{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T01:10:20Z","timestamp":1760058620038,"version":"build-2065373602"},"reference-count":64,"publisher":"Association for Computing Machinery (ACM)","issue":"OOPSLA1","license":[{"start":{"date-parts":[[2025,4,9]],"date-time":"2025-04-09T00:00:00Z","timestamp":1744156800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"NSF","award":["CSR-2106117, SaTC-2348754"],"award-info":[{"award-number":["CSR-2106117, SaTC-2348754"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Program. Lang."],"published-print":{"date-parts":[[2025,4,9]]},"abstract":"<jats:p>Fine-grained information flow control (IFC) ensures confidentiality and integrity at the programming language\n \nlevel by ensuring that high-secrecy values do not affect low-secrecy values and that low-integrity values do\n \nnot affect high-integrity values. However, prior support for fine-grained IFC is impractical: It either analyzes\n \nprograms using whole-program static analysis, detecting false IFC violations; or it extends the language and\n \ncompiler, thwarting adoption. Recent work called Cocoon demonstrates how to provide fine-grained IFC for\n \nRust programs without modifying the language or compiler, but it is limited to static secrecy labels, and its case\n \nstudies are limited. This paper introduces an approach called Carapace that employs Cocoon\u2019s core approach\n \nand supports both static and dynamic IFC and supports both secrecy and integrity. We demonstrate Carapace\n \nusing three case studies involving real applications and comprehensive security policies. An evaluation\n \nshows that applications can be retrofitted to use Carapace with relatively few changes, while incurring\n \nnegligible run-time overhead in most cases. Carapace advances the state of the art by being the first hybrid\n \nstatic\u2013dynamic IFC that works with an off-the-shelf language\u2014Rust\u2014and its unmodified compiler<\/jats:p>","DOI":"10.1145\/3720427","type":"journal-article","created":{"date-parts":[[2025,4,9]],"date-time":"2025-04-09T13:48:26Z","timestamp":1744206506000},"page":"364-392","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Carapace: Static\u2013Dynamic Information Flow Control in Rust"],"prefix":"10.1145","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2373-7171","authenticated-orcid":false,"given":"Vincent","family":"Beardsley","sequence":"first","affiliation":[{"name":"Ohio State University, Columbus, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-3071-074X","authenticated-orcid":false,"given":"Chris","family":"Xiong","sequence":"additional","affiliation":[{"name":"Ohio State University, Columbus, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-9605-3999","authenticated-orcid":false,"given":"Ada","family":"Lamba","sequence":"additional","affiliation":[{"name":"Ohio State University, Columbus, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8971-4944","authenticated-orcid":false,"given":"Michael D.","family":"Bond","sequence":"additional","affiliation":[{"name":"Ohio State University, Columbus, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,4,9]]},"reference":[{"key":"e_1_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/292540.292555"},{"key":"e_1_2_2_2_1","unstructured":"Mufeez Amjad. 2024. Avail. https:\/\/github.com\/mufeez-amjad\/avail"},{"key":"e_1_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88313-5_22"},{"key":"e_1_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1554339.1554346"},{"key":"e_1_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1554339.1554353"},{"key":"e_1_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2103656.2103677"},{"key":"e_1_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3139645.3139660"},{"key":"e_1_2_2_8_1","volume-title":"Dominique Devriese, Frank Piessens, and Exequiel Rivas.","author":"Barthe Gilles","year":"2012","unstructured":"Gilles Barthe, Juan Manuel Crespo, Dominique Devriese, Frank Piessens, and Exequiel Rivas. 2012. Secure Multi-Execution through Static Program Transformation. In Formal Techniques for Distributed Systems, Holger Giese and Grigore Rosu (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 186\u2013202. isbn:978-3-642-30793-5"},{"key":"e_1_2_2_9_1","doi-asserted-by":"crossref","unstructured":"Iulia Bastys Maximilian Algehed Alexander Sj\u00f6sten and Andrei Sabelfeld. 2022. SecWasm: Information Flow Control for WebAssembly. In Static Analysis Gagandeep Singh and Caterina Urban (Eds.). Springer Nature Switzerland Cham. 74\u2013103. isbn:978-3-031-22308-2","DOI":"10.1007\/978-3-031-22308-2_5"},{"key":"e_1_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3720427"},{"key":"e_1_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.14915697"},{"volume-title":"Logic for Programming","author":"Bello Luciano","key":"e_1_2_2_12_1","unstructured":"Luciano Bello, Daniel Hedin, and Andrei Sabelfeld. 2015. Value Sensitivity and Observable Abstract Values for Information Flow Control. In Logic for Programming, Artificial Intelligence, and Reasoning, Martin Davis, Ansgar Fehnker, Annabelle McIver, and Andrei Voronkov (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 63\u201378. isbn:978-3-662-48899-7"},{"key":"e_1_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33167-1_4"},{"volume-title":"Unifying Facets of Information Integrity","author":"Birgisson Arnar","key":"e_1_2_2_14_1","unstructured":"Arnar Birgisson, Alejandro Russo, and Andrei Sabelfeld. 2010. Unifying Facets of Information Integrity. In Information Systems Security, Somesh Jha and Anish Mathuria (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 48\u201365. isbn:978-3-642-17714-9"},{"key":"e_1_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.37"},{"key":"e_1_2_2_16_1","doi-asserted-by":"publisher","unstructured":"Roderick Chapman and Adrian Hilton. 2004. Enforcing Security and Safety Models with an Information Flow Analysis Tool. In Proceedings of the 2004 Annual ACM SIGAda International Conference on Ada: The Engineering of Correct and Reliable Software for Real-Time & Distributed Systems Using Ada and Related Technologies (SIGAda \u201904). Association for Computing Machinery New York NY USA. 39\u201346. isbn:1581139063 https:\/\/doi.org\/10.1145\/1032297.1032305 10.1145\/1032297.1032305","DOI":"10.1145\/1032297.1032305"},{"key":"e_1_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3656442"},{"volume-title":"Expressive and Enforceable Information Security Policies. Ph. D. Dissertation","author":"Chong Stephen Nathaniel","key":"e_1_2_2_18_1","unstructured":"Stephen Nathaniel Chong. 2008. Expressive and Enforceable Information Security Policies. Ph. D. Dissertation. Cornell University. http:\/\/people.seas.harvard.edu\/~chong\/pubs\/chong_dissertation.pdf"},{"key":"e_1_2_2_19_1","volume-title":"Chrono: Timezone-aware date and time handling. https:\/\/crates.io\/crates\/chrono","author":"Chrono","year":"2024","unstructured":"Chrono developers. 2024. Chrono: Timezone-aware date and time handling. https:\/\/crates.io\/crates\/chrono"},{"key":"e_1_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542483"},{"key":"e_1_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.1987.10001"},{"key":"e_1_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3519939.3523445"},{"key":"e_1_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3694715.3695984"},{"key":"e_1_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.15"},{"key":"e_1_2_2_25_1","volume-title":"S\u00f8ren Eller Thomsen, and Aslan Askarov","author":"Gregersen Simon","year":"2019","unstructured":"Simon Gregersen, S\u00f8ren Eller Thomsen, and Aslan Askarov. 2019. A Dependently Typed Library for Static Information-Flow Control in Idris. In Principles of Security and Trust, Flemming Nielson and David Sands (Eds.). Springer International Publishing, Prague, Czech Republic. 51\u201375. isbn:978-3-030-17138-4"},{"key":"e_1_2_2_26_1","volume-title":"Proceedings IEEE International Symposium on Secure Software Engineering. IEEE","author":"Hammer Christian","year":"2006","unstructured":"Christian Hammer, Jens Krinke, and Gregor Snelting. 2006. Information Flow Control for Java Based on Path Conditions in Dependence Graphs. In Proceedings IEEE International Symposium on Secure Software Engineering. IEEE, Arlington, Virginia, USA."},{"key":"e_1_2_2_27_1","doi-asserted-by":"publisher","unstructured":"Daniel Hedin and Andrei Sabelfeld. 2012. A Perspective on Information-Flow Control. In Software Safety and Security - Tools for Analysis and Verification Tobias Nipkow Orna Grumberg and Benedikt Hauptmann (Eds.) (NATO Science for Peace and Security Series - D: Information and Communication Security Vol. 33). IOS Press Amsterdam. 319\u2013347. https:\/\/doi.org\/10.3233\/978-1-61499-028-4-319 10.3233\/978-1-61499-028-4-319","DOI":"10.3233\/978-1-61499-028-4-319"},{"volume-title":"Principles of Security and Trust","author":"Hedin Daniel","key":"e_1_2_2_28_1","unstructured":"Daniel Hedin, Alexander Sj\u00f6sten, Frank Piessens, and Andrei Sabelfeld. 2017. A Principled Approach to Tracking Information Flow in the Presence of Libraries. In Principles of Security and Trust, Matteo Maffei and Mark Ryan (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 49\u201370. isbn:978-3-662-54455-6"},{"volume-title":"Principles of Security and Trust","author":"Heule Stefan","key":"e_1_2_2_29_1","unstructured":"Stefan Heule, Deian Stefan, Edward Z. Yang, John C. Mitchell, and Alejandro Russo. 2015. IFC Inside: Retrofitting Languages with Dynamic Information Flow Control. In Principles of Security and Trust, Riccardo Focardi and Andrew Myers (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 11\u201331. isbn:978-3-662-46666-7"},{"volume-title":"Perspectives of Systems Informatics","author":"Jaskelioff Mauro","key":"e_1_2_2_30_1","unstructured":"Mauro Jaskelioff and Alejandro Russo. 2012. Secure Multi-execution in Haskell. In Perspectives of Systems Informatics, Edmund Clarke, Irina Virbitskaite, and Andrei Voronkov (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 170\u2013178. isbn:978-3-642-29709-0"},{"key":"e_1_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2541228.2555295"},{"key":"e_1_2_2_32_1","volume-title":"Implicit Flows: Can\u2019t Live with \u2019Em, Can\u2019t Live without \u2019Em","author":"King Dave","year":"2008","unstructured":"Dave King, Boniface Hicks, Michael W. Hicks, and Trent Jaeger. 2008. Implicit Flows: Can\u2019t Live with \u2019Em, Can\u2019t Live without \u2019Em. In ICISS. Springer-Verlag, Berlin, Heidelberg."},{"key":"e_1_2_2_33_1","volume-title":"Schneider","author":"Kozyri Elisavet","year":"2016","unstructured":"Elisavet Kozyri, Owen Arden, Andrew C. Myers, and Fred B. Schneider. 2016. JRIF: reactive information flow control for Java. Cornell University Computing and Information Science. https:\/\/ecommons.cornell.edu\/handle\/1813\/41194"},{"key":"e_1_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294293"},{"key":"e_1_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3649817"},{"key":"e_1_2_2_36_1","unstructured":"Ada Lamba Max Taylor Vincent Beardsley Jacob Bambeck Michael D. Bond and Zhiqiang Lin. 2024. Implementation of Cocoon cocoon. https:\/\/github.com\/PLaSSticity\/Cocoon-implementation"},{"key":"e_1_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/362375.362389"},{"key":"e_1_2_2_38_1","unstructured":"Linux Foundation. 2023. Servo. https:\/\/servo.org"},{"volume-title":"Security and Privacy \u2013 Silver Linings in the Cloud","author":"Magazinius Jonas","key":"e_1_2_2_39_1","unstructured":"Jonas Magazinius, Alejandro Russo, and Andrei Sabelfeld. 2010. On-the-fly Inlining of Dynamic Security Monitors. In Security and Privacy \u2013 Silver Linings in the Cloud, Kai Rannenberg, Vijay Varadharajan, and Christian Weber (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 173\u2013186. isbn:978-3-642-15257-3"},{"key":"e_1_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1852666.1852738"},{"key":"e_1_2_2_41_1","volume-title":"Information Integrity Policies. In Workshop on Formal Aspects in Security & Trust (FAST).","author":"Yun Mao Peng Li","year":"2003","unstructured":"Peng Li Yun Mao and Steve Zdancewic. 2003. Information Integrity Policies. In Workshop on Formal Aspects in Security & Trust (FAST)."},{"key":"e_1_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/292540.292561"},{"key":"e_1_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/268998.266669"},{"key":"e_1_2_2_44_1","unstructured":"Andrew C. Myers Lantian Zheng Steve Zdancewic Stephen Chong and Nathaniel Nystrom. 2006. Jif 3.0: Java information flow. http:\/\/www.cs.cornell.edu\/jif"},{"key":"e_1_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.5555\/3489212.3489252"},{"key":"e_1_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48092-7_6"},{"key":"e_1_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2638548"},{"volume-title":"Making Computers Keep Secrets. Ph. D. Dissertation","author":"Rotenberg Leo J.","key":"e_1_2_2_48_1","unstructured":"Leo J. Rotenberg. 1973. Making Computers Keep Secrets. Ph. D. Dissertation. Massachusetts Institute of Technology. Boston, MA."},{"key":"e_1_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542484"},{"key":"e_1_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2784731.2784756"},{"key":"e_1_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2010.20"},{"key":"e_1_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04444-1_6"},{"key":"e_1_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2002.806121"},{"volume-title":"Perspectives of Systems Informatics","author":"Sabelfeld Andrei","key":"e_1_2_2_54_1","unstructured":"Andrei Sabelfeld and Alejandro Russo. 2010. From Dynamic to Static and Back: Riding the Roller Coaster of Information-Flow Control Research. In Perspectives of Systems Informatics, Amir Pnueli, Irina Virbitskaite, and Andrei Voronkov (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 352\u2013365. isbn:978-3-642-11486-1"},{"volume-title":"The Flow Caml System: documentation and user\u2019s manual","author":"Simonet Vincent","key":"e_1_2_2_55_1","unstructured":"Vincent Simonet. 2003. The Flow Caml System: documentation and user\u2019s manual. Institut National de Recherche en Informatique et en Automatique (INRIA). \u00a9 INRIA"},{"key":"e_1_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/268946.268975"},{"key":"e_1_2_2_57_1","unstructured":"Softbear Games. 2024. Mk48.io. https:\/\/github.com\/SoftbearStudios\/mk48"},{"key":"e_1_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/2034675.2034688"},{"key":"e_1_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45744-4_27"},{"key":"e_1_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290389"},{"key":"e_1_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.5555\/353629.353648"},{"key":"e_1_2_2_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00002"},{"key":"e_1_2_2_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/2245276.2231983"},{"key":"e_1_2_2_64_1","volume-title":"Myers","author":"Zheng Lantian","year":"2005","unstructured":"Lantian Zheng and Andrew C. Myers. 2005. Dynamic Security Labels and Noninterference (Extended Abstract). In Formal Aspects in Security and Trust, Theo Dimitrakos and Fabio Martinelli (Eds.). Springer US, Boston, MA. 27\u201340. isbn:978-0-387-24098-5"}],"container-title":["Proceedings of the ACM on Programming Languages"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3720427","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3720427","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T17:15:28Z","timestamp":1760030128000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3720427"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,9]]},"references-count":64,"journal-issue":{"issue":"OOPSLA1","published-print":{"date-parts":[[2025,4,9]]}},"alternative-id":["10.1145\/3720427"],"URL":"https:\/\/doi.org\/10.1145\/3720427","relation":{},"ISSN":["2475-1421"],"issn-type":[{"type":"electronic","value":"2475-1421"}],"subject":[],"published":{"date-parts":[[2025,4,9]]},"assertion":[{"value":"2024-10-16","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-02-18","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-04-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}