Summary: Secure Information Flow as a Safety Problem
and Alex Aiken2
EECS Department, University of California, Berkeley
Computer Science Department, Stanford University
Abstract. The termination insensitive secure information flow problem
can be reduced to solving a safety problem via a simple program transfor-
mation. Barthe, D'Argenio, and Rezk coined the term "self-composition"
to describe this reduction. This paper generalizes the self-compositional
approach with a form of information downgrading recently proposed
by Li and Zdancewic. We also identify a problem with applying the
self-compositional approach in practice, and we present a solution to
this problem that makes use of more traditional type-based approaches.
The result is a framework that combines the best of both worlds, i.e.,
better than traditional type-based approaches and better than the self-
A termination insensitive secure information flow problem can be defined as