-time overhead, or report false secrecy leaks - all of which hinder adoption. This paper presents Cocoon, a Rust library for static type-based IFC that uses the unmodified Rust language and compiler. The key insight of Cocoon lies in leveraging Rust's type system and procedural macros to establish an effect system that enforces noninterference. A performance evaluation shows that using Cocoon increases compile time but has no impact on application performance. To demonstrate Cocoon's utility, we retrofitted two popular Rust programs, the Spotify TUI client and Mozilla's Servo browser engine, to use Cocoon to enforce limited confidentiality policies.

Original language	English
Article number	100
Journal	Proceedings of the ACM on Programming Languages
Volume	8
Issue number	OOPSLA1
DOIs	https://doi.org/10.1145/3649817
State	Published - 29 Apr 2024
Externally published	Yes

Keywords

information flow control
Rust
type and effect systems

Access to Document

10.1145/3649817

Cite this

@article{e48d77c10d7e4dae82d61e929599e18b,

title = "Cocoon: Static Information Flow Control in Rust",

abstract = "Information flow control (IFC) provides confidentiality by enforcing noninterference, which ensures that high-secrecy values cannot affect low-secrecy values. Prior work introduces fine-grained IFC approaches that modify the programming language and use non-standard compilation tools, impose run-time overhead, or report false secrecy leaks - all of which hinder adoption. This paper presents Cocoon, a Rust library for static type-based IFC that uses the unmodified Rust language and compiler. The key insight of Cocoon lies in leveraging Rust's type system and procedural macros to establish an effect system that enforces noninterference. A performance evaluation shows that using Cocoon increases compile time but has no impact on application performance. To demonstrate Cocoon's utility, we retrofitted two popular Rust programs, the Spotify TUI client and Mozilla's Servo browser engine, to use Cocoon to enforce limited confidentiality policies.",

keywords = "information flow control, Rust, type and effect systems",

author = "Ada Lamba and Max Taylor and Vincent Beardsley and Jacob Bambeck and Bond, \{Michael D.\} and Zhiqiang Lin",

note = "Publisher Copyright: {\textcopyright} 2024 Owner/Author.",

year = "2024",

month = apr,

day = "29",

doi = "10.1145/3649817",

language = "English",

volume = "8",

number = "OOPSLA1",

}

TY - JOUR

T1 - Cocoon

T2 - Static Information Flow Control in Rust

AU - Lamba, Ada

AU - Taylor, Max

AU - Beardsley, Vincent

AU - Bambeck, Jacob

AU - Bond, Michael D.

AU - Lin, Zhiqiang

PY - 2024/4/29

Y1 - 2024/4/29

N2 - Information flow control (IFC) provides confidentiality by enforcing noninterference, which ensures that high-secrecy values cannot affect low-secrecy values. Prior work introduces fine-grained IFC approaches that modify the programming language and use non-standard compilation tools, impose run-time overhead, or report false secrecy leaks - all of which hinder adoption. This paper presents Cocoon, a Rust library for static type-based IFC that uses the unmodified Rust language and compiler. The key insight of Cocoon lies in leveraging Rust's type system and procedural macros to establish an effect system that enforces noninterference. A performance evaluation shows that using Cocoon increases compile time but has no impact on application performance. To demonstrate Cocoon's utility, we retrofitted two popular Rust programs, the Spotify TUI client and Mozilla's Servo browser engine, to use Cocoon to enforce limited confidentiality policies.

AB - Information flow control (IFC) provides confidentiality by enforcing noninterference, which ensures that high-secrecy values cannot affect low-secrecy values. Prior work introduces fine-grained IFC approaches that modify the programming language and use non-standard compilation tools, impose run-time overhead, or report false secrecy leaks - all of which hinder adoption. This paper presents Cocoon, a Rust library for static type-based IFC that uses the unmodified Rust language and compiler. The key insight of Cocoon lies in leveraging Rust's type system and procedural macros to establish an effect system that enforces noninterference. A performance evaluation shows that using Cocoon increases compile time but has no impact on application performance. To demonstrate Cocoon's utility, we retrofitted two popular Rust programs, the Spotify TUI client and Mozilla's Servo browser engine, to use Cocoon to enforce limited confidentiality policies.

KW - information flow control

KW - Rust

KW - type and effect systems

UR - https://www.scopus.com/pages/publications/85195798881

U2 - 10.1145/3649817

DO - 10.1145/3649817

M3 - Article

AN - SCOPUS:85195798881

VL - 8

JO - Proceedings of the ACM on Programming Languages

JF - Proceedings of the ACM on Programming Languages

IS - OOPSLA1

M1 - 100

ER -

Cocoon: Static Information Flow Control in Rust

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this