Jif Logo

Jif: Java + information flow

Jif is a security-typed programming language that extends Java with support for information flow control and access control, enforced at both compile time and run time. The source code for the Jif compiler and run-time system is now available for download. Jif is written in Java and is built using the Polyglot extensible Java compiler framework.

    Documentation

Jif reference manual
Compiler API
Change log

Current developers

Stephen Chong
Andrew Myers
K. Vikram
Xin Zheng

Past contributors

Nate Nystrom
Lantian Zheng
Steve Zdancewic

Mailing lists

(Open subscription, low traffic.)
Jif users
Jif announcements

Jif web app systems

▸ SIF
▸ Swift

Selected Jif apps

▸ Civitas
▸ JPmail

Static information flow control can protect the confidentiality and integrity of information manipulated by computing systems. The compiler tracks the correspondence between information the policies that restrict its use, enforcing security properties end-to-end within the system. After checking information flow within Jif programs, the Jif compiler translates them to Java programs and uses an ordinary Java compiler to produce secure executable programs.

Jif extends Java by adding labels that express restrictions on how information may be used. For example, the following variable declaration declares not only that the variable x is an int, but also that the information in x is governed by a security policy: 

    int {Alice→Bob} x;

In this case, the security policy says that the information in x is controlled by the principal Alice, and that Alice permits this information to be seen by the principal Bob. The policy {Alice←Bob} means that information is owned by Alice, and that Alice permits it to be affected by Bob. Based on label annotations like these, the Jif compiler analyzes information flows within programs, to determines whether they enforce the confidentiality and integrity of information.

Other systems that provide related functionality are the Flow Caml and SPARK/Ada languages. Jif provides richer support for tying security requirements to programs, with important features like selective, robust downgrading, language-based access control, and dynamic labels and principals. These features are crucial for language-based reasoning about security in complex applications.

    Related group publications

  1. End-to-End Enforcement of Erasure and Declassification
    Proceedings of the IEEE Computer Security Foundations Symposium, pages 98–111, June 2008. Stephen Chong, Andrew C. Myers.
  2. Hyperproperties
    Proceedings of the IEEE Computer Security Foundations Symposium, pages 51–65, June 2008. Michael R. Clarkson, Fred B. Schneider.
  3. Securing Nonintrusive Web Encryption through Information Flow
    Proceedings of the 3rd ACM SIGPLAN Workshop on Programming Languages and Security, pages 125–134, June 2008. Lantian Zheng, Andrew C. Myers.
  4. Civitas: A Secure Voting System
    Proceedings of the 2008 IEEE Symposium on Security and Privacy, pages 354–368, Oakland, CA, May 2008. Michael R. Clarkson, Stephen Chong, Andrew C. Myers. [ Civitas web site ]
  5. Secure Web Applications via Automatic Partitioning
    Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP'07), pages 31–44, October 2007. Stephen Chong, Jed Liu, Andrew C. Myers, Xin Qi, K. Vikram, Lantian Zheng, Xin Zheng.
  6. SIF: Enforcing Confidentiality and Integrity in Web Applications
    Proceedings of USENIX Security Symposium 2007, pages 1–16, August 2007. Stephen Chong, K. Vikram, Andrew C. Myers.
  7. Dynamic Security Labels and Static Information Flow
    International Journal of Information Security, 6(2–3), March 2007. Springer. Lantian Zheng, Andrew C. Myers.
  8. Quantifying Information Flow with Beliefs
    Journal of Computer Security, to appear. Michael Clarkson, Andrew C. Myers, Fred B. Schneider.
  9. Enforcing Robust Declassification and Qualified Robustness
    Journal of Computer Security, 14(2):157–196, 2006. Andrew C. Myers, Andrei Sabelfeld, Steve Zdancewic.
  10. Information-Flow Security for Interactive Programs
    Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW'06), July 2006. Kevin R. O'Neill, Michael R. Clarkson, Stephen Chong.
  11. Decentralized Robustness
    Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW'06), July 2006. Stephen Chong, Andrew C. Myers.
  12. End-to-End Availability Policies and Noninterference
    Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW'05), pages 272–286, June 2005. Lantian Zheng, Andrew C. Myers.
  13. Belief in Information Flow
    Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW'05), pages 31–45, June 2005. Michael Clarkson, Andrew C. Myers, Fred B. Schneider.
  14. Language-Based Information Erasure
    Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW'05), pages 241–254, June 2005. Stephen Chong, Andrew C. Myers
  15. Security Policies for Downgrading
    Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS), pages 189–209, Washington, DC, USA, October 2004. Stephen Chong, Andrew C. Myers.
  16. Dynamic Security Labels and Noninterference
    Proceedings of the 2nd International Workshop on Formal Aspects in Security and Trust (FAST), Toulouse, France, August 2004. Lantian Zheng, Andrew C. Myers.
  17. Enforcing Robust Declassification
    Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW'04), Pacific Grove, California, June 2004, pages 172–186. Andrew C. Myers, Andrei Sabelfeld, Steve Zdancewic
  18. Owned Policies for Information Security
    Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW'04), Pacific Grove, California, June 2004. Hubie Chen, Stephen Chong.
  19. A Model for Delimited Release
    Proceedings of the 2003 International Symposium on Software Security. LNCS 3233, Springer-Verlag, 2004, pages 174–191. Andrei Sabelfeld, Andrew C. Myers.
  20. Observational Determinism for Concurrent Program Security
    Proceedings of the 16th IEEE Computer Security Foundations Workshop (CSFW'03), Pacific Grove, California, June 2003, 29–43. Steve Zdancewic, Andrew C. Myers
  21. Using Replication and Partitioning to Build Secure Distributed Systems
    IEEE Symposium on Security and Privacy, Oakland, California, May 2003, 236–250. Lantian Zheng, Stephen Chong, Andrew C. Myers, Steve Zdancewic.
  22. Language-Based Information-Flow Security
    IEEE Journal on Selected Areas in Communications 21(1), January 2003 (special issue on Design and Analysis Techniques for Security Assurance). Andrei Sabelfeld, Andrew C. Myers.
  23. Secure Program Partitioning
    ACM Transactions on Computing Systems (TOCS), 20(3):283–328, August 2002. Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, Andrew C. Myers. Earlier version available as Cornell University Computer Science Technical Report TR2001-1846, October 2001.
  24. Secure Information Flow and Linear Continuations
    Higher-Order and Symbolic Computation, 15(2–3):209–234, Sept. 2002. Steve Zdancewic, Andrew C. Myers.
  25. Untrusted Hosts and Confidentiality: Secure Program Partitioning
    ACM SIGOPS Operating Systems Review, Proceedings of the 18th ACM Symposium on Operating Systems Principles    , 35(5):1–14. Award Paper. Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, Andrew C. Myers.
  26. Robust Declassification
    Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW'01), pages 15–23, Cape Breton, Nova Scotia, Canada, June 2001. Steve Zdancewic, Andrew C. Myers.
  27. Secure Information Flow and CPS
    Proceedings of the 10th European Symposium on Programming, pages 46–61, Genova, Italy, April 2001. Steve Zdancewic, Andrew C. Myers.
  28. Protecting Privacy using the Decentralized Label Model
    ACM Transactions on Software Engineering and Methodology, 9(4):410–442, October 2000. Andrew C. Myers, Barbara Liskov
  29. Confidentiality and Integrity with Untrusted Hosts: Technical Report
    Cornell University Technical Report TR2000-1810, August 2000. Steve Zdancewic, Andrew C. Myers
  30. Practical Mostly-Static Information Flow Control
    Proceedings of the 26th ACM Symposium on Principles of Programming Languages (POPL), pages 228–241, San Antonio, Texas, January 1999. Andrew C. Myers.
  31. Complete, Safe Information Flow with Decentralized Labels.
    Proceedings of the 1998 IEEE Symposium on Security and Privacy, pages 186–197, Oakland, California, May 1998. Andrew C. Myers, Barbara Liskov.
  32. A Decentralized Model for Information Flow Control.
    Proceedings of the 16th ACM Symposium on Operating Systems Principles (SOSP), pages 129–142, Saint-Malo, France, October 1997. Andrew C. Myers, Barbara Liskov.

Other work based on Jif

  1. Jifclipse: development tools for security-typed languages
    2nd Workshop on Programming languages and Analysis for Security (PLAS), pages 1–10, June 2007. Boniface Hicks, Dave King, Patrick McDaniel.
  2. Understanding practical application development in security-typed languages.
    ACSAC 2006. Boniface Hicks, Kiyan Ahmadizadeh, Patrick McDaniel.
  3. Trusted declassification: high-level policy for a security-typed language.
    Programming Languages and Analysis for Security, 1st ACM SIGPLAN Workshop on (PLAS), pages 65–74, June 2006. Boniface Hicks, Dave King, Patrick McDaniel, Michael Hicks.
  4. Security-typed languages for implementation of cryptographic protocols: a case study.
    ESORICS 2005, pages 197–221, Sept. 2005. Aslan Askarov, Andrei Sabelfeld.
  5. Language-based enforcement of privacy policies.
    Privacy Enhancing Technologies, 4th International Workshop, pages 302–313, May 2004. Katia Hayati, Martin Abadi.

Support

The development and maintenance of Jif software has been supported by DARPA contracts F30602-98-1-0237 and F30602-99-1-0533, monitored by USAF Rome Laboratory, by ONR Grant N00014-01-1-0968, by NSF grants 0208642, 0430161, 0627649, and by NSF CAREER Award 0133302.