VST-Flow: Fine-grained low-level reasoning about real-world C code

Abstract

We show how support for information-flow security proofs could be added on top of the Verified Software Toolchain (VST). We discuss several attempts to define information flow security in a VST-compatible way, and present a statement of information flow security in "continuation-passing" style. Moreover, we present Hoare rules augmented with information flow control assertions, and sketch how these rules could be proven sound with respect to the definition given before. We also discuss how this can be implemented in the Coq proof assistant, and how VST's proof automation framework (VST-Floyd) can be adapted to support convenient information flow security proofs.