We present Clio, an information flow control (IFC) system that transparentlyincorporates cryptography to enforce confidentiality and integrity policies onuntrusted storage. Clio insulates developers from explicitly manipulating keysand cryptographic primitives by leveraging the policy language of the IFCsystem to automatically use the appropriate keys and correct cryptographicoperations. We prove that Clio is secure with a novel proof technique that isbased on a proof style from cryptography together with standard programminglanguages results. We present a prototype Clio implementation and a case studythat demonstrates Clio's practicality.
展开▼