Due Monday April 30, 9am. No late assignments will be accepted.
Submit your solution using CMS. Prepare your solution as .doc, .docx, or .pdf, as follows:
An informal description of non-interference for confidentiality is
"Changes in secret inputs do not cause changes to public outputs."
Do the following systems satisfy this policy? Argue why or why not. Your interpretation of this informal condition may affect your answer, so the clarity and precision of your rationale is important.
All systems have four channels: SI (secret in), SO (secret out), PI (public in), PO (public out).
a[i] := j; j := a[i]; a := b;Note. The effect of executing the final statement is to cause both a and b to refer to the same array on the heap; that is, the array is aliased by a and b. Thus, if "
a := b; b[j] := i;
" is executed, then both
a[j]
and b[j]
will be equal to
i
.
Suppose variables
c
, d
, e
, and
f
are arrays; m
, n
,
o
, and p
are integers.
In addition, assume that
c
, f
, and p
are declared secret, and
d
, e
, m
, n
, and o
are declared public.
c[m] := n;
o := d[p];
e := f;
Gamma |- e : tau exp Gamma |- v : tau var ------------------------- Gamma |- v := e : tau cmdDescribe extensions to the type system and inference rule(s) that would allow certification of assignment statements that include array elements (on the left- and/or right-hand side) involving a single subscript. So your extensions should handle assignments like:
v[i] := ... w := ... v[i] ...Note, if you introduce an additional new class of phrases (e.g., type "tau index") then be sure to give (1) the coercion properties of that phrase and (2) any additional rules required for reasoning about the new phrase type.