SaTC: CORE: Medium: Practical Fine-Grained Information Flow Control with Rust
Ohio State University, The, Columbus OH
Investigators
Abstract
The proposed research aims to address critical challenges in fine-grained information flow control (IFC) within software systems. Traditional access control methods have been inadequate in preventing improper data flow, especially as systems become increasingly complex. This project seeks to make fine-grained IFC practical and widely deployable in today’s computing environments. The research promises to significantly improve the way software systems manage confidentiality and integrity, ultimately resulting in a much more secure cyberspace. The resulting IFC systems will be available as open source tools. Users of Rust will have the benefits of sound IFC analysis. The results will be folded into course and curriculum to enhance cybersecurity education. Specifically, the research focuses on the Rust programming language, leveraging its unique features to build a novel IFC system. First, a new static IFC library, tailored to Rust, will be designed to minimize programming model restrictions while effectively controlling side effects -- an elusive goal in mainstream languages. Second, an innovative hybrid static–dynamic IFC model will be introduced, harmonizing the strengths of both static and dynamic checks to achieve optimal performance. This innovative hybrid system will be interoperable with vanilla Linux, providing a seamless translation of OS-level permissions and policies. Finally, the project leverages advanced program analysis and synthesis techniques to automate the annotation process, thereby easing the developer burden and fostering a more secure coding environment. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →