Rewriting-Based Enforcement of Noninterference in Programs with Observable Intermediate Values

Program rewriting is defined as transforming a given program into one satisfying some intended properties. This technique has recently been suggested as a means for enforcing security policies. In this paper, we propose rewriting mechanisms based on program dependence graphs to enforce noninterference in programs with observable intermediate values. We first formulate progress-insensitive and progress-sensitive noninterference for the programs of a model language. Then, we give rewriting mechanisms that correctively enforce such policies. The notion of corrective enforcement is also introduced. It is indeed a realization of transparent rewriting in which the good behaviors of the program are preserved irrespective of whether the program is secure or not. Unlike purely static mechanisms, our rewriting mechanisms allow tracking those points on dependence graphs that are actually traversed at run-time, thereby achieving transparency. The rewriting-based enforcement of noninterference also obviates the need for changing the run-time system, something that cannot be avoided in dynamic enforcement mechanisms. The proposed rewriters are provably sound and transparent for the class of programs whose loops can be analyzed for termination and any dependency in their dependence graphs definitely reflects the existence of a flow.